[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    Re: Secure Client actually work?
From:       "Scott Duclos" <sduclos () fulfill-net ! com>
Date:       2002-04-29 16:11:51
[Download RAW message or body]

This is how I got the ssl support to work, without using SecurityTool,
although it would work just the same if I did use it.

 public void test() throws Exception {
     String method = "test.example";
     String url = https://test.example.com;
     String response = null;

     Vector v = new Vector ();
     v.addElement( "hello" );

  //set up ssl environment
  setupSSL();

  //Once the SSL properties are set, URLConnection will
  //accept https as a valid protocol.
  XmlRpcClient client = new XmlRpcClient( url );
  XmlRpc.setDebug( false );
  response = (String)client.execute( method, v );
  if( response != null && !response.equals( "1" ) )
   throw new Exception( "Error code: " + response + " " +
    (String)errorCodes.get( response ) );
 }

 /*
  * Sets up system properties
  * for ssl support
  */
 private void setupSSL() throws Exception {
  //set our system properties
  System.setProperty("java.protocol.handler.pkgs",
         "com.sun.net.ssl.internal.www.protocol");
        System.setProperty("com.sun.net.ssl.dhKeyExchangeFix", "true");

  Security.addProvider(
            new com.sun.net.ssl.internal.ssl.Provider());

  //needed for untrusted sites
  X509TrustManager tm = new MyX509TrustManager();
  KeyManager[] km = null;
  TrustManager[] tma = { tm };
  SSLContext sc = SSLContext.getInstance("SSL");
  sc.init(km,tma,new java.security.SecureRandom());
  SSLSocketFactory sf1 = sc.getSocketFactory();
  HttpsURLConnection.setDefaultSSLSocketFactory(sf1);

  //Added to allow sites with different names then are on the certificate
  //completely optional
  HttpsURLConnection.setDefaultHostnameVerifier(
   new HostnameVerifier() {
    public boolean verify(String urlHostname, String certHostname) {
     return true;
    }
   }
  );
 }

class MyX509TrustManager implements X509TrustManager {
 public boolean isClientTrusted( java.security.cert.X509Certificate[]
chain ) {
  return true;
 }

 public boolean isServerTrusted( java.security.cert.X509Certificate[]
chain ) {
  return true;
 }

 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
  return null;
 }
}

This assumes that you are running jdk >= 1.2 and you have the ssl packages
from sun.  Sun doesn't have an ssl
implementation for 1.1 that I know of.

Hope this helps
Scott Duclos

----- Original Message -----
From: "William Lee" <wlee@sendmail.com>
To: <rpc-user@xml.apache.org>
Sent: Monday, April 29, 2002 11:50 AM
Subject: Re: Secure Client actually work?


> Jason van Zyl wrote:
> > On Fri, 2002-04-26 at 12:15, William Lee wrote:
> >
> >>Jason van Zyl wrote:
> >>
> >>>On Thu, 2002-04-25 at 16:29, William Lee wrote:
> >>>
> >>>
> >>>>Does the SecureXmlRpcClient code actually work in 1.1?  From the
service
> >>>>it doesn't look like it would.  It's essentially using the underlying
> >>>>XmlRpcClient code and eventually involke the a URLConnection.  In
fact,
> >>>>I got the error when it tries to construct the URL object with the
> >>>>string "https://blahblah:8888/RPC2" and complain about https is not a
> >>>>valid protocol (???).  Does anyone know what's going on there?
> >>>
> >>>
> >>>What context are you using the security in. It works fine, been using
it
> >>>for about a year with no problems.
> >>>
> >>>
> >>
> >>First of all, do you need to setup the SecurityTool before you do it?
> >>I'm essentially doing:
> >
> >
> > Yes, I have only tested this thoroughly under tomcat3 and I initially
> > made the SSL additions for server -> server communication. The
> > SecurityTool was used on both sides. I admit to not testing the client
> > code that thoroughly.
> >
> >
> >>SecureXmlRpcClient c = new
SecureXmlRpcClient("https://blahblah:8888/RPC2");
> >>
> >>c.execute(...)
> >
> >
> > Did you try using the SecurityTool?
> >
>
> I don't quite know how the SecureXmlRpcClient is using the properties in
> SecurityTool.  In particular, I don't see the reference to SecurityTool
> in both SecureXmlRpcClient and the plain XmlRpcClient class.  When
> invoking the execute, both classes go through the same worker execute
> code (which involks the URLConnection constructor and the construction
> of the URL complains that https is not a valid protocol).  I do not
> think I see the switch from non-secure to secure code there....:(
>
> There's this nice mechanism in the webserver side though. I can just
> overwrite the function to create the socket so I can do whatever I want.
>   I don't see this in the client code.  Maybe it's time to do some
> hacking myself...;)
>
> --
> William Lee (Will)        | Sendmail Inc.
> Email:  wlee@sendmail.com | http://www.sendmail.com
> Tel:    (510) 594-5505    |
>
>
>

[prev in list] [next in list] [prev in thread] [next in thread]