Re: SSL testing

Thu, 06 Mar 2014 06:35:42 -0800

Thank you Freeman! Note that i couldn't find the classes SOAPService and Greeter, but was able to use ClientProxyFactoryBean for the same purpose. The key was this:
HTTPConduit httpConduit = (HTTPConduit) ((org.apache.cxf.endpoint.Client) client).getConduit(); 


I didn't know where the conduit came from. The rest of your code matched 
that from the previous CXF version. Below is the code that i got working.


Again, many thanks,
Matthew

        ClientProxyFactoryBean factory = new ClientProxyFactoryBean();

        // factory.setAddress("http://localhost:9000/ota";);
        factory.setAddress("https://localhost:9001/ota";);

        OTAEndpoint client = factory.create(OTAEndpoint.class);

        HTTPConduit httpConduit = (HTTPConduit) 
((org.apache.cxf.endpoint.Client) client).getConduit();


        TLSClientParameters params = httpConduit.getTlsClientParameters();
        if (params == null) {
            params = new TLSClientParameters();
            httpConduit.setTlsClientParameters(params);
        }


        params.setTrustManagers(new TrustManager[] { new 
X509TrustManager() {

            @Override

            public java.security.cert.X509Certificate[] 
getAcceptedIssuers() {

                return null;
            }

            @Override

            public void 
checkServerTrusted(java.security.cert.X509Certificate[] chain, String 
authType)

                    throws CertificateException {
                // no op
            }

            @Override

            public void 
checkClientTrusted(java.security.cert.X509Certificate[] chain, String 
authType)

                    throws CertificateException {
                // no op
            }
        } });

        params.setDisableCNCheck(true);





On 3/6/2014 3:20 AM, Freeman Fang wrote:

Hi,

You need a dummy TrustManager which can bypass the Certificate check
Some code like
         SOAPService service = new SOAPService(url, SOAPService.SERVICE);

         assertNotNull("Service is null", service);

         final Greeter port = service.getHttpsPort();

         assertNotNull("Port is null", port);


         
         BindingProvider provider = (BindingProvider)port;


         provider.getRequestContext().put(

               BindingProvider.ENDPOINT_ADDRESS_PROPERTY,

               address);

         Client client = ClientProxy.getClient(port);

         HTTPConduit httpConduit = (HTTPConduit) client.getConduit();

         TrustManager[] trustAllCerts = new TrustManager[] {

             new X509TrustManager() {


  
                 public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {


                 }


  
                 public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {


                 }


  
                 public java.security.cert.X509Certificate[] getAcceptedIssuers() {


                     return null;

                 }


  
             }


         };


  
         TLSClientParameters tlsParams = new TLSClientParameters();



  
         tlsParams.setTrustManagers(trustAllCerts);



  
        
         tlsParams.setDisableCNCheck(true);


         httpConduit.setTlsClientParameters(tlsParams);

         assertEquals(port.greetMe("Kitty"), "Hello Kitty");

-------------
Freeman(Yue) Fang

Red Hat, Inc.
FuseSource is now part of Red Hat



On 2014-3-6, at 上午8:34, Matthew Lohbihler wrote:


How can i configure a client to trust all certificates for testing WS under 
SSL? I'm using CXF 3.0.0m2, and the examples i've found appear obsolete. Are 
there updated examples somewhere?

Many thanks,
Matthew



























					Reply via email to