Forum Discussion
Jacob_Gilley_28
Nimbostratus
NimbostratusWS-SOAP java security policy override
Any revelations on how to override SSL certificate validation using Apache SOAP? I've tried numerous things including writing my own X509TrustManager and nothing seems to work. Just curious.
Jacob_Gilley_28Nimbostratus
NimbostratusI modified the code to make it little more "professionalized" and submitted the class to Code Share.
package support.net.ssl;
/*
* @version 1.0 04/06/2005
* @author Jacob Gilley
*/
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivilegedAction;
import java.security.Security;
import java.security.cert.X509Certificate;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509TrustManager;
public final class XTrustProvider extends java.security.Provider {
private final static String NAME = "XTrustJSSE";
private final static String INFO = "XTrust JSSE Provider (implements trust factory with truststore validation disabled)";
private final static double VERSION = 1.0D;
public XTrustProvider() {
super(NAME, VERSION, INFO);
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
put("TrustManagerFactory." + TrustManagerFactoryImpl.getAlgorithm(),
TrustManagerFactoryImpl.class.getName());
return null;
}
});
}
public static void install() {
if(Security.getProvider(NAME) == null) {
Security.insertProviderAt(new XTrustProvider(), 2);
Security.setProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactoryImpl.getAlgorithm());
}
}
public final static class TrustManagerFactoryImpl extends TrustManagerFactorySpi {
public TrustManagerFactoryImpl() { }
public static String getAlgorithm() { return "XTrust509"; }
protected void engineInit(KeyStore keystore) throws KeyStoreException { }
protected void engineInit(ManagerFactoryParameters mgrparams) throws InvalidAlgorithmParameterException {
throw new InvalidAlgorithmParameterException(XTrustProvider.NAME + " does not use ManagerFactoryParameters");
}
protected TrustManager[] engineGetTrustManagers() {
return new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() { return null; }
public void checkClientTrusted(X509Certificate[] certs, String authType) { }
public void checkServerTrusted(X509Certificate[] certs, String authType) { }
}};
}
}
}
