Our company is required to use SmartCard technology to communicate with our systems. I am attempting to provide a custom SSLContext in an Event script (RequestFilter.filterRequest) using a custom Java library. The SSLContext is good, as I have used it in another Java application that I have written, and I have logged some of its content, and it is configured correctly; however, the certificate select swing dialog (in my custom library) doesn't pop up and no client cert is passed to the server. It's like I haven't really replaced the default SSLContext.
I need to use the Windows-MY and Windows-ROOT keystores. The user also needs to be able to select a certificate, and unfortunately that piece isn't working when used in ReadyAPI either. For the client cert selection I override the chooseClientAlias in a custom X509KeyManager, which clearly isn't working. I am not familiar with apache HttpClient libraries. Do I need to convert to their X509KeyManager, etc. for it to work?
Unfortunately, we are forced to use Ready! API 1.2.2 until we get authorization to install the newest version. I also noticed that version 1.2.2 uses deprecated classes and methods in the apache http client libraries. Would that have something to do with it?
Here is my script. I can't show you my MySSLContext source, but it does work just fine in another application (sorry it is so ugly, it won't let me post with a pretty format):
HttpClient httpclient = new DefaultHttpClient(); ClientConnectionManager ccm = httpclient.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
// getSSLContext takes, trust manager factory, trustStore, keyStore, custom HostNameVerifier, algorithm, and "SSL" or
SSLContext ctx = MySSLContext.getSSLContext(MySSLContext .getTrustManagerFactory(MySSLContext.getWindowsROOT()),MySSLContext.getWindowsROOT(), MySSLContext.getWindowsMY(), new SSLHostnameVerifier(), "SunX509", "SSL");
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
sr.register( new Scheme( "http", 80, PlainSocketFactory.socketFactory ) );
sr.register( new Scheme( "https", 443, ssf) );
I just attempted a web service call running the groovy script above (with the added WS call), and there is definitely a disconnect regarding the socket factory. When I declare a new apache SSLSocketFactory, it is compatible with Scheme but does not work. However, when I call one of our web services through another library of mine using the ctx.socketFactory (the SSLContext I created in the previous script), I get prompted for the cert and the service is called just fine, all from groovy. Unfortunately, Sun's SSLSocketFactory is not compatible with Apache's Scheme constructor. I am going to have to figure out how to create the SSLContext with an Apache SSLSocketFactory in my custom library.
I am lost on this. I have been looking through the JavaDocs and I see nothing that will allow me to inject a custom SSLContext, or SSLSocketConnectionFactory, or even an HttpClient.
I received a reply from one of the engineers at SmartBear. If you google "SoapUI SSL Workaround" you will get this plugin project: https://github.com/joeljons/soapui-ssl-workaround-plugin
I am going to try this idea today.