You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by "Bc. Jiří Mikulášek" <ji...@aura.cz> on 2007/12/13 16:12:33 UTC

My own TrustManager

Hi all,
I need to add some spicific features to my SSL communictaion - so basically I 
would like to implement my own TrustManager.

But when using CXF the code suplying TrustManagers is not under my control. Is 
there any way how to do it ofr CXF?

thanks for any hints
-- 
Jiri Mikulasek
---------------------------------
Developer

AURA, s.r.o.
Uvoz 499/56; 602 00 Brno
ISO 9001 certified company
AQAP 2110 (ČOS 051622)
tel./fax: +420 544 508 115
e-mail:  mikulasek@aura.cz
http://www.aura.cz
---------------------------------

Re: My own TrustManager

Posted by Fred Dushin <fr...@dushin.net>.

I'm pretty sure we won't be able to do this declaratively, at least  
in the current code.

You should have some avenues for doing this programmatically,  
however.  On the client side, see the HTTPConduitTest [1] in the CXF  
systests.

I'm a bit less certain about the server side, though it should be  
possible (this was an initial design requirement).  If you can get  
your hands on the Destination, you can downcast it to a  
JettyHTTPDestination, and from there you should be able to get the  
JettyHTTPServerEngine, on which you can set a collection of TLS  
parameters.

There are some caveats, of course.  For one, you probably need to do  
this before publishing the endpoint -- you can't change TLS  
parameters on an already-open socket.  Also, these are all internal  
types, which require a lot of casts down to implementation-specific  
types.  So you have no guarantee that these types will be supported  
across changes to CXF.  And this stuff is only relevant to using the  
Jetty HTTP stack on the server side.  YMMV with the servlet stack, or  
anything else that comes down the pipe.

Hope that helps.  Let us know if this works.  If it does, feel free  
to contribute a test!

Thanks,
-Fred

[1] https://svn.apache.org/repos/asf/incubator/cxf/trunk/systests/src/ 
test/java/org/apache/cxf/systest/http/HTTPConduitTest.java

On Dec 13, 2007, at 10:12 AM, Bc. Jiří Mikulášek wrote:

> Hi all,
> I need to add some spicific features to my SSL communictaion - so  
> basically I
> would like to implement my own TrustManager.
>
> But when using CXF the code suplying TrustManagers is not under my  
> control. Is
> there any way how to do it ofr CXF?
>
> thanks for any hints
> -- 
> Jiri Mikulasek
> ---------------------------------
> Developer
>
> AURA, s.r.o.
> Uvoz 499/56; 602 00 Brno
> ISO 9001 certified company
> AQAP 2110 (ČOS 051622)
> tel./fax: +420 544 508 115
> e-mail:  mikulasek@aura.cz
> http://www.aura.cz
> ---------------------------------
>