1 Reply Latest reply on Apr 22, 2005 5:16 AM by Yoge

    Access JNDI over HTTPS

    Yoge Newbie

      I tried to connect to JBoss MBeanServer through http-invoker.sar

      I followed the steps given in http://docs.jboss.org/jbossas/admindevel326/html/ch3.chapter.html#d0e7813

      Below code gets JNDI reference
      String host = "yogendrav";
      int port = 8443;
      Properties jndiprops = new Properties();
      String servletUrl="/invoker/JNDIFactory";
      String providerurl="https://"+host+":"+port+servletUrl;
      jndiprops.put("java.naming.provider.url",providerurl);
      jndiprops.put("java.naming.factory.initial","org.jboss.naming.HttpNamingContextFactory");
      InitialContext ic = new InitialContext(jndiprops);
      Object o =ic.lookup("jmx/rmi/RMIAdaptor");
      But the code works only if add the keystore file in the system property

      If I dont add the below line I get certification handshake exception.
      System.setProperty("javax.net.ssl.trustStore", "E:\\jboss\\jboss-3.2.6\\jboss-3.2.6\\server\\default\\conf\\chap8.keystore");

      I want to avoid adding the keystore file in the code.

      I tried below code snippet to override default TrustManager with mine which dont bother about trusting the server certificates.

      TrustManager[] trustAllCerts = new TrustManager[]{
      new X509TrustManager() {
      public java.security.cert.X509Certificate[] getAcceptedIssuers() {
      return null;
      }
      public boolean isClientTrusted(
      java.security.cert.X509Certificate[] certs) {
      return true;
      }
      public boolean isServerTrusted(
      java.security.cert.X509Certificate[] certs) {
      return true;
      }
      }
      };
      try {
      SSLContext sc = SSLContext.getInstance("SSLv3");
      sc.init(null, trustAllCerts, null);//new java.security.SecureRandom());

      HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
      } catch (Exception e) {
      e.printStackTrace();
      }

      Unfortunately this workaround doesnot work!!!!!!!!


      My question is how to override default trust manager so that I dont have to bother about adding keystore file in the program.



      Regards
      --Yoge

        • 1. Re: Access JNDI over HTTPS
          Yoge Newbie

          I found the solution.

          Added below two lines of code in my client program
          System.setProperty("org.jboss.security.httpInvoker.sslSocketFactoryBuilder","AMSSLSocketFactoryBuilder");
          System.setProperty("org.jboss.security.ignoreHttpsHost","true");



          AMSSLSocketFactoryBuilder is a class and code is given below

          import javax.net.ssl.SSLSocketFactory;

          import org.jboss.net.ssl.SSLSocketFactoryBuilder;

          import com.sun.net.ssl.SSLContext;
          import com.sun.net.ssl.TrustManager;
          import com.sun.net.ssl.X509TrustManager;


          /**
          * @author Yogendrababu
          *
          * TODO
          *
          */
          public class AMSSLSocketFactoryBuilder implements SSLSocketFactoryBuilder
          {
          public AMSSLSocketFactoryBuilder()
          {
          System.out.println("Should work now");
          }
          public SSLSocketFactory getSocketFactory() throws Exception
          {
          TrustManager[] trustAllCerts = new TrustManager[]{
          new X509TrustManager() {
          public java.security.cert.X509Certificate[] getAcceptedIssuers() {
          return null;
          }
          public boolean isClientTrusted(
          java.security.cert.X509Certificate[] certs) {
          System.out.println("Yoge");
          return true;
          }
          public boolean isServerTrusted(
          java.security.cert.X509Certificate[] certs) {
          System.out.println("7777");
          return true;
          }
          }
          };
          try {
          SSLContext sc = SSLContext.getInstance("SSL");
          sc.init(null, trustAllCerts, new java.security.SecureRandom());//new java.security.SecureRandom());
          // con.setSSLSocketFactory(sc.getSocketFactory());
          return sc.getSocketFactory();

          } catch (Exception e) {
          e.printStackTrace();
          }
          return null;

          }
          }