ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Starsscream Desepticon <kastanienr...@yahoo.co.uk>
Subject RE: I need to encrypt xmlrpc calls
Date Fri, 23 Sep 2005 15:00:15 GMT
Hello

I've tried your suggestions, but without success. I
changed deprecated stuff such as
com.sun.net.ssl.TrustManager,
com.sun.net.ssl.X509TrustManager with 
javax.net.ssl.TrustManager,
javax.net.ssl.X509TrustManager. It's not possible
(necessary) to set basic authentication. Somehow I'm
completely lost, do you know of any tutorials on this?
Thanks for the code, but I can't make it work.

Regards, Rudi


--- Donald Albertson <DGA12@nw.opp.psu.edu> wrote:

> The test server I connect to has a self-signed
> certificate.  
> I get around the problem with less trouble this way:
> 
> First a class to fake verification
>     class LoginNullHostnameVerifier implements
> javax.net.ssl.HostnameVerifier {
>         public boolean verify(String urlHostname,
> SSLSession session){
>             return true;
>         }
> 
> Next a boolean flag somewhere appropriate to decide
> if it's needed
>     if ( useNullVerifier){
>                
> HttpsURLConnection.setDefaultHostnameVerifier(new
> LoginNullHostnameVerifier());
>     }
> 
> dga
> 
> 
> 
> >>> john@southerland-consulting.com 09/21/2005
> 11:51:28 AM >>>
> The client code needed to automagically connect to a
> self signed cert
> is not
> as straight forward as one may hope.
> 
> I feel compelled to share this code, it was the vain
> of my existence
> for
> several days:
> 
> (One or more of these may be needed for the code
> snapshot to compile; I
> have
> more code supporting an older version buried within
> my app, so pick
> and
> choose)
> 
> import java.security.*;
> 
> import java.security.spec.*;
> 
> import java.security.cert.*;
> 
> import javax.crypto.*;
> 
> import org.apache.xmlrpc.*;
> 
> import org.apache.xmlrpc.secure.*;
> 
> import javax.net.ssl.SSLSocketFactory;
> 
> import com.sun.net.ssl.*;
> 
>  
> 
>         private class WorkAroundX509TrustManager
> implements
> X509TrustManager
> {
> 
>             public boolean
> isClientTrusted(X509Certificate[] chain){
> return
> true; }
> 
>                 public boolean
> isServerTrusted(X509Certificate[]
> chain){
> return true; }
> 
>                 public X509Certificate[]
> getAcceptedIssuers(){ return
> null;
> }
> 
>         }
> 
>  
> 
>         private class WorkAroundHostnameVerifier
> implements
> HostnameVerifier
> {
> 
>                 public boolean verify(String
> hostname, String session)
> {
> return true; }
> 
>         }
> 
> if (host.url.startsWith("https:")) {
> 
>                                
> Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
> 
>  
>
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.ww
> w.protocol");
> 
>                                 X509TrustManager tm
> = new
> WorkAroundX509TrustManager();
> 
>                                 KeyManager []km =
> null;
> 
>                                 TrustManager []tma =
> {tm};
> 
>                                 HostnameVerifier hmv
> = new
> WorkAroundHostnameVerifier();
> 
>                                 SSLContext sc =
> SSLContext.getInstance("ssl");
> 
>                                 sc.init(km,tma,new
> java.security.SecureRandom());
> 
>                                 SSLSocketFactory sf1
> =
> sc.getSocketFactory();
> 
>  
> HttpsURLConnection.setDefaultSSLSocketFactory(sf1);
> 
>  
> HttpsURLConnection.setDefaultHostnameVerifier(hmv);
> 
>                                 NetPermission np =
> new
> NetPermission("setDefaultAuthenticator");
> 
>                                 this.secureClient =
> new
> SecureXmlRpcClient(host.url);
> 
>  
> this.secureClient.setBasicAuthentication(host.user,
> host.getPass());
> 
>                                 this.secure=true;
> 
>                         }else{
> 
>                                 this.client = new
> XmlRpcClient(host.url);
> 
>  
> this.client.setBasicAuthentication(host.user,
> host.getPass());
> 
>                                 this.secure=false;
> 
>                         }
> 
>  
> 
> The server is too easy of course:
> 
>                                
> logger.info("Starting HTTPS Server
> with
> keystore: " + config.keyfile);
> 
>                                
> SecurityTool.setKeyStore(config.keyfile);
> 
>  
>
SecurityTool.setKeyStorePassword("YourKeyStorePasswordHere");
> 
>                                 SecureWebServer
> server = new
> SecureWebServer(config.port);
> 
>  
> 
> Please forgive my usurping of the secure routines, I
> am not so worried
> about
> the encryption layer, I have control of the server
> and the clients for
> this
> app.
> 
> I know the errors generated from hitting a self
> signed cert are more
> than a
> little annoying though for some system programmers. 
> Bits and pieces of
> this
> are documented somewhere, but who has the time.  
> 
=== message truncated ===



	
	
		
___________________________________________________________ 
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com

Mime
View raw message