[
https://issues.apache.org/jira/browse/AXIS2-2944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12793559#action_12793559
]
gerhard presser commented on AXIS2-2944:
----------------------------------------
public class TrustAllTrustManager implements X509TrustManager {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs,
String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs,
String authType) {
}
}
public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
SSLContext ctx;
public SSLProtocolSocketFactory(SSLContext ctx) {
this.ctx = ctx;
}
public Socket createSocket(final String host, final int port, final
InetAddress localAddress, final int localPort, final HttpConnectionParams
params) throws IOException, UnknownHostException, ConnectTimeoutException {
if (params == null) {
throw new IllegalArgumentException("Parameters may not
be null");
}
int timeout = params.getConnectionTimeout();
SocketFactory socketfactory = ctx.getSocketFactory();
if (timeout == 0) {
return socketfactory.createSocket(host, port,
localAddress, localPort);
} else {
Socket socket = socketfactory.createSocket();
SocketAddress localaddr = new
InetSocketAddress(localAddress, localPort);
SocketAddress remoteaddr = new InetSocketAddress(host,
port);
socket.bind(localaddr);
socket.connect(remoteaddr, timeout);
return socket;
}
}
/**
* @see
SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
*/
public Socket createSocket(String host, int port, InetAddress
clientHost, int clientPort) throws IOException, UnknownHostException {
return ctx.getSocketFactory().createSocket(host, port,
clientHost, clientPort);
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
*/
public Socket createSocket(String host, int port) throws IOException,
UnknownHostException {
return ctx.getSocketFactory().createSocket(host, port);
}
/**
* @see
SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
*/
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return ctx.getSocketFactory().createSocket(socket, host, port,
autoClose);
}
}
SSLContext sslCtx = SSLContext.getInstance("
sslCtx.init(null, new TrustManager[] {new TrustAllTrustManager()}, null);
aklauth._getServiceClient().getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
new Protocol("https",(ProtocolSocketFactory)new
SSLProtocolSocketFactory(sslCtx),443));
> Allow https connection without a keystore
> -----------------------------------------
>
> Key: AXIS2-2944
> URL: https://issues.apache.org/jira/browse/AXIS2-2944
> Project: Axis2
> Issue Type: New Feature
> Components: transports
> Affects Versions: 1.2
> Reporter: Michael Davis
> Assignee: Saminda Wishwajith Abeyruwan
> Priority: Minor
>
> Normally when we connect over https, if the server sends us a certificate
> that is not well known, we have to specify a keystore using system properties:
> System.setProperty("javax.net.ssl.trustStore","path to keystore" );
> System.setProperty("javax.net.ssl.trustStorePassword","apache");
> We should allow clients to either provide a certificate by some other means,
> such as hard-coding the bytes, or allow the client to disregard the
> certificate and trust the server. This is because clients are sometimes
> deployed on systems where the developers have no access to the file system
> and therefore cannot configure the keystores.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
