Hi all: I tested a custom SSL Socket Factory registered as "https" as per document: http://jakarta.apache.org/commons/httpclient/sslguide.html and worked pretty good. However when I register my custom SSL Socket Factory with another name like "myhttps", it does not work.
1) First the stable release has a bug (NullPointerException) which is documented here: http://www.mail-archive.com/[EMAIL PROTECTED]/msg25009.html So after downloading the lastest code from the nightly build repository with the fix for the NullPointerException bug, Axis2 thows another error: org.apache.axis2.AxisFault: Transport out has not been set at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:439) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:330) at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:294) ..... more lines pertaining to my client sub....... So I added a new transportSender to the axis2_default.xml file (in axis2-kernel-1.2-SNAPSHOT.jar) like this: (notice that I resused the existing CommonsHTTPTransportSender ) <transportSender name="myhttps" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender"> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter> <parameter name="Transfer-Encoding" locked="false">chunked</parameter> </transportSender> Then Axis reports another problem: org.apache.axis2.AxisFault: unknown protocol: myhttps at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:221) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:452) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:330) at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:294) ...... more lines.... Caused by: org.apache.axis2.AxisFault: unknown protocol: myhttps at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:308) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:201) ... 12 more Caused by: java.net.MalformedURLException: unknown protocol: myhttps at java.net.URL.<init>(URL.java:574) at java.net.URL.<init>(URL.java:464) at java.net.URL.<init>(URL.java:413) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:283) ... 13 more #============================== Am I missing anything here? or Axis2/HttpClient can not really work well with a custom protocol name other than valid URLs? I'd appreciate any comments on this one. thx, Carlos M. Note this is my client code: Protocol httpsProtocol = new Protocol("https", (ProtocolSocketFactory) new MYSSLProtocolSocketFactory( new URL("file:/tmp/keyStore.ks" ) , "keyStorePassword", new URL("file:/tmp/trustStore.ks" ), "trustStorePassword" ), 443 ); //Protocol.registerProtocol("https", httpsProtocol); // works fine Protocol.registerProtocol("myhttps", httpsProtocol); // does not work !! -------------- Xinjun Chen wrote: > > Axis2 uses HTTPClient, so you can overwrite the https protocol by > registering your own SSLSocketFactory. > Refer http://jakarta.apache.org/commons/httpclient/sslguide.html for > details. > > In your SSLSocketFactory, override the "private static TrustManager[] > createTrustManagers(final KeyStore keystore)" method. > And create your own X509TrustManager to trust all certs. > > Insert the following line in the Axis2 web services client code to > register > your own https protocol. > "Protocol.registerProtocol("https", new > Protocol("https",(ProtocolSocketFactory) yourOwnSSLSocketFactory, port));" > And HTTPClient will use your own SSLSocketFactory. > > > Regards, > Xinjun > > > On 11/23/06, xu cai <[EMAIL PROTECTED]> wrote: >> >> Actually, you can use >> System.setProperty("javax.net.ss.trustStore", "your key store file >> location") . >> it can set truststore file path. >> >> >> On 11/23/06, Luis Rivera <[EMAIL PROTECTED]> wrote: >> > >> > >> > >> > Thanks a lot Vicio and Magnus, >> > >> > I will try Vicio's suggestion first since I am using applets and >> writing >> > to >> > the client's hard disk might not be a viable option. However, I wonder >> > if >> > including a keystore in the jar file will do the trick. I am not sure >> if >> > a >> > keystore is also looked for in the classpath, but I guess I can try. >> > >> > Thanks again, >> > --Luis R. >> > >> > >From: <[EMAIL PROTECTED]> >> > >Reply-To: [email protected] >> > >To: <[email protected]> >> > >Subject: RE: Axis https/SSL Server Certificate Validation question >> > >Date: Wed, 22 Nov 2006 12:53:12 +0100 >> > > >> > >For avoiding certification validation, try to use the code: >> > > >> > >AxisProperties.setProperty("axis.socketSecureFactory"," >> > org.apache.axis.c >> > >omponents.net.SunFakeTrustSocketFactory"); >> > > >> > >it should solve your problem. >> > > >> > > >> > >Regards, >> > >Vicio. >> > > >> > > >> > >-----Original Message----- >> > >From: Magnus Bergman [mailto: [EMAIL PROTECTED] >> > >Sent: 22 novembre 2006 12.21 >> > >To: [email protected] >> > >Subject: Re: Axis https/SSL Server Certificate Validation question >> > > >> > >This is no axis problem, but anyway, >> > >i don't know how to bypass the certification verification. >> > >But a solution to your problem is: >> > > >> > >add the self signed server cert into a truststore file that you put in >> > >your client-jar file and configure your client-app to use your shipped >> > >trustore file? Something like this