You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-user@ws.apache.org by Ke...@firstdatacorp.com on 2002/04/10 21:35:49 UTC
How To Registering My Own Cert TrustManager for SOAP Call
How do I register my own X509TrustManager so that I can programmatically
check the server cert in isServerTrusted() method for a SOAP call using
apache SOAP 2.2.
(My server has a self-signed cert)
When I code the following, https POSTS to the server, such as
"https://localhost:8080/TestServlet", work fine because I registered the
trust manager and it stops at my breakpoint in isServerTrusted()
// start code example
class AnyHostnameVerifier implements HostnameVerifier {
public boolean verify(
java.lang.String urlHostname,
java.lang.String certHostname) {
return true;
}
}
class AnyX509TrustManager implements X509TrustManager {
public boolean isClientTrusted(java.security.cert.X509Certificate[]
chain) {
return true;
}
public boolean isServerTrusted(java.security.cert.X509Certificate[]
chain) {
return true;
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
X509TrustManager tm = new AnyX509TrustManager();
HostnameVerifier hm = new AnyHostnameVerifier();
KeyManager[] km = null;
TrustManager[] tma = { tm };
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(km, tma, new java.security.SecureRandom());
SSLSocketFactory sf1 = sc.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sf1);
HttpsURLConnection.setDefaultHostnameVerifier(hm);
// end code example
BUT WHEN MAKING THE FOLLOWING SOAP CALL...
// start code example
String targetObjectURI = "http://tempuri.org/Service";
call.setMethodName("getName");
call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);
call.setTargetObjectURI(targetObjectURI);
call.setParams(new Vector());
call.invoke( new URL("
https://localhost:8443/logon-example/servlet/rpcrouter"), "");
// end code example
IT FAILS WITH
main, SEND SSL v3.1 ALERT: fatal, description = certificate_unknown
main, WRITE: SSL v3.1 Alert, length = 2
org.apache.soap.SOAPException, Error opening socket: null
AND THE BREAKPOINT IS NEVER REACHED IN MY REGISTERED TRUST-MANAGER