Hi,

Thanks for the reply. I also got another suggestion on this list to remove
the addProvider()-call, but that did not work, either. I am now not able to
try out your suggestion since I had to rewrite the code to omit the whole
problem (the service I access also supports XML-RPC, so I use that now).

I will, however, try it out later. Thanks for both suggestions!


Regards,
Lars Ove Claesson
Systems Developer
Datek Wireless AS


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 11. juni 2003 18:03
To: [EMAIL PROTECTED]
Subject: RE: Trusted certificates with Java 1.4.1

I apologize if this has already been answered.  I lost a bunch of email
today.  If you are sure your app is finding the keystore and certificate,
your problem might be with the incompatibility between JDK/JRE 1.3 and
JDK/JRE 1.4.  If you are trying to talk between the two, you might need to
set a the following startup flag.  If I remember correctly, a 1.3 client
needs the 1.4 server to have this set to true.

-Dcom.sun.net.ssl.dhKeyExchangeFix=true;

-----Original Message-----
From: Lars Ove Claesson [mailto:[EMAIL PROTECTED]
Sent: Friday, June 06, 2003 12:59 AM
To: '[EMAIL PROTECTED]'
Subject: Trusted certificates with Java 1.4.1


Hi.

I'm trying to use the SOAP API over HTTPS connections with Java 1.4.1. I
must
implement a custom trust manager that trusts all certificates. I think this
is
where things go wrong.

I suspect that the SOAP API is maybe using some handling from version Java
1.3,
but cannot pinpoint any of that in the api's source code.

I start off by initializing the SSL/SSLContext with:


    java.security.Security.addProvider( new
com.sun.net.ssl.internal.ssl.Provider() );

    System.setProperty( "java.protocol.handler.pkgs",
                        "javax.net.ssl" );

    TrustManager[] trustAllCerts = new TrustManager[] {
      new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return ( null ) }
        public void checkClientTrusted(java.security.cert.X509Certificate[]
certs, String authType) {}
        public void checkServerTrusted( java.security.cert.X509Certificate[]
certs, String authType) {)
      }
    };

    // The openHostnameVerifier trusts all hostnames
    HostnameVerifier openHostnameVerifier = new HostnameVerifier() {
      public boolean verify( String hostname,
                             String session ) { return ( true ); }
      public boolean verify( String hostname,
                             SSLSession session) { return ( true ); }
    };

    SSLContext sslContext = SSLContext.getInstance("SSL");
    sslContext.init( null,
                     trustAllCerts,
                     new java.security.SecureRandom());

    javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
sslContext.getSocketFactory() );
    javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
openHostnameVerifier );

I do not know if the last two lines have any meaning to the SOAP API. As far
as I can see,
it creates its own SSL Socket and does not use the HttpsURLConnection...?

Then I simply make a SOAP call:


    soapCall.setTargetObjectURI( address.getContent() );
    soapCall.setMethodName( METHOD_NAME );
    soapCall.setEncodingStyleURI( Constants.NS_URI_SOAP_ENC) ;

    Parameter pUsername = new Parameter( PARAMETER_USERNAME,
                                                     String.class,
                                                     username.getContent(),
                                                     null );

        .
        .       
        .

    Vector parameters = new Vector();

    parameters.add( pUsername );

        .
        .
        .

    soapCall.setParams( parameters );

    try
    {

      Response response = soapCall.invoke( new java.net.URL(
address.getContent() ),
          "" );
    }
    catch ( MalformedURLException exp )
    {
        // Handle
    }
    catch ( SOAPException exp )
    {
        // Handle
    }


This causes the followin SOAPException:

Error opening socket: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Couldn't find trusted certificate



Any help with my problem is greatly appreciated!



Regards,
Lars Ove Claesson

Reply via email to