You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-user@ws.apache.org by Cedric Bompart <ce...@morse.com> on 2001/05/21 12:02:10 UTC

SSL - trust manager on the client side

Hi,

Here is something that maybe useful for someone else...

I set up the SSL certification on the server side (one way of
authentication), I generated the certificate by myself so it's not a true
valid certificate.
On the client side, I received an 'untrusted server chain' exception so here
is the little hack on the SSLUtils class:

public class SSLUtils {

	/** This method builds an SSL socket, after auto-starting SSL */
	public static Socket buildSSLSocket(String host, int port)
		throws IOException, UnknownHostException
	{

	    Security.addProvider(
		new com.sun.net.ssl.internal.ssl.Provider());

                /* custom SSL socket factory */
               X509TrustManager tm = new MyX509TrustManager();
               KeyManager []km = null;
               TrustManager []tma = {tm};
               SSLContext sc = null;
               try {
                   sc = SSLContext.getInstance("SSL");
                   sc.init(km,tma,new java.security.SecureRandom());
               } catch (Exception ex) {}
               
              SSLSocketFactory factory = sc.getSocketFactory();
 	  
	  SSLSocket sslSocket =
		(SSLSocket)factory.createSocket(host, port);

	  sslSocket.startHandshake();

	  return  sslSocket;
         }
}

class MyX509TrustManager implements X509TrustManager {

    public boolean isClientTrusted(java.security.cert.X509Certificate[]
chain) {
        return true;
    }

    public boolean isServerTrusted(java.security.cert.X509Certificate[]
chain) {
        return true;
    }

    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}


The only thing you need to specify on the soap client is the HTTPS protocol
for the java.util.URL object. no more crappy keystore/truststore
properties... :-)

Any comments?
Ced.

--
Cedric Bompart, Internet Developer, Morse Hughes Rae
tel: 01332 826110   mobile: 07931 536934   switchboard: 01332 826000
email: c.bompart@hughesrae.co.uk

This email and any attachments are confidential and are intended only for
the addressee. If you are not the intended recipient of this email and have
received it in error, please notify the sender immediately by reply email
and then delete it from your system.


---------------------------------------------------------------------
To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
For additional commands, email: soap-user-help@xml.apache.org