AXIS web service not using defined Truststore on Weblogic server

0
votes

I am working on AXIS based web service where the service provider has implemented 1 way TLS. In order to consume this service, I have provided keystore and truststore properties in weblogic startup script using javax.net.ssl.keyStore or javax.net.ssl.trustStore.

When we are running the test, we are getting below exception:

Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: IBMJSSE2, class: com.ibm.jsse2.ec) at java.security.Provider$Service.newInstance(Provider.java:1271) at sun.security.jca.GetInstance.getInstance(GetInstance.java:249) at sun.security.jca.GetInstance.getInstance(GetInstance.java:177) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:26) at javax.net.ssl.SSLContext.getDefault(SSLContext.java:9) at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:23) at org.apache.axis.components.net.JSSESocketFactory.initFactory(JSSESocketFactory.java:87) at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:105) ... 22 more

Caused by: java.lang.Exception: Truststore file does not exist: /home/apps/weblogic/.keystore at com.ibm.jsse2.rc.a(rc.java:38) at com.ibm.jsse2.ec.f(ec.java:19) at com.ibm.jsse2.ec.<init>(ec.java:21) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:86) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:58) at java.lang.reflect.Constructor.newInstance(Constructor.java:542) at java.security.Provider$Service.newInstance(Provider.java:1252) ... 29 more

I am not even sure from where it is picking the /home/apps/weblogic/.keystore location even after setting up the keystore/truststore properties.

When I checked the AXIS JAR file, i saw that in org.apache.axis.components.net.SunJSSESocketFactory class we have below default property for truststore:

static boolean defaultClientAuth = false; private boolean clientAuth = false; static String defaultKeystoreFile = System.getProperty("user.home") + "/.keystore"; static String defaultKeyPass = "changeit";

Can anyone explain why AXIS API is using this default keystore instead of the one provided in command line argument.

1
javasslweblogicaxiskeystore

1 Answers

0
votes

I found the root cause of this problem and its not AXIS at all. The problem was in iControl.Interface class used for f5 Big-IP communications. In the constructors of this class, trust store system property has been overwritten by below line: System.setProperty("javax.net.ssl.trustStore", System.getProperty("user.home") + "/.keystore");

This doesn't look for trust store in the location set in the weblogic startup script instead it looks for .keystore file in user.home.

We can either modify the iControl JAR to remove this hard coded value or upgrade it to 11.5 version.

Other workaround are to set the truststore property again after calling the constructor of iControl.Interfaces class.

You can also initialize the deafult SSL context before calling the iControl.Interfaces constructor which will load the SSL context using the properties mentioned in the weblogic startup script.