You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Michael Davis (JIRA)" <ji...@apache.org> on 2007/07/11 17:09:06 UTC
[jira] Created: (AXIS2-2944) Allow https connection without a
keystore
Allow https connection without a keystore
-----------------------------------------
Key: AXIS2-2944
URL: https://issues.apache.org/jira/browse/AXIS2-2944
Project: Axis 2.0 (Axis2)
Issue Type: New Feature
Components: transports
Affects Versions: 1.2
Reporter: Michael Davis
Priority: Minor
Normally when we connect over https, if the server sends us a certificate that is not well known, we have to specify a keystore using system properties:
System.setProperty("javax.net.ssl.trustStore","path to keystore" );
System.setProperty("javax.net.ssl.trustStorePassword","apache");
We should allow clients to either provide a certificate by some other means, such as hard-coding the bytes, or allow the client to disregard the certificate and trust the server. This is because clients are sometimes deployed on systems where the developers have no access to the file system and therefore cannot configure the keystores.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
[jira] Commented: (AXIS2-2944) Allow https connection without a
keystore
Posted by "gerhard presser (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-2944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12793559#action_12793559 ]
gerhard presser commented on AXIS2-2944:
----------------------------------------
public class TrustAllTrustManager implements X509TrustManager {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs,
String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs,
String authType) {
}
}
public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
SSLContext ctx;
public SSLProtocolSocketFactory(SSLContext ctx) {
this.ctx = ctx;
}
public Socket createSocket(final String host, final int port, final InetAddress localAddress, final int localPort, final HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException {
if (params == null) {
throw new IllegalArgumentException("Parameters may not be null");
}
int timeout = params.getConnectionTimeout();
SocketFactory socketfactory = ctx.getSocketFactory();
if (timeout == 0) {
return socketfactory.createSocket(host, port, localAddress, localPort);
} else {
Socket socket = socketfactory.createSocket();
SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
SocketAddress remoteaddr = new InetSocketAddress(host, port);
socket.bind(localaddr);
socket.connect(remoteaddr, timeout);
return socket;
}
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
*/
public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException {
return ctx.getSocketFactory().createSocket(host, port, clientHost, clientPort);
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
*/
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
return ctx.getSocketFactory().createSocket(host, port);
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
*/
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
return ctx.getSocketFactory().createSocket(socket, host, port, autoClose);
}
}
SSLContext sslCtx = SSLContext.getInstance("
sslCtx.init(null, new TrustManager[] {new TrustAllTrustManager()}, null);
aklauth._getServiceClient().getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER, new Protocol("https",(ProtocolSocketFactory)new SSLProtocolSocketFactory(sslCtx),443));
> Allow https connection without a keystore
> -----------------------------------------
>
> Key: AXIS2-2944
> URL: https://issues.apache.org/jira/browse/AXIS2-2944
> Project: Axis2
> Issue Type: New Feature
> Components: transports
> Affects Versions: 1.2
> Reporter: Michael Davis
> Assignee: Saminda Wishwajith Abeyruwan
> Priority: Minor
>
> Normally when we connect over https, if the server sends us a certificate that is not well known, we have to specify a keystore using system properties:
> System.setProperty("javax.net.ssl.trustStore","path to keystore" );
> System.setProperty("javax.net.ssl.trustStorePassword","apache");
> We should allow clients to either provide a certificate by some other means, such as hard-coding the bytes, or allow the client to disregard the certificate and trust the server. This is because clients are sometimes deployed on systems where the developers have no access to the file system and therefore cannot configure the keystores.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (AXIS2-2944) Allow https connection without a
keystore
Posted by "Deepal Jayasinghe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-2944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Deepal Jayasinghe reassigned AXIS2-2944:
----------------------------------------
Assignee: Saminda Wishwajith Abeyruwan
> Allow https connection without a keystore
> -----------------------------------------
>
> Key: AXIS2-2944
> URL: https://issues.apache.org/jira/browse/AXIS2-2944
> Project: Axis 2.0 (Axis2)
> Issue Type: New Feature
> Components: transports
> Affects Versions: 1.2
> Reporter: Michael Davis
> Assignee: Saminda Wishwajith Abeyruwan
> Priority: Minor
>
> Normally when we connect over https, if the server sends us a certificate that is not well known, we have to specify a keystore using system properties:
> System.setProperty("javax.net.ssl.trustStore","path to keystore" );
> System.setProperty("javax.net.ssl.trustStorePassword","apache");
> We should allow clients to either provide a certificate by some other means, such as hard-coding the bytes, or allow the client to disregard the certificate and trust the server. This is because clients are sometimes deployed on systems where the developers have no access to the file system and therefore cannot configure the keystores.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org