-
1. Re: CXF - Issue custom TLSClientParam
ffang Mar 29, 2013 7:37 AM (in response to florent.vansiliette)Hi,
Could you please post whole code about how client side http conduit to set the TLSClientParameters?
I've write a simple client side test code, call a https server which don't need clientAuthentication, my client side code is like
SOAPService service = new SOAPService(url, SOAPService.SERVICE);
assertNotNull("Service is null", service);
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
BindingProvider provider = (BindingProvider)port;
provider.getRequestContext().put(
BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
address);
Client client = ClientProxy.getClient(port);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(trustAllCerts);
tlsParams.setDisableCNCheck(true);
httpConduit.setTlsClientParameters(tlsParams);
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
This code works for me, client can bypass the SSL server certificate check as expected and invoke the server successfully.
Freeman
-
2. Re: CXF - Issue custom TLSClientParam
florent.vansiliette Mar 29, 2013 9:02 AM (in response to ffang)Thank you for your quick reply .
Here is the complete code :
URL wsdlLocation = WebServiceFactory.class.getResource("/META-INF/wsdl/soapha.wsdl");
//Soapha_Service is a class that extends Service (generated by JAX_WS)
Soapha_Service soaphaService = new Soapha_Service(wsdlLocation, new QName("urn:....", "soapha"));//Soapha is @WebService Interface generated by JAX-WS
Map<String, Object> requestContext = ((BindingProvider) port).getRequestContext();requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, webServiceUrl);
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(NETWORK_TIMEOUT);
httpClientPolicy.setReceiveTimeout(NETWORK_TIMEOUT);
httpClientPolicy.setMaxRetransmits(1);http.setClient(httpClientPolicy);
//Bypass SSL security
//Accept all certificates
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}};TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(trustAllCerts);
//disable CN check
tlsParams.setDisableCNCheck(true);
http.setTlsClientParameters(tlsParams); -
3. Re: CXF - Issue custom TLSClientParam
ffang Mar 29, 2013 9:43 AM (in response to florent.vansiliette)Hi,
It looks good to me.
Could you please append a testcase which we can build and reproduce this error?
You can put a simple README to describle how you deploy the bundles/start the server.
I guess it's a client bundle in JBoss FUSE container and a standalone https server outside JBoss FUSE container, right?
I'd see your client bundle and the server configuration.
Freeman