ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolas Hoibian <nicolas.hoib...@gmail.com>
Subject Re: Newbie question - HTTPS and testkeys
Date Wed, 22 Jun 2005 08:31:04 GMT
> 
> May be I didn't produced my testkeys correctly ? :
> keytool -genkey -keystore testkeys
> 
> Thanks again for your help !
> 
> Eric
> 

you probably did, but i think you must add your client certificate the 
server truststore, but i might have misunderstood this page : 
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security6.html (the part 
about "Creating a Client Certificate for Mutual Authentication" might be of 
interest to you.
I have build a client that connect "securely" to a secure server using 
inspiration from code from this url : 
http://pascal.mvc.mcc.ac.uk:9080/convert/documentation/tutorial 
(in the Code appendix)

here is the code, modified somehow to get it to connect in a way that the 
client or the server would not throw an exception

public static void main(String args[]) {
//String login = "pascal"; //from the original code
//String password = "mimas";
//String handle = "
http://pascal.mvc.mcc.ac.uk:8080/ogsa/services/ogsadai/GridDataServiceFactoryNationalStatsLA
";
SecureXmlRpcClient xmlrpc ;
try {
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
System.out.println(TrustManagerFactory.getDefaultAlgorithm());
TrustManagerFactory t = TrustManagerFactory.getInstance("SunX509");
char[]password ="trustword".toCharArray();
KeyStore k=KeyStore.getInstance("JKS");
k.load(new FileInputStream("truststore"),password);
t.init(k);

sc.init(null, t.getTrustManagers(), new java.security.SecureRandom());

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
javax.net.ssl.HostnameVerifier hv=new javax.net.ssl.HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
System.out.println("hostname: "+hostname +" vs "+session.getPeerHost());
/* this part is commented out because it doesn't do anything [useful / that 
would work] anyway
try{Certificate[] c1 = session.getPeerCertificates();
for (int i = 0; i<c1.length;i++ ){System.out.println("public key : 
"+c1[i].getPublicKey());}}
catch(Exception e){e.printStackTrace();}*/
System.out.println("WARNING: Hostname is accepted by default(and not even 
matched for.)");
return true;}
};
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(hv);
System.out.println("creating URL");
URL url = new URL("https://127.0.0.1:5555");
System.out.println("trying to connect to the server securely");
xmlrpc = new SecureXmlRpcClient(url);
System.out.println("connected");
} catch (Exception e) {
System.out.println(e);
e.printStackTrace();
xmlrpc=null;
}
try{
//do something to fill the v2 vector
//....
//
Integer result = (Integer) xmlrpc.execute("addition",v2);
System.out.println("Java client : " + result);
}
catch (Exception e)
e.printStackTrace();}
}

////////////////////////////////////
If there is some error in the code, all comments are welcome.
The part about the hostname verifier is highly dubious anyway, so if you 
have a better idea, I'm open minded.

On a similar topic, I think writing a tutorial on how to get the f@!:/| 
Secure xml rpc client and server to work would be a very good idea.

Nicolas.

Mime
View raw message