Hi, [EMAIL PROTECTED], I've opened a ticket for this, and attached a patch.
https://issues.apache.org/jira/browse/CXF-1549 The patch is meant to show the approach. If you like it, I'll add unit tests and maybe see if I can even run some code in an environment to try it out. yours, Julius On Thu, Apr 24, 2008 at 2:09 PM, Daniel Kulp <[EMAIL PROTECTED]> wrote: > > Flipping to [EMAIL PROTECTED] > > > I'm definitely open to this idea. Feel free to log a jira and attach a > patch. I may have Fred look at it a bit before applying it, but I > think the idea has some merits. Certainly may be easier to configure > some security stuff if they user is very familliar with JSSE and the > SSLSocketFactory stuff instead of the CXF apis. > > Dan > > > > > On Thursday 24 April 2008, Julius Davies wrote: > > > > If I succeed at subscribing, I'd like to mention two things: > > > > #1. Just some minor editing to Sudip's great instructions. > > > > #2. Things would be easier if TLSClientParameters could include > > setSSLSocketFactory/getSSLSocketFactory. That way people could do > > this: > > > > // Just a sub-class of javax.net.ssl.SSLSocketFactory > > SSLClient client = new SSLClient(); > > client.addTrustMaterial( TrustMaterial.DEFAULT ); > > client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" > > ) ); // To be different, let's allow for expired certificates (not > > recommended). client.setCheckHostname( true ); // default setting is > > "true" for SSLClient client.setCheckExpiry( false ); // default > > setting is "true" for SSLClient client.setCheckCRL( true ); // > > default setting is "true" for SSLClient > > > > // This method doesn't exist yet, but if people are interested, I'll > > send a patch. > > tlsClientParameters.setSSLSocketFactory(client); > > > > > > CXF wouldn't need to know anything about not-yet-commons-ssl, because > > org.apache.commons.ssl.SSLClient is a subclass of > > javax.net.ssl.SSLSocketFactory! > > > > > > Would CXF be interested in a patch like that? Other fancy libraries > > that offer handy sub-classes of javax.net.ssl.SSLSocketFactory would > > also benefit. > > > > (This should probably be sent to dev, not users - now people searching > > through google are going to start complaining that the > > tlsClientParameters.setSSLSocketFactory() method is missing!) > > > > yours, > > > > Julius > > > > On Thu, Apr 24, 2008 at 9:16 AM, sudip shrestha <[EMAIL PROTECTED]> > wrote: > > > I have worked with the developer, Julius Davies > > > (http://juliusdavies.ca/commons-ssl/), of the commons-ssl solution > > > which he currently refers to "not-yet-commons-ssl" to work out a > > > very simple and resuable solution to develop a java client for ssl > > > based connetions. This library encapsulates all the internal ssl > > > connections details. I am posting this for the benefit of those who > > > are trying to develop a client without spring. > > > > > > 1. First download the commons-ssl library from > > > http://juliusdavies.ca/commons-ssl/download.html and extract the > > > .jar file, then run the following command: > > > java -jar not-yet-commons-ssl-0.3.10.jar -t localhost:443 -tm > > > /yourPathTo/host.crt > > > > > > 2. Then copy the section between -----BEGIN CERTIFICATE----- and > > > -----END CERTIFICATE----- and put it in a Certificate.java file or > > > whichever way you prefer. > > > > > > Then I have provided the code below: > > > 3. Client Code: > > > JaxWsProxyFactoryBean factory = new > > > JaxWsProxyFactoryBean(); factory.setServiceClass( HelloWorld.class > > > ); factory.setAddress( "https://localhost/services/HelloWorld"; ); > > > HelloWorld port = (HelloWorld) factory.create(); > > > > > > Client client = ClientProxy.getClient( port ); > > > HTTPConduit httpConduit = (HTTPConduit) > > > client.getConduit(); TLSClientParameters tlsParams = new > > > TLSClientParameters(); tlsParams.setSecureSocketProtocol("SSL"); > > > FiltersType filters = new FiltersType(); > > > > > > filters.getInclude().add("SSL_RSA_WITH_RC4_128_MD5"); > > > filters.getInclude().add("SSL_RSA_WITH_RC4_128_SHA"); > > > tlsParams.setCipherSuitesFilter(filters); > > > > > > > > > tlsParams.setTrustManagers( getTrustManagers() ); > > > //<<=====================from step 4. > > > httpConduit.setTlsClientParameters(tlsParams); > > > > > > > > > 4. getTrustManagers function: > > > > > > private TrustManager[] getTrustManagers() > > > throws java.security.NoSuchAlgorithmException, > > > java.security.KeyStoreException, java.io.IOException, > > > java.security.GeneralSecurityException > > > { > > > byte[] pemCert = Certificates.pemCert_localhost; > > > //<<===========comes from your Certificate.java file where you would > > > store the cert content from step 2. > > > > > > TrustChain tc = new TrustChain(); > > > tc.addTrustMaterial( new TrustMaterial( pemCert ) ); > > > tc.addTrustMaterial( TrustMaterial.CACERTS ); > > > return ( TrustManager[] )tc.getTrustManagers(); > > > } > > > > -- > > > J. Daniel Kulp > Principal Engineer, IONA > [EMAIL PROTECTED] > http://www.dankulp.com/blog > -- yours, Julius Davies 250-592-2284 (Home) 250-893-4579 (Mobile) http://juliusdavies.ca/
