This works fine for allowing java.net SSL access, but Apache Axis doesn't expose APIs to send this into its SSL checking mechanism.
Zach On Tue, Jan 11, 2011 at 10:07 PM, Afkham Azeez <[email protected]> wrote: > Check the class level doc comment > in https://svn.apache.org/repos/asf/axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/java/security/TrustAllTrustManager.java > Is that what you are looking for? > > On Wed, Jan 12, 2011 at 2:37 AM, Zach Calvert <[email protected]> wrote: >> >> Also, I was looking at >> http://www.mail-archive.com/[email protected]/msg21872.html and >> this method doesn't seem to work either, mostly because the dots are >> not connected for the part >> " >> In your SSLSocketFactory, override the "private static TrustManager[] >> createTrustManagers(final KeyStore keystore)" method. >> And create your own X509TrustManager to trust all certs. >> " >> since this function doesn't seem to exist in >> >> http://download.oracle.com/javase/1.4.2/docs/api/javax/net/ssl/SSLSocketFactory.html >> >> Any ideas? >> >> >> On Tue, Jan 11, 2011 at 2:18 PM, Zach Calvert <[email protected]> >> wrote: >> > I am writing internal test code chatting to an internal test server >> > with a self signed certificate. The team is distributed and I am not >> > an admin on our build servers so I cannot install the certificate into >> > the certificate chain (can't do this on other developer machines >> > anyway). The idea is that I need to be able to execute SOAP APIs >> > built using the mvn plugin for wsdl2code and the abd bindings (not >> > XMLBeans). The server will not accept clear port SOAP commands for >> > authentication, but we are entirely willing to accept >> > man-in-the-middle attacks as a risk since we're executing code on an >> > internally managed network and this is not public facing code. >> > >> > I have searched the mailing lists, documentation, and various >> > blogs/dev wikis and cannot find the answer. I have tried the old >> > flavor of AxisProperties.setProperty("axis.socketSecureFactory"... >> > (http://marc.info/?l=axis-user&m=120965970202812&w=2) but of course >> > this does not work with the new flavor of Axis. I have also tried >> > setting the default trust site manager to accept all certificates >> > >> > (http://www.coderanch.com/t/207318/sockets/java/do-hold-Java-default-SSL) >> > but AXIS seems to use its own flavor from the Protocol classes. I >> > then tried overriding the Protocol using the sample code provided at >> > http://hc.apache.org/httpclient-3.x/sslguide.html. None of this seems >> > to work and still gets me a >> > Exception in thread "main" org.apache.axis2.AxisFault: >> > sun.security.validator.ValidatorException: PKIX path building failed: >> > sun.security.provider.certpath.SunCertPathBuilderException: unable to >> > find valid certification path to requested target >> > at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) >> > at >> > org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98) >> > at >> > org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499) >> > at >> > org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) >> > at >> > org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) >> > at >> > org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) >> > at >> > org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) >> > at >> > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) >> > at >> > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346) >> > at >> > org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:550) >> > at >> > org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:189) >> > at >> > org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75) >> > at >> > org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:389) >> > at >> > org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:222) >> > at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:435) >> > at >> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402) >> > at >> > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) >> > at >> > org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) >> > at >> > vmware.labmanager.soap.LabManager_x0020_SOAP_x0020_interfaceStub.getConfigurationByName(LabManager_x0020_SOAP_x0020_interfaceStub.java:724) >> > at ZachTest.main(ZachTest.java:188) >> > Caused by: javax.net.ssl.SSLHandshakeException: >> > sun.security.validator.ValidatorException: PKIX path building failed: >> > sun.security.provider.certpath.SunCertPathBuilderException: unable to >> > find valid certification path to requested target >> > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown >> > Source) >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown >> > Source) >> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown >> > Source) >> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown >> > Source) >> > at >> > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown >> > Source) >> > at >> > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown >> > Source) >> > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown >> > Source) >> > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown >> > Source) >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown >> > Source) >> > at >> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown >> > Source) >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown >> > Source) >> > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown >> > Source) >> > at java.io.BufferedOutputStream.flushBuffer(Unknown Source) >> > at java.io.BufferedOutputStream.flush(Unknown Source) >> > at >> > org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:94) >> > ... 18 more >> > Caused by: sun.security.validator.ValidatorException: PKIX path >> > building failed: >> > sun.security.provider.certpath.SunCertPathBuilderException: unable to >> > find valid certification path to requested target >> > at sun.security.validator.PKIXValidator.doBuild(Unknown Source) >> > at sun.security.validator.PKIXValidator.engineValidate(Unknown >> > Source) >> > at sun.security.validator.Validator.validate(Unknown Source) >> > at >> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) >> > at >> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown >> > Source) >> > at >> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown >> > Source) >> > ... 29 more >> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >> > unable to find valid certification path to requested target >> > at >> > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown >> > Source) >> > at java.security.cert.CertPathBuilder.build(Unknown Source) >> > ... 35 more >> > >> > >> > Is there ANY support to override SSL validation for Apache AXIS SOAP >> > calls using wsdl2java generated code? >> > >> > >> > >> > Thanks, >> > Zach >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > > > -- > Afkham Azeez > Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, > > Member; Apache Software Foundation; http://www.apache.org/ > email: [email protected] cell: +94 77 3320919 > blog: http://blog.afkham.org > twitter: http://twitter.com/afkham_azeez > linked-in: http://lk.linkedin.com/in/afkhamazeez > > Lean . Enterprise . Middleware > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
