You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by "Khare, Aparna" <ap...@sap.com> on 2015/02/17 13:22:52 UTC

Implement trust all using apache cxf

Dear Colleagues,

  I'm trying to implement trust all using apach cxf

Created DefaultTrustManager class
 @Override
  public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    return null;
  }

  @Override
  public void checkClientTrusted(final java.security.cert.X509Certificate[] certs,
      final String authType) {
  }

  @Override
  public void checkServerTrusted(final java.security.cert.X509Certificate[] certs,
      final String authType) {
  }

I have created this class implementing the x509trust manager

And then I call the trust manager using below code

TLSClientParameters tlsParams = new TLSClientParameters();
    TrustManager[] trustAllCerts = new TrustManager[] { new DefaultTrustManager() };
    tlsParams.setTrustManagers(trustAllCerts);
    tlsParams.setDisableCNCheck(true);
    conduit.setTlsClientParameters(tlsParams);

still I get certificate validation failed.

Can someone is I have missed something

Thanks,
Aparna

Re: Implement trust all using apache cxf

Posted by Colm O hEigeartaigh <co...@apache.org>.

This scenario works for me in CXF (at least 3.0.x). I've added a test here:

https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=commit;h=0b81bdec

Could the problem be that the service requires client authentication? In
this case you must have a keystore with a trusted certificate on the client
side.

Colm.

On Tue, Feb 17, 2015 at 12:22 PM, Khare, Aparna <ap...@sap.com>
wrote:

> Dear Colleagues,
>
>   I'm trying to implement trust all using apach cxf
>
> Created DefaultTrustManager class
>  @Override
>   public java.security.cert.X509Certificate[] getAcceptedIssuers() {
>     return null;
>   }
>
>   @Override
>   public void checkClientTrusted(final
> java.security.cert.X509Certificate[] certs,
>       final String authType) {
>   }
>
>   @Override
>   public void checkServerTrusted(final
> java.security.cert.X509Certificate[] certs,
>       final String authType) {
>   }
>
> I have created this class implementing the x509trust manager
>
> And then I call the trust manager using below code
>
> TLSClientParameters tlsParams = new TLSClientParameters();
>     TrustManager[] trustAllCerts = new TrustManager[] { new
> DefaultTrustManager() };
>     tlsParams.setTrustManagers(trustAllCerts);
>     tlsParams.setDisableCNCheck(true);
>     conduit.setTlsClientParameters(tlsParams);
>
> still I get certificate validation failed.
>
> Can someone is I have missed something
>
> Thanks,
> Aparna
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com