oh one thing you might want to check, since you're trying to
"trustall" in your certificates, in addition to the above, I had to
setup another bit some where else (context startup listener for the
webapp)
TrustAllManager[] tam = { new TrustAllManager() };
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tam, new SecureRandom());
SSLSocketFactory sslSocketFactory = ctx.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
HostnameVerifier hostNameVerifier = new HostnameVerifier()
{
@Override
public boolean verify(String host, SSLSession
sslSession)
{
return(true);
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hostNameVerifier);
On 5/16/13, Ted <[email protected]> wrote:
> I do that in cxf 2.7.4 and oracle jdk1.7, it looks very similar to
> what you're doing although maybe in a different order :
>
> AccountWsService service = new AccountWsService(myServiceUrl);
> AccountWs wsPort = service.getAccountWsPort();
>
> Client cxfClient = ClientProxy.getClient(wsPort);
> HTTPConduit httpConduit = (HTTPConduit) cxfClient.getConduit();
>
> TLSClientParameters tslClientParameters =
> httpConduit.getTlsClientParameters();
> if (tslClientParameters == null) tslClientParameters = new
> TLSClientParameters();
> tslClientParameters.setDisableCNCheck(true);
> TrustAllManager[] tam = { new TrustAllManager() };
> tslClientParameters.setTrustManagers(tam);
> tslClientParameters.setSecureSocketProtocol("SSLv3");
> httpConduit.setTlsClientParameters(tslClientParameters);
>
> HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
> httpClientPolicy.setConnection(ConnectionType.KEEP_ALIVE);
> httpClientPolicy.setConnectionTimeout(connectionTimeout);
> httpClientPolicy.setAllowChunking(false);
> httpClientPolicy.setReceiveTimeout(receiveTimeout);
> httpConduit.setClient(httpClientPolicy);
>
>
> On 5/15/13, Stepan Seycek <[email protected]> wrote:
>> Hallo,
>>
>> I run into problems when I try to set TLSClientParameters ond the HTTP
>> Conduit of a client where I also override the ENDPOINT_ADDRESS. The
>> result
>> is that my TLSClientParameters are not considered at all (certificate
>> validation error). If I do not override the ENDPOINT_ADDRESS, it works as
>> expected. Could anybody point me to a solution that allows me to set
>> both,
>> the endpoint and a cutstom trust manager?
>>
>> Code (tested with CXF 2.7.4, Java 7):
>>
>> private <PortT> void setupSoapPort(PortT soapPort) {
>> Client soapClient = ClientProxy.getClient(soapPort);
>>
>> // set endpoint and timeouts
>> soapClient.getRequestContext().put(Message.ENDPOINT_ADDRESS,
>> this.endpoint);
>> HTTPConduit conduit = (HTTPConduit) soapClient.getConduit();
>> HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
>> httpClientPolicy.setConnectionTimeout(this.connectTimeout);
>> httpClientPolicy.setReceiveTimeout(this.receiveTimeout);
>> conduit.setClient(httpClientPolicy);
>>
>> // enable cookie based sessions
>> ((BindingProvider)soapPort).getRequestContext().put(
>> BindingProvider.SESSION_MAINTAIN_PROPERTY, "true");
>>
>> // disable server certificate validation if requested
>> if (false == this.sslValidateServerCert &&
>> this.endpoint.toLowerCase().startsWith("https://";)) {
>> TrustManager[] trustAllCerts = new TrustManager[]{
>> new javax.net.ssl.X509TrustManager() {
>> public X509Certificate[] getAcceptedIssuers() {return null;}
>> public void checkClientTrusted(X509Certificate[] certs, String
>> authType) {}
>> public void checkServerTrusted(X509Certificate[] certs, String
>> authType) {}
>> }
>> };
>> TLSClientParameters tlsParams = new TLSClientParameters();
>> tlsParams.setTrustManagers(trustAllCerts);
>> tlsParams.setDisableCNCheck(true);
>> conduit.setTlsClientParameters(tlsParams);
>> }
>> }
>>
>> Thanks in advance,
>> Stepan
>>
>
>
> --
> Ted.
>
--
Ted.
