HTTPS WebService Client (Skip Certificate Validation)

Using Axis2

Refer to Eclipse + Apache AXIS2 Tips

Code Snippet

SSLContext sslCtx = SSLContext.getInstance("TLSv1");
sslCtx.init(null, new TrustManager[] { new TrustAllTrustManager() }, null);

XXXStub stub = new XXXStub("https://IP:Port/...");

stub._getServiceClient()
 .getOptions()
 .setProperty(
 HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
 new Protocol("https",
 (ProtocolSocketFactory) new SSLProtocolSocketFactory(sslCtx), 8443));


[response] result = stub.operator([request]);
......

Reference

http://axis.apache.org/axis2/java/core/apidocs/org/apache/axis2/java/security/TrustAllTrustManager.html

Using CXF

Refer to ECLIPSE JUNO + MAVEN + CXF GENERATE WEBSERVICE CLIENT

Method 1. Using JaxWsProxyFactoryBean

 String URL = "https://IP:Port/...";
 
 JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
 factory.setServiceClass(XXXService.class);
 factory.setAddress(URL);
 XXXService client = (XXXService) factory.create();

 Client proxy = ClientProxy.getClient(client);
 HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
 TLSClientParameters tcp = new TLSClientParameters();

 tcp.setTrustManagers(new TrustManager[] { new X509TrustManager() {
 @Override
 public void checkClientTrusted(X509Certificate[] certs, String authType)
 throws CertificateException {
 }
 @Override
 public void checkServerTrusted(X509Certificate[] certs, String authType)
 throws CertificateException {
 }
 @Override
 public X509Certificate[] getAcceptedIssuers() {
 return null;
 }
 } });

 tcp.setDisableCNCheck(true);
 conduit.setTlsClientParameters(tcp);

 [response] response = client.operator([request]);
......

Method 2. Using CXF generated stub

 XXXService_Service service = new XXXService_Service();
 XXXService client = service.getXXXPort();

 BindingProvider binding = (BindingProvider) client;
 binding.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, URL);

 Client proxy = ClientProxy.getClient(client);
 HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
 TLSClientParameters tcp = new TLSClientParameters();
 tcp.setTrustManagers(new TrustManager[] { new X509TrustManager() {
 @Override
 public void checkClientTrusted(X509Certificate[] certs, String authType)
 throws CertificateException {
 }
 @Override
 public void checkServerTrusted(X509Certificate[] certs, String authType)
 throws CertificateException {
 }
 @Override
 public X509Certificate[] getAcceptedIssuers() {
 return null;
 }
 } });

 tcp.setDisableCNCheck(true);
 conduit.setTlsClientParameters(tcp);

 [response] response = client.operator([request]);
......

Note:
When using XXXService_Service service = new XXXService_Service(), be sure the wsdlLocation is available. Otherwise, a FileNotFoundException may occur.

handshake_failure

  1. Refer to SOAPUI HTTPS HANDSHAKE_FAILURE
  2. Check the JDK version of WebService and AppServer (ex. Tomcat). If the versions are different, this error may occur. Use the same version.

Configure Certificated Key

Add JVM Options for SSL (Execute normal WebService Client)

-Djavax.net.debug=ssl
-Djavax.net.ssl.keyStore=[Full path of certificate file]
-Djavax.net.ssl.keyStorePassword=[Password]

Reference

http://www.programcreek.com/java-api-examples/index.php?api=org.apache.cxf.transport.http.HTTPConduit

https://docs.oracle.com/cd/E19830-01/819-4712/ablqw/index.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s