Configure SSL Support for Apache CXF Client inside an idempiere plugin

[Andrea]

Hello to all

within a plug-in of  IDempiere  we have created a client in apache CXF for integration with a web service. This Web Service is in https and requires an SSL certificate for access. The certificate we have is in "P12" format.

The problem is we can't set it up.

Initially we tried to insert it in the cacert file inside the Java 'jre' but it was not conclusive, we continue to have a 401 error.

So I tried to configure it using this guide.

https://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport(includingSSLsupport)-ConfiguringSSLSupport

and taking the code of this github as an example

https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples/wsdl_first_https/

I then inserted the p12 file into the project and the secureClient.xml configuration file

Then, on the java side, I inserted this code inside the plugin where I inserted the cxf client.

  SpringBusFactory bf = new SpringBusFactory ();

       busFile = Client.class.getResource ("/SecureClient.xml");

        Bus bus = bf.createBus (busFile.toString ());

        BusFactory.setDefaultBus (bus);

Unfortunately, it doesn't work and I get this error back.

 Initial attempt to create application context was unsuccessful.

org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from class path resource [META-INF/cxf/cxf.xml];

 nested exception is java.io.FileNotFoundException: class path resource [META-INF/cxf/cxf.xml] cannot be opened because it does not exist at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:341)

It seems that the configuration file I'm giving it is not being taken into, but it looks for a default one inside the META-INF / cxf / cxf.file

I tried to insert the file in several places following this path but nothing to do ..

Do you have any other ideas about it?

Do you think this configuration should be done at the plugin level or do I have to configure the entire idempiere server with these xml configuration files?

Have you ever configured an ssl certificate for a client in idempiere?

Thanks so much to anyone who will take the time for me for this problem.

[philba...@gmail.com]

Hey Andrea,

I have just run into a similar problem with an embedded Jetty server in one of my plugins. I can't get the certificate to load from the paths I'm trying.

I have code like this:

  SslContextFactory sslContextFactory = new SslContextFactory();
             
ClassLoader classLoader = GoogleOauthServer.class.getClassLoader();
System.out.println(" Path: \""+classLoader.getResource(".")+"\"");
System.out.println(" Path: \""+GoogleOauthServer.class.getResource(".")+"\"");
URL keyStorePath = GoogleOauthServer.class.getResource(".");

sslContextFactory.setKeyStorePath(GoogleOauthServer.class.getResource(
"/keystore.jks").toExternalForm());
sslContextFactory.setKeyStorePassword("123456");//hardcoded self signed certificate passwords

sslContextFactory.setKeyManagerPassword("123456");//hardcoded self signed certificate passwords

So you can see I tried to uncover what the paths that are found by 'ClassLoader' and Class.class.gaetResource.

This is what I found:

ClassLoader classLoader = GoogleOauthServer.class.getClassLoader(); System.out.println(" Path: \""+classLoader.getResource(".")+"\""); PRINTS  Path: "bundleresource://3.fwk224192895/./"

System.out.println(" Path: \""+GoogleOauthServer.class.getResource(".")+"\""); PRINTS  Path: "bundleresource://3.fwk224192895/au/blindmot/BMGoogleOauth/./"

So seeing what the actual paths look like is a step in solving this; I am yet to fix the apparent issue with '/./' appended to the path. I'll put some more time into this soon.

Please post if you solve your issue!

[Andrea]

this is my solution

SimogWSPDDService simog = new SimogWSPDDService();

JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();

factory.getClientFactoryBean().getServiceFactory().setWsdlURL(simog.WSDL_LOCATION);

factory.setServiceName(simog.SERVICE);

factory.setEndpointName(simog.SimogWSPDDPort);

SimogWSPDD simogWSPDDClient = factory.create(SimogWSPDD.class);

org.apache.cxf.endpoint.Client client = ClientProxy.getClient(simogWSPDDClient);

HTTPConduit http = (HTTPConduit) client.getConduit();

HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();

TLSClientParameters tlsCP = new TLSClientParameters();

String keyPassword = "cbeu98whfew89";

KeyStore keyStore = KeyStore.getInstance("PKCS12");

File keyStoreFile = new File("CertificatoP12.pfx");

FileUtils.copyInputStreamToFile(FincmSimogUtil.class.getResourceAsStream("CertificatoP12.pfx"),

keyStoreFile);

keyStore.load(new FileInputStream(keyStoreFile), keyPassword.toCharArray());

KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);

tlsCP.setKeyManagers(myKeyManagers);

KeyStore trustStore = KeyStore.getInstance("JKS");

File trustStoreFile = new File("mykeystore.jks");

FileUtils.copyInputStreamToFile(FincmSimogUtil.class.getResourceAsStream("mykeystore.jks"),

trustStoreFile);

trustStore.load(new FileInputStream(trustStoreFile), "passwordkeystore".toCharArray());

TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);

tlsCP.setTrustManagers(myTrustStoreKeyManagers);

http.setTlsClientParameters(tlsCP);

httpClientPolicy.setConnectionTimeout(36000);

httpClientPolicy.setAllowChunking(false);

httpClientPolicy.setReceiveTimeout(32000);

http.setClient(httpClientPolicy);

simogWsPortWrapper = FinloExtAppsSimogWsPortWrapper.create(simogWSPDDClient, logHandler);