Re: how to enable ssl programmatically on the client

[Fred Dushin]

On Jul 22, 2008, at 5:21 PM, Tedman Leung wrote:
First problem is, I'd like to turn off http completely so client  
stub generation via
HTTPS doesn't seem to work for me and or I can't find any  
documentation on how to do
it. I normally generate my client stubs via

  java -classpath ${CLASSPATH}  
org.apache.cxf.tools.wsdlto.WSDLToJava -client -p
  com.foo.client -d src/examples/java
  http://127.0.0.1:8085/foo/ws/HelloWorldService?wsdl

When I change the location to https and port 8086, it doesn't seem  
to work. Is this
suppose to work? or do all client stub generations have to happen  
via http?

No, you can currently only use plain HTTP to track down WSDL.  This is  
a known limitation which needs to be addressed in CXF.

Note that even if you implement your own URLStreamhandler, which would  
cache trustdb for the target service, the CXF runtime will serialize  
the URL you pass and then re-parse it, rendering your URLStreamHandler  
inert.



My second problem is the programmtic conduit configuration seems a  
little confusing
or non functional. After generating the client stubs via http, I  
tried to run my
client over https and it fails

  javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR:  
Problem parsing
  'https://127.0.0.1:8086/foo/ws/HelloWorldService?wsdl'.:
  javax.net.ssl.SSLHandshakeException:  
sun.security.validator.ValidatorException:
  PKIX path building failed:
  sun.security.provider.certpath.SunCertPathBuilderException:
  unable to find valid certification path to requested target

My test client code is very very simple (and use to work before I  
tried to change
it to https):

        public static void main(String... argv) throws Exception
        {
		URL url = new URL("https://127.0.0.1:8086/foo/ws/HelloWorldService?wsdl 
");
                HelloWorldWsService service=new HelloWorldWsService(url);
                
                // HelloWorldWsService service=new HelloWorldWsService();

                HelloWorldWs helloWorld=service.getHelloWorldWsPort();
                Client cxfClient = ClientProxy.getClient(helloWorld);
                HTTPConduit http = (HTTPConduit) cxfClient.getConduit();
                
                System.err.println(helloWorld.helloWorld());
                System.err.println(helloWorld.helloWorld2("foo"));
        }


Same issue -- you're loading the service WSDL through an https URL,  
not an http URL.  I suspect what's going on here is that your service  
at port 8066 is not using a server certificate signed by a "trusted"  
certificate.  You could try adding the issuer to the JVM trust store  
(as an experiment), but that will seriously weaken your trust model,  
and should not be used as a general solution in a production system.

-Fred