Sorry made a mistake...
Thanks for the help!!
I tried something else:
// Servlet doPost() method:
public void doPost (HttpServletRequest req,
HttpServletResponse res)
throws ServletException, IOException {
XmlRpcServer xmlrpcServer = new XmlRpcServer();
SecurityTool.setKeyStore(ks);
SecurityTool.setKeyStorePassword(pwd);
SecureWebServer server = new SecureWebServer(8080,
adr, xmlrpcServer);
xmlrpcServer.addHandler("test", new handler());
byte[] result = xmlrpcServer.execute
(req.getInputStream());
res.setContentType("text/xml");
res.setContentLength (result.length);
OutputStream out = res.getOutputStream();
out.write (result);
out.flush ();
out.close();
}
// client:
SecurityTool.setKeyStore(KEYSTORE);
SecurityTool.setKeyStorePassword(PWD);
SecureXmlRpcClient secureClient = new
SecureXmlRpcClient(host, 8080);
secureClient.execute("test", new Vector()));
At the moment I'm just getting
javax.net.ssl.SSLHandshakeException. I've got key
entries and trusted certificates in my keystore
(client and server) - is it enough to set KeyStore
file (KEYSTORE) and password (PWD)? Is it possible to
do it this way?
Kind Regards, Rudi
--- Donald Albertson <[EMAIL PROTECTED]> wrote:
> The test server I connect to has a self-signed
> certificate.
> I get around the problem with less trouble this way:
>
> First a class to fake verification
> class LoginNullHostnameVerifier implements
> javax.net.ssl.HostnameVerifier {
> public boolean verify(String urlHostname,
> SSLSession session){
> return true;
> }
>
> Next a boolean flag somewhere appropriate to decide
> if it's needed
> if ( useNullVerifier){
>
> HttpsURLConnection.setDefaultHostnameVerifier(new
> LoginNullHostnameVerifier());
> }
>
> dga
>
>
>
> >>> [EMAIL PROTECTED] 09/21/2005
> 11:51:28 AM >>>
> The client code needed to automagically connect to a
> self signed cert
> is not
> as straight forward as one may hope.
>
> I feel compelled to share this code, it was the vain
> of my existence
> for
> several days:
>
> (One or more of these may be needed for the code
> snapshot to compile; I
> have
> more code supporting an older version buried within
> my app, so pick
> and
> choose)
>
> import java.security.*;
>
> import java.security.spec.*;
>
> import java.security.cert.*;
>
> import javax.crypto.*;
>
> import org.apache.xmlrpc.*;
>
> import org.apache.xmlrpc.secure.*;
>
> import javax.net.ssl.SSLSocketFactory;
>
> import com.sun.net.ssl.*;
>
>
>
> private class WorkAroundX509TrustManager
> implements
> X509TrustManager
> {
>
> public boolean
> isClientTrusted(X509Certificate[] chain){
> return
> true; }
>
> public boolean
> isServerTrusted(X509Certificate[]
> chain){
> return true; }
>
> public X509Certificate[]
> getAcceptedIssuers(){ return
> null;
> }
>
> }
>
>
>
> private class WorkAroundHostnameVerifier
> implements
> HostnameVerifier
> {
>
> public boolean verify(String
> hostname, String session)
> {
> return true; }
>
> }
>
> if (host.url.startsWith("https:")) {
>
>
> Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
>
>
>
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.ww
> w.protocol");
>
> X509TrustManager tm
> = new
> WorkAroundX509TrustManager();
>
> KeyManager []km =
> null;
>
> TrustManager []tma =
> {tm};
>
> HostnameVerifier hmv
> = new
> WorkAroundHostnameVerifier();
>
> SSLContext sc =
> SSLContext.getInstance("ssl");
>
> sc.init(km,tma,new
> java.security.SecureRandom());
>
> SSLSocketFactory sf1
> =
> sc.getSocketFactory();
>
>
> HttpsURLConnection.setDefaultSSLSocketFactory(sf1);
>
>
> HttpsURLConnection.setDefaultHostnameVerifier(hmv);
>
> NetPermission np =
> new
> NetPermission("setDefaultAuthenticator");
>
> this.secureClient =
> new
> SecureXmlRpcClient(host.url);
>
>
> this.secureClient.setBasicAuthentication(host.user,
> host.getPass());
>
> this.secure=true;
>
> }else{
>
> this.client = new
> XmlRpcClient(host.url);
>
>
> this.client.setBasicAuthentication(host.user,
> host.getPass());
>
> this.secure=false;
>
> }
>
>
>
> The server is too easy of course:
>
>
> logger.info("Starting HTTPS Server
> with
> keystore: " + config.keyfile);
>
>
> SecurityTool.setKeyStore(config.keyfile);
>
>
>
SecurityTool.setKeyStorePassword("YourKeyStorePasswordHere");
>
> SecureWebServer
> server = new
> SecureWebServer(config.port);
>
>
>
> Please forgive my usurping of the secure routines, I
> am not so worried
> about
> the encryption layer, I have control of the server
> and the clients for
> this
> app.
>
> I know the errors generated from hitting a self
> signed cert are more
> than a
> little annoying though for some system programmers.
> Bits and pieces of
> this
> are documented somewhere, but who has the time.
>
=== message truncated ===
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo!
Security Centre. http://uk.security.yahoo.com
