Hallo,
I run into problems when I try to set TLSClientParameters ond the HTTP
Conduit of a client where I also override the ENDPOINT_ADDRESS. The result
is that my TLSClientParameters are not considered at all (certificate
validation error). If I do not override the ENDPOINT_ADDRESS, it works as
expected. Could anybody point me to a solution that allows me to set both,
the endpoint and a cutstom trust manager?
Code (tested with CXF 2.7.4, Java 7):
private <PortT> void setupSoapPort(PortT soapPort) {
Client soapClient = ClientProxy.getClient(soapPort);
// set endpoint and timeouts
soapClient.getRequestContext().put(Message.ENDPOINT_ADDRESS,
this.endpoint);
HTTPConduit conduit = (HTTPConduit) soapClient.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(this.connectTimeout);
httpClientPolicy.setReceiveTimeout(this.receiveTimeout);
conduit.setClient(httpClientPolicy);
// enable cookie based sessions
((BindingProvider)soapPort).getRequestContext().put(
BindingProvider.SESSION_MAINTAIN_PROPERTY, "true");
// disable server certificate validation if requested
if (false == this.sslValidateServerCert &&
this.endpoint.toLowerCase().startsWith("https://";)) {
TrustManager[] trustAllCerts = new TrustManager[]{
new javax.net.ssl.X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {return null;}
public void checkClientTrusted(X509Certificate[] certs, String
authType) {}
public void checkServerTrusted(X509Certificate[] certs, String
authType) {}
}
};
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(trustAllCerts);
tlsParams.setDisableCNCheck(true);
conduit.setTlsClientParameters(tlsParams);
}
}
Thanks in advance,
Stepan
