The code below uses a keystore to validate sites. Check
sun site or other resources to find out how to build a keystore/truststore from:
keytool
I generate a self signed cert in the keystore and then
import remote client certs.
// If we are running https protocol
(encrypted)
if ("https".equalsIgnoreCase(protocol)) { // yes: https
String keyStore = System.getProperty("https.truststore");
if (keyStore == null) {
//keyStore = "D:/java/src/certs/client.keystore";
if ("https".equalsIgnoreCase(protocol)) { // yes: https
String keyStore = System.getProperty("https.truststore");
if (keyStore == null) {
//keyStore = "D:/java/src/certs/client.keystore";
// Use
the line above and comment out below to when testing this
main
throw new GenericException("The underlying protocol requires a " +
"truststore (system property https.truststore)");
}
System.setProperty("javax.net.ssl.trustStore", keyStore);
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// System.setProperty("javax.net.debug", "ssl");
}
throw new GenericException("The underlying protocol requires a " +
"truststore (system property https.truststore)");
}
System.setProperty("javax.net.ssl.trustStore", keyStore);
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// System.setProperty("javax.net.debug", "ssl");
}
// establish
ServiceLocator locator = new
ServiceLocator();
port = locator.getServiceContract(new URL(protocol, host, portNumber, url));
( (Stub) port).setMaintainSession(true);
port = locator.getServiceContract(new URL(protocol, host, portNumber, url));
( (Stub) port).setMaintainSession(true);
Raul
From: Faucher, Christian [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 11, 2005 2:10 PM
To: [EMAIL PROTECTED]
Subject: Disabling Certification validation in HTTPS
Hi,
I have a SOAP Server
that does not have (yet) its trusted certificate, but nonetheless runs in
HTTPS. For instance, we can use portals on it, providing we accept the
fact the server cannot authenticate itself.
I run a Axis client
that connects to this server, using a HTTPS:// URL. However, the client
fails, saying that the server has no trusted certificate (see exception
below).
Is there a way in
Axis to configure an Axis client to accept the SSL
connection, no matter if the certificate is
valid/trusted/found?
Thank you in
advance!
Christian
Faucher
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate
found
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:97)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:147)
at org.apache.axis.client.Call.invokeEngine(Call.java:2719)
at org.apache.axis.client.Call.invoke(Call.java:2702)
at org.apache.axis.client.Call.invoke(Call.java:1738)
at axa.Main.main(Main.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:131)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:370)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:88)
... 13 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
... 23 more
Exception in thread "main"
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:97)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:147)
at org.apache.axis.client.Call.invokeEngine(Call.java:2719)
at org.apache.axis.client.Call.invoke(Call.java:2702)
at org.apache.axis.client.Call.invoke(Call.java:1738)
at axa.Main.main(Main.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:131)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:370)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:88)
... 13 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
... 23 more
Exception in thread "main"
"Ce message est
confidentiel, a l'usage exclusif du destinataire ci-dessus et son contenu ne
represente en aucun cas un engagement de la part de AXA, sauf en cas de
stipulation expresse et par ecrit de la part de AXA. Toute publication,
utilisation ou diffusion, meme partielle, doit etre autorisee prealablement. Si
vous n'etes pas destinataire de ce message, merci d'en avertir immediatement
l'expediteur."
"This e-mail message is confidential, for the exclusive use of the addressee and its contents shall not constitute a commitment by AXA, except as otherwise specifically provided in writing by AXA. Any unauthorized disclosure, use or dissemination, either whole or partial, is prohibited. If you are not the intended recipient of the message, please notify the sender immediately."
"This e-mail message is confidential, for the exclusive use of the addressee and its contents shall not constitute a commitment by AXA, except as otherwise specifically provided in writing by AXA. Any unauthorized disclosure, use or dissemination, either whole or partial, is prohibited. If you are not the intended recipient of the message, please notify the sender immediately."