search

quarkiverse / quarkus-cxf

Quarkus CXF Extension to support SOAP based web services.
Apache License 2.0
72 stars 57 forks source link

Make mutual TLS (mTLS) authentication configurable via application.properties #1249

Closed marcozanghi closed 5 months ago

marcozanghi commented 5 months ago

I have to create a soap client with mutual TLS authentication. When I set up the SSLContext, by using a keystore and a truststore as needed, I see an error when the client tries to connect with the server. I think the problem is that client-side, in the HTTPConduitConfigurer I am setting 

SSLContext sslContext = SSLContext.getInstance(SSL);
        sslContext.init(kmf != null ? kmf.getKeyManagers() : null, tmf != null ? tmf.getTrustManagers() : null,
                new SecureRandom());
tlsClientParameters.setSslContext(sslContext);

and not directly:

tlsClientParameters.setKeyManagers(kmf.getKeyManagers());
 tlsClientParameters.setTrustManagers(tmf.getTrustManagers());

You can find a client and server reproducer here: https://bitbucket.org/MZ-RZ/soap-server/ https://bitbucket.org/MZ-RZ/soap-client/

cc: @ppalaga

shumonsharif commented 5 months ago

@marcozanghi I took a brief look at your reproducer. For mutual TLS, Using TLS instead of SSL is more appropriate (see below) for obtaining the SSLContext, and resolves the exceptions.

SSLContext sslContext = SSLContext.getInstance("TLS");

cc: @ppalaga