3 Replies Latest reply on Mar 29, 2013 9:43 AM by Freeman(Yue) Fang

    CXF - Issue custom TLSClientParam

    florent.vansiliette Newbie

      I have a bundle in my FuseESB 7.0.2 packaging that bypasses the SSL server certificate check by setting customized TLSClientParameters.

      The code works well on FuseESB 7.0.2 but not in JBoss Fuse Beta. It seems that the TLSClientParameters is ignored in the new version and I get SSL handshake exception...

       

      Here is the following code that works well on Fuse 7.0.2 :

       

      TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {

                public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { }

                public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { }

                          public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }

      }};

      TLSClientParameters tlsParams = new TLSClientParameters();

      tlsParams.setTrustManagers(trustAllCerts);

      //disable CN check tlsParams.setDisableCNCheck(true);

      http.setTlsClientParameters(tlsParams);

       

       

      Is it a known issue ?

       

      Best Regards,

       

       

      Florent

        • 1. Re: CXF - Issue custom TLSClientParam
          Freeman(Yue) Fang Master

          Hi,

           

          Could you please post whole code about how client side http conduit to set the TLSClientParameters?

           

          I've write a simple client side test code, call a https server which don't need clientAuthentication, my client side code is like

                 

                  SOAPService service = new SOAPService(url, SOAPService.SERVICE);

                  assertNotNull("Service is null", service);  

                  final Greeter port = service.getHttpsPort();

                  assertNotNull("Port is null", port);

                 

                  BindingProvider provider = (BindingProvider)port;

                  provider.getRequestContext().put(

                        BindingProvider.ENDPOINT_ADDRESS_PROPERTY,

                        address);

                  Client client = ClientProxy.getClient(port);

                  HTTPConduit httpConduit = (HTTPConduit) client.getConduit();

                  TrustManager[] trustAllCerts = new TrustManager[] {

                      new X509TrustManager() {

           

                          public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {

                          }

           

                          public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {

                          }

           

                          public java.security.cert.X509Certificate[] getAcceptedIssuers() {

                              return null;

                          }

           

                      }

                  };

           

                  TLSClientParameters tlsParams = new TLSClientParameters();

           

                  tlsParams.setTrustManagers(trustAllCerts);

           

                

                  tlsParams.setDisableCNCheck(true);

                  httpConduit.setTlsClientParameters(tlsParams);

                  assertEquals(port.greetMe("Kitty"), "Hello Kitty");

           

          This code works for me, client can bypass the SSL server certificate check as expected and invoke the server successfully.

           

          Freeman

          • 2. Re: CXF - Issue custom TLSClientParam
            florent.vansiliette Newbie

            Thank you for your quick reply .

             

            Here is the complete code   :

             

             

                        URL wsdlLocation = WebServiceFactory.class.getResource("/META-INF/wsdl/soapha.wsdl");
                       

                        //Soapha_Service is a class that extends Service (generated by JAX_WS)
                        Soapha_Service soaphaService = new Soapha_Service(wsdlLocation, new QName("urn:....", "soapha"));

                       

                        //Soapha is @WebService Interface generated by JAX-WS

                        Soapha port = soaphaService.getSoaphaSOAP();


                        Map<String, Object> requestContext = ((BindingProvider) port).getRequestContext();

                        requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, webServiceUrl);

                        Client client = ClientProxy.getClient(port);

                        HTTPConduit http = (HTTPConduit) client.getConduit();

                        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();

                        httpClientPolicy.setConnectionTimeout(NETWORK_TIMEOUT);
                        httpClientPolicy.setReceiveTimeout(NETWORK_TIMEOUT);
                        httpClientPolicy.setMaxRetransmits(1);

                        http.setClient(httpClientPolicy);

                        //Bypass SSL security
                        //Accept all certificates
                        TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
                                public void checkClientTrusted(
                                        java.security.cert.X509Certificate[] certs, String authType) {
                                }

                                public void checkServerTrusted(
                                        java.security.cert.X509Certificate[] certs, String authType) {
                                }

                                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                                    return null;
                                }
                            }};

                         TLSClientParameters tlsParams = new TLSClientParameters();
                          tlsParams.setTrustManagers(trustAllCerts);
                          //disable CN check
                         tlsParams.setDisableCNCheck(true);
                         http.setTlsClientParameters(tlsParams);

             

            • 3. Re: CXF - Issue custom TLSClientParam
              Freeman(Yue) Fang Master

              Hi,

               

              It looks good to me.

               

              Could you please append a testcase which we can build and reproduce this error?

               

              You can put a simple README to describle how you deploy the bundles/start the server.

               

              I guess it's a client bundle in JBoss FUSE container and a standalone https server outside JBoss FUSE container, right?

               

              I'd see your client bundle and the server configuration.

               

              Freeman