[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-user
Subject: Re: Secure Client actually work?
From: "Scott Duclos" <sduclos () fulfill-net ! com>
Date: 2002-04-29 16:11:51
[Download RAW message or body]
This is how I got the ssl support to work, without using SecurityTool,
although it would work just the same if I did use it.
public void test() throws Exception {
String method = "test.example";
String url = https://test.example.com;
String response = null;
Vector v = new Vector ();
v.addElement( "hello" );
//set up ssl environment
setupSSL();
//Once the SSL properties are set, URLConnection will
//accept https as a valid protocol.
XmlRpcClient client = new XmlRpcClient( url );
XmlRpc.setDebug( false );
response = (String)client.execute( method, v );
if( response != null && !response.equals( "1" ) )
throw new Exception( "Error code: " + response + " " +
(String)errorCodes.get( response ) );
}
/*
* Sets up system properties
* for ssl support
*/
private void setupSSL() throws Exception {
//set our system properties
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
System.setProperty("com.sun.net.ssl.dhKeyExchangeFix", "true");
Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider());
//needed for untrusted sites
X509TrustManager tm = new MyX509TrustManager();
KeyManager[] km = null;
TrustManager[] tma = { tm };
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(km,tma,new java.security.SecureRandom());
SSLSocketFactory sf1 = sc.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sf1);
//Added to allow sites with different names then are on the certificate
//completely optional
HttpsURLConnection.setDefaultHostnameVerifier(
new HostnameVerifier() {
public boolean verify(String urlHostname, String certHostname) {
return true;
}
}
);
}
class MyX509TrustManager implements X509TrustManager {
public boolean isClientTrusted( java.security.cert.X509Certificate[]
chain ) {
return true;
}
public boolean isServerTrusted( java.security.cert.X509Certificate[]
chain ) {
return true;
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
This assumes that you are running jdk >= 1.2 and you have the ssl packages
from sun. Sun doesn't have an ssl
implementation for 1.1 that I know of.
Hope this helps
Scott Duclos
----- Original Message -----
From: "William Lee" <wlee@sendmail.com>
To: <rpc-user@xml.apache.org>
Sent: Monday, April 29, 2002 11:50 AM
Subject: Re: Secure Client actually work?
> Jason van Zyl wrote:
> > On Fri, 2002-04-26 at 12:15, William Lee wrote:
> >
> >>Jason van Zyl wrote:
> >>
> >>>On Thu, 2002-04-25 at 16:29, William Lee wrote:
> >>>
> >>>
> >>>>Does the SecureXmlRpcClient code actually work in 1.1? From the
service
> >>>>it doesn't look like it would. It's essentially using the underlying
> >>>>XmlRpcClient code and eventually involke the a URLConnection. In
fact,
> >>>>I got the error when it tries to construct the URL object with the
> >>>>string "https://blahblah:8888/RPC2" and complain about https is not a
> >>>>valid protocol (???). Does anyone know what's going on there?
> >>>
> >>>
> >>>What context are you using the security in. It works fine, been using
it
> >>>for about a year with no problems.
> >>>
> >>>
> >>
> >>First of all, do you need to setup the SecurityTool before you do it?
> >>I'm essentially doing:
> >
> >
> > Yes, I have only tested this thoroughly under tomcat3 and I initially
> > made the SSL additions for server -> server communication. The
> > SecurityTool was used on both sides. I admit to not testing the client
> > code that thoroughly.
> >
> >
> >>SecureXmlRpcClient c = new
SecureXmlRpcClient("https://blahblah:8888/RPC2");
> >>
> >>c.execute(...)
> >
> >
> > Did you try using the SecurityTool?
> >
>
> I don't quite know how the SecureXmlRpcClient is using the properties in
> SecurityTool. In particular, I don't see the reference to SecurityTool
> in both SecureXmlRpcClient and the plain XmlRpcClient class. When
> invoking the execute, both classes go through the same worker execute
> code (which involks the URLConnection constructor and the construction
> of the URL complains that https is not a valid protocol). I do not
> think I see the switch from non-secure to secure code there....:(
>
> There's this nice mechanism in the webserver side though. I can just
> overwrite the function to create the socket so I can do whatever I want.
> I don't see this in the client code. Maybe it's time to do some
> hacking myself...;)
>
> --
> William Lee (Will) | Sendmail Inc.
> Email: wlee@sendmail.com | http://www.sendmail.com
> Tel: (510) 594-5505 |
>
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic