You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-user@ws.apache.org by Ke...@firstdatacorp.com on 2002/04/10 21:35:49 UTC

How To Registering My Own Cert TrustManager for SOAP Call

How do I register my own X509TrustManager so that I can programmatically
check the server cert in isServerTrusted() method for a SOAP call using
apache SOAP 2.2.
(My server has a self-signed cert)

When I code the following, https POSTS to the server, such as
"https://localhost:8080/TestServlet", work fine because I registered the
trust manager and it stops at my breakpoint in isServerTrusted()

// start code example

   class AnyHostnameVerifier implements HostnameVerifier {
      public boolean verify(
            java.lang.String urlHostname,
            java.lang.String certHostname) {
            return true;
      }
   }

   class AnyX509TrustManager implements X509TrustManager {
      public boolean isClientTrusted(java.security.cert.X509Certificate[]
chain) {
            return true;
      }
      public boolean isServerTrusted(java.security.cert.X509Certificate[]
chain) {
            return true;
      }
      public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
      }
   }

   System.setProperty("java.protocol.handler.pkgs",
      "com.sun.net.ssl.internal.www.protocol");
   Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

   X509TrustManager tm = new AnyX509TrustManager();
   HostnameVerifier hm = new AnyHostnameVerifier();
   KeyManager[] km = null;
   TrustManager[] tma = { tm };
   SSLContext sc = SSLContext.getInstance("SSL");
   sc.init(km, tma, new java.security.SecureRandom());
   SSLSocketFactory sf1 = sc.getSocketFactory();

   HttpsURLConnection.setDefaultSSLSocketFactory(sf1);
   HttpsURLConnection.setDefaultHostnameVerifier(hm);

// end code example

BUT WHEN MAKING THE FOLLOWING SOAP CALL...

// start code example

   String targetObjectURI = "http://tempuri.org/Service";
   call.setMethodName("getName");
   call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);
   call.setTargetObjectURI(targetObjectURI);
   call.setParams(new Vector());
   call.invoke( new URL("
https://localhost:8443/logon-example/servlet/rpcrouter"), "");

// end code example

IT FAILS WITH

main, SEND SSL v3.1 ALERT:  fatal, description = certificate_unknown
main, WRITE:  SSL v3.1 Alert, length = 2
org.apache.soap.SOAPException, Error opening socket: null

AND THE BREAKPOINT IS NEVER REACHED IN MY REGISTERED TRUST-MANAGER