Doesn't
stub._getServiceClient().getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
new Protocol("https",(ProtocolSocketFactory)new
SSLProtocolSocketFactory(sslCtx),443));
do that?
On Fri, Jan 14, 2011 at 7:39 PM, Zach Calvert <[email protected]> wrote:
> This works fine for allowing java.net SSL access, but Apache Axis
> doesn't expose APIs to send this into its SSL checking mechanism.
>
>
>
> Zach
>
>
> On Tue, Jan 11, 2011 at 10:07 PM, Afkham Azeez <[email protected]> wrote:
> > Check the class level doc comment
> > in
> https://svn.apache.org/repos/asf/axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/java/security/TrustAllTrustManager.java
> > Is that what you are looking for?
> >
> > On Wed, Jan 12, 2011 at 2:37 AM, Zach Calvert <[email protected]>
> wrote:
> >>
> >> Also, I was looking at
> >> http://www.mail-archive.com/[email protected]/msg21872.html and
> >> this method doesn't seem to work either, mostly because the dots are
> >> not connected for the part
> >> "
> >> In your SSLSocketFactory, override the "private static TrustManager[]
> >> createTrustManagers(final KeyStore keystore)" method.
> >> And create your own X509TrustManager to trust all certs.
> >> "
> >> since this function doesn't seem to exist in
> >>
> >>
> http://download.oracle.com/javase/1.4.2/docs/api/javax/net/ssl/SSLSocketFactory.html
> >>
> >> Any ideas?
> >>
> >>
> >> On Tue, Jan 11, 2011 at 2:18 PM, Zach Calvert <[email protected]>
> >> wrote:
> >> > I am writing internal test code chatting to an internal test server
> >> > with a self signed certificate. The team is distributed and I am not
> >> > an admin on our build servers so I cannot install the certificate into
> >> > the certificate chain (can't do this on other developer machines
> >> > anyway). The idea is that I need to be able to execute SOAP APIs
> >> > built using the mvn plugin for wsdl2code and the abd bindings (not
> >> > XMLBeans). The server will not accept clear port SOAP commands for
> >> > authentication, but we are entirely willing to accept
> >> > man-in-the-middle attacks as a risk since we're executing code on an
> >> > internally managed network and this is not public facing code.
> >> >
> >> > I have searched the mailing lists, documentation, and various
> >> > blogs/dev wikis and cannot find the answer. I have tried the old
> >> > flavor of AxisProperties.setProperty("axis.socketSecureFactory"...
> >> > (http://marc.info/?l=axis-user&m=120965970202812&w=2) but of course
> >> > this does not work with the new flavor of Axis. I have also tried
> >> > setting the default trust site manager to accept all certificates
> >> >
> >> > (
> http://www.coderanch.com/t/207318/sockets/java/do-hold-Java-default-SSL)
> >> > but AXIS seems to use its own flavor from the Protocol classes. I
> >> > then tried overriding the Protocol using the sample code provided at
> >> > http://hc.apache.org/httpclient-3.x/sslguide.html. None of this
> seems
> >> > to work and still gets me a
> >> > Exception in thread "main" org.apache.axis2.AxisFault:
> >> > sun.security.validator.ValidatorException: PKIX path building failed:
> >> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> >> > find valid certification path to requested target
> >> > at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
> >> > at
> >> >
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98)
> >> > at
> >> >
> org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
> >> > at
> >> >
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
> >> > at
> >> >
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> >> > at
> >> >
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> >> > at
> >> >
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> >> > at
> >> >
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> >> > at
> >> >
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
> >> > at
> >> >
> org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:550)
> >> > at
> >> >
> org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:189)
> >> > at
> >> > org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
> >> > at
> >> >
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:389)
> >> > at
> >> >
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:222)
> >> > at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:435)
> >> > at
> >> >
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
> >> > at
> >> >
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> >> > at
> >> >
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> >> > at
> >> >
> vmware.labmanager.soap.LabManager_x0020_SOAP_x0020_interfaceStub.getConfigurationByName(LabManager_x0020_SOAP_x0020_interfaceStub.java:724)
> >> > at ZachTest.main(ZachTest.java:188)
> >> > Caused by: javax.net.ssl.SSLHandshakeException:
> >> > sun.security.validator.ValidatorException: PKIX path building failed:
> >> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> >> > find valid certification path to requested target
> >> > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
> >> > Source)
> >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
> >> > Source)
> >> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> >> > Source)
> >> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> >> > Source)
> >> > at
> >> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> >> > Source)
> >> > at
> >> > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> Source)
> >> > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
> >> > Source)
> >> > at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> >> > Source)
> >> > at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> >> > Source)
> >> > at
> >> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> >> > Source)
> >> > at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
> >> > Source)
> >> > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown
> >> > Source)
> >> > at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
> >> > at java.io.BufferedOutputStream.flush(Unknown Source)
> >> > at
> >> >
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:94)
> >> > ... 18 more
> >> > Caused by: sun.security.validator.ValidatorException: PKIX path
> >> > building failed:
> >> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> >> > find valid certification path to requested target
> >> > at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> >> > at sun.security.validator.PKIXValidator.engineValidate(Unknown
> >> > Source)
> >> > at sun.security.validator.Validator.validate(Unknown Source)
> >> > at
> >> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> Source)
> >> > at
> >> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> >> > Source)
> >> > at
> >> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> >> > Source)
> >> > ... 29 more
> >> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> >> > unable to find valid certification path to requested target
> >> > at
> >> > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> >> > Source)
> >> > at java.security.cert.CertPathBuilder.build(Unknown Source)
> >> > ... 35 more
> >> >
> >> >
> >> > Is there ANY support to override SSL validation for Apache AXIS SOAP
> >> > calls using wsdl2java generated code?
> >> >
> >> >
> >> >
> >> > Thanks,
> >> > Zach
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [email protected]
> >> For additional commands, e-mail: [email protected]
> >>
> >
> >
> >
> > --
> > Afkham Azeez
> > Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
> >
> > Member; Apache Software Foundation; http://www.apache.org/
> > email: [email protected] cell: +94 77 3320919
> > blog: http://blog.afkham.org
> > twitter: http://twitter.com/afkham_azeez
> > linked-in: http://lk.linkedin.com/in/afkhamazeez
> >
> > Lean . Enterprise . Middleware
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
--
*Afkham Azeez*
Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
*
*
*Member; Apache Software Foundation;
**http://www.apache.org/*<http://www.apache.org/>
*
email: **[email protected]* <[email protected]>* cell: +94 77 3320919
blog: **http://blog.afkham.org* <http://blog.afkham.org>*
twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez>
*
linked-in: **http://lk.linkedin.com/in/afkhamazeez*
*
*
*Lean . Enterprise . Middleware*
*
*