URL url = >> > > this.getClass().getClassLoader().getResource("truststore_in_jar"); >> > >JarURLConnection conn = (JarURLConnection) url.openConnection(); >> > JarFile >> > >jar = conn.getJarFile(); JarEntry entry = >> > >jar.getJarEntry("truststore_in_jar"); >> > >InputStream is = jar.getInputStream (entry); File tmp = >> > >File.createTempFile("certs", ".cer"); tmp.deleteOnExit(); >> > >FileOutputStream fos = new FileOutputStream(tmp); byte[] buffer = new >> > >byte[1024]; int bytes; while( (bytes = is.read(buffer)) > 0 ) >> > > fos.write(buffer, 0, bytes); >> > >fos.close(); >> > >is.close(); >> > >url = tmp.toURL(); >> > >System.out.println("setting truststore to: " + url.getPath()); >> > >System.setProperty ("javax.net.ssl.trustStore",url.getPath()); >> > > >> > >this will of course write a temporary truststore to your clients local >> > >hard disk, but it works... >> > > >> > >regards >> > >Magnus >> > > >> > > >> > >Luis Rivera wrote: >> > > > >> > > > Dear axis users, >> > > > >> > > > I googled my way up to this point, but now I have to ask about >> this. >> > I >> > > >> > > > am sure it is being asked, but have not being able to find a way to >> > do >> > > >> > > > this, unless I am misunderstanding something. >> > > > >> > > > OK, I want to use https for encryption using only Server side >> > > > authentication. I managed to create a self signed certificate for >> > > > tomcat, installed in a keystore and set up the server.xml file with >> > > > the right info. This works great, now I can use https to browse the >> > > > tomcat pages, axis Validation and make sure that my own Services >> > > > (based on axis >> > > > 1.4) are deployed. >> > > > >> > > > My WSDL is rpc/literal. so I basically locate the Service using the >> > > > right URL ( https://host:port/axis/services/MyService) and got a >> > > > SSLHandshakeException!!! >> > > > >> > > > So, I figured the problem might be that since the browser usually >> > > > prompts the user to confirm if the certificate should be trusted, >> > now >> > > > my program was not able to trust the certificate. Therefore, I >> > > > basically added the certificate to the client jre cacerts file and >> > > > that solved the problem. >> > > > >> > > > HOWEVER, I don't want my client to modify a file in its local hard >> > > > disk if possible. I want it to just ignore the fact that the >> > > > Certificate is not in the keystore and go on, just like I always >> say >> > > > "yes" when the browser pop up the dialog, since I am only caring >> for >> > >> > > > encryption at this point. >> > > > >> > > > So, the question is: >> > > > >> > > > HOW DO i MAKE THE CLIENT BYPASS THE CERTIFICATE VERIFICATION step >> in >> > > > my client? >> > > > >> > > > I believe I have to use a TrustManager and a SSL context, but I am >> > not >> > > >> > > > sure how to connect it to the axis Engine running under my client, >> > > > which is the one opening the context that matters for this and >> > > > subsequent connections. >> > > > >> > > > Thanks in advance, any tip will be appreciate, >> > > > --Luis R. >> > > > >> > > > _________________________________________________________________ >> > > > Talk now to your Hotmail contacts with Windows Live Messenger. >> > > > >> http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http >> > >> > > > ://get.live.com/messenger/overview >> > > > >> > > > >> > > > >> > > > >> > --------------------------------------------------------------------- >> > > > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > > > For additional commands, e-mail: [EMAIL PROTECTED] >> > > > >> > > >> > >-- >> > >------------------------------------ >> > >Magnus Bergman >> > >www.voiceprovider.se >> > >Mobile +46(0)733 63 42 08 >> > >Office +46(0)8 525 080 08 >> > >Fax +46(0)8 456 96 61 >> > >Slottsbacken 6 >> > >111 30 Stockholm >> > >------------------------------------ >> > > >> > >--------------------------------------------------------------------- >> > >To unsubscribe, e-mail: [EMAIL PROTECTED] >> > >For additional commands, e-mail: [EMAIL PROTECTED] >> > > >> > > >> > > >> > >This message is for the designated recipient only and may contain >> > >privileged, proprietary, or otherwise private information. If you >> have >> > >received it in error, please notify the sender immediately and delete >> > the >> > >original. Any other use of the email by you is prohibited. >> > > >> > >--------------------------------------------------------------------- >> > >To unsubscribe, e-mail: [EMAIL PROTECTED] >> > >For additional commands, e-mail: [EMAIL PROTECTED] >> > > >> > >> > _________________________________________________________________ >> > MSN Shopping has everything on your holiday list. Get expert picks by >> > style, >> > age, and price. Try it! >> > >> http://shopping.msn.com/content/shp/?ctId=8000,ptnrid=176,ptnrdata=200601&tcode=wlmtagline >> > >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: [EMAIL PROTECTED] >> > >> > >> >> >> -- >> - xucai > > -- View this message in context: http://www.nabble.com/Axis-https-SSL-Server-Certificate-Validation-question-tf2683112.html#a10024008 Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
