Hmm, what about this one though:
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/X509TrustManager.html#getAcceptedIssuers%28%29
returns "a non-null (possibly empty) array of acceptable CA issuer
certificates."
Does it mean that returning an empty array (instead of null) can work ?
Sergey
On 18/02/15 10:47, Sergey Beryozkin wrote:
Hi
So does it work if at least a single certificate is available in the
store ?
If so then can you add a generated certificate into the store to get
things working ?
It appears TrustManager is not designed to work without any certificates
available given that it has methods for checking the certs and the
documentation says that IllegalArgumentException is expected if
"if null or zero-length chain is passed in for the chain parameter"
Thanks, Sergey
On 18/02/15 07:29, Khare, Aparna wrote:
Just want to add that this fails when certificate is not there in
keystore my requirement is that keystore should not have certificate
and still it should validate the SSL
Thanks,
Aparna
From: Khare, Aparna
Sent: Tuesday, February 17, 2015 5:53 PM
To: [email protected]
Subject: Implement trust all using apache cxf
Dear Colleagues,
I'm trying to implement trust all using apach cxf
Created DefaultTrustManager class
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(final
java.security.cert.X509Certificate[] certs,
final String authType) {
}
@Override
public void checkServerTrusted(final
java.security.cert.X509Certificate[] certs,
final String authType) {
}
I have created this class implementing the x509trust manager
And then I call the trust manager using below code
TLSClientParameters tlsParams = new TLSClientParameters();
TrustManager[] trustAllCerts = new TrustManager[] { new
DefaultTrustManager() };
tlsParams.setTrustManagers(trustAllCerts);
tlsParams.setDisableCNCheck(true);
conduit.setTlsClientParameters(tlsParams);
still I get certificate validation failed.
Can someone is I have missed something
Thanks,
Aparna
