Hello all,
I'm having some problems getting this working. First off, I've got the Tomcat
server configured for https traffic and it appears to be working fine from the
tests that I've done via a browser.
The problem I'm having is configuring the Java client to use an untrusted
certificate. I want my application to work just like a web browser when an
untrusted certificate is sent from the server. I want to show the certificate
info to the user and ask if they want to continue or not. I'll also allow them
to add the key to their keystore for future use, so they won't be prompted
again.
I've got this sort of working with some sample code, but not using SOAP. My
sample code tries to read a line from a web page that I know will be there.
Like this:
URL verisign = new URL("https://"; + server + "/index.html");
BufferedReader in = new BufferedReader(
new InputStreamReader(verisign.openStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
If it gets a SSLHandshakeException, it prompts the user to add the certificate
or cancel. If the user adds the certificate, the code adds the certificate to
the keystore and then tries to read the line again. Here is a sample of my
code.
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
// MyDummyTrustManager prompts user if base class validation fails.
TrustManager[] myTM = new TrustManager [] { new MyDummyTrustManager(keyStore) };
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, myTM, null);
SSLSocketFactory ssf = sc.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(ssf);
// MyHostnameVerifier prompts user if validation fails.
HttpsURLConnection.setDefaultHostnameVerifier(new MyHostNameVerifier());
When I run this code and then construct a Call object and invoke it, I get a
SSLHandshakeException. Why doesn't the Call object use the same
DefaultSSLSocketFactory on the HttpsURLConnection object?
Also, does anybody have an example of how to grab the default keystore without
asking the user to specify it? I want to have the Java app "just work" without
a lot of knowledge on the users part.
Finally, is there a simpler way to do what I'm trying to do? I just want to
make calls across soap using SSL. My code must allow the user to accept a
server's certificate from the gui like a browser does if certificate
authentication fails. I figured this would be built into java as a common
dialog, since I saw it pop up once when an applet accessed a web server
encrypted with SSL.
Any example code would be greatly appreciated.
Thanks in advance for any help,
-- Trey
___________________________________________________________________
Try Juno Platinum for Free! Then, only $9.95/month!
Unlimited Internet Access with 250MB of Email Storage.
Visit http://www.juno.com/value to sign up today!
