Re: How To Registering My Own Cert TrustManager for SOAP Call

[David B. Bitton]

Please excuse my naivet�, but could you just pull Tomcat through Apache configured for SSL, using mod_jk or mod_webapp? --   David B. Bitton [EMAIL PROTECTED] www.codenoevil.com   Code Made Fresh Daily� ----- Original Message ----- From: Mark Childerson To: [EMAIL PROTECTED] Sent: Wednesday, April 10, 2002 4:34 PM Subject: RE: How To Registering My Own Cert TrustManager for SOAP Call I haven't worked with SSL yet, but I did make a transport that uses HttpURLConnection. It shouldn't be too hard to modify it to use HttpsURLConnection. If you do: call.setSOAPTransport(new AppletHTTPTransport()); It will use the post() method in AppletHTTPUtils, which can readily be souped up to allow HttpsURLConnections. M. At 01:11 PM 4/10/02 -0700, you wrote: The breakpoint is never reached because Apache SOAP doesn't use the HttpsURLConnection class (or it's base classes) for communicaton but rather it's own set of classes working off of the lower level SSLSocket classes. I'm pretty much stuck in the same boat so if anyone has had any success please pass on your findings. -Joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 12:36 PM To: [EMAIL PROTECTED] Subject: How To Registering My Own Cert TrustManager for SOAP Call How do I register my own X509TrustManager so that I can programmatically check the server cert in isServerTrusted() method for a SOAP call using apache SOAP 2.2. (My server has a self-signed cert) When I code the following, https POSTS to the server, such as "https://localhost:8080/TestServlet", work fine because I registered the trust manager and it stops at my breakpoint in isServerTrusted() // start code example    class AnyHostnameVerifier implements HostnameVerifier {       public boolean verify(             java.lang.String urlHostname,             java.lang.String certHostname) {             return true;       }    }    class AnyX509TrustManager implements X509TrustManager {       public boolean isClientTrusted(java.security.cert.X509Certificate[] chain) {             return true;       }       public boolean isServerTrusted(java.security.cert.X509Certificate[] chain) {             return true;       }       public java.security.cert.X509Certificate[] getAcceptedIssuers() {             return null;       }    }    System.setProperty("java.protocol.handler.pkgs",       "com.sun.net.ssl.internal.www.protocol");    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());    X509TrustManager tm = new AnyX509TrustManager();    HostnameVerifier hm = new AnyHostnameVerifier();    KeyManager[] km = null;    TrustManager[] tma = { tm };    SSLContext sc = SSLContext.getInstance("SSL");    sc.init(km, tma, new java.security.SecureRandom());    SSLSocketFactory sf1 = sc.getSocketFactory();    HttpsURLConnection.setDefaultSSLSocketFactory(sf1);    HttpsURLConnection.setDefaultHostnameVerifier(hm); // end code example BUT WHEN MAKING THE FOLLOWING SOAP CALL... // start code example    String targetObjectURI = "http://tempuri.org/Service";    call.setMethodName("getName");    call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);    call.setTargetObjectURI(targetObjectURI);    call.setParams(new Vector());    call.invoke( new URL(" https://localhost:8443/logon-example/servlet/rpcrouter"), ""); // end code example IT FAILS WITH main, SEND SSL v3.1 ALERT:  fatal, description = certificate_unknown main, WRITE:  SSL v3.1 Alert, length = 2 org.apache.soap.SOAPException, Error opening socket: null AND THE BREAKPOINT IS NEVER REACHED IN MY REGISTERED TRUST-MANAGER