cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: CXF SSL and Configuration
Date Mon, 21 Dec 2009 17:19:47 GMT

Curiosity question:  what version of CXF?    With the very recent versions, I 
THOUGHT the javax.net.ssl.truststore stuff should work.   

Dan


On Fri December 18 2009 1:23:10 pm blitzer wrote:
> So, in short I have a small configuration issue. With one line of code in
>  an axis client I can use a url against a web service that is https.  All i
>  have to do is set
>  System.setProperty("javax.net.ssl.truststore",storeLocation) and my client
>  works.
> 
> With CXF it seems there is much more to it. I have tried many many things
> from lots of searches.
> 
> I have tried a conduit that looks like this
> Configuration A:
> <http-conf:conduit name="*.http-conduit">
> 
>                 <http-conf:client ProxyServer="aProxy" ProxyServerPort="80"
> AllowChunking="false" />
> 
>                 <http-conf:tlsClientParameters disableCNCheck="true"
> secureSocketProtocol="SSL">
>                 <conf-sec:trustManagers>
>                         <conf-sec:certStore
> file="E://PLAYGROUND//blitz//cert//store"/>
>                 </conf-sec:trustManagers>
>         </http-conf:tlsClientParameters>
> 
>         <http-conf:authorization>
>             <conf-sec:UserName>User</conf-sec:UserName>
>             <conf-sec:Password>pass</conf-sec:Password>
>         </http-conf:authorization>
> 
>     </http-conf:conduit>
> 
> And one that looks like this:
> Configuration B:
> <http-conf:conduit name="*.http-conduit">
> 
>                 <http-conf:client ProxyServer="aProxy" ProxyServerPort="80"
> AllowChunking="false" />
> 
>                 <http-conf:tlsClientParameters disableCNCheck="true"
> secureSocketProtocol="SSL">
>                 <conf-sec:trustManagers>
>                         <conf-sec:keyStore type="JKS" password="password"
> file="E:/PLAYGROUND/blitz/cert/store"/>
>                 </conf-sec:trustManagers>
>         </http-conf:tlsClientParameters>
> 
>         <http-conf:authorization>
>             <conf-sec:UserName>User</conf-sec:UserName>
>             <conf-sec:Password>pass</conf-sec:Password>
>         </http-conf:authorization>
> 
>     </http-conf:conduit>
> 
> I am not a  cert, keystore expert by any means and I am confused on which
> configuration I should be using.  My use case is using cxf to call a third
> party https service. I pulled the cert from their site and performed a
> keytool import on it to get the store.  All the proxy and basic auth stuff
> works like a charm. When I try to use ssl however I cannot get a single
> configuration to work. I am sure that this works but online everyone that
> has solved this issue has a different way of doing so.
> 
> With Configuration A I get an error about my DerInputStream being too
>  large. With Configuration B I get an error that there is no trusted
>  certification found. Also with this configuration I debugged the
>  HttpConduit object and in the tlsClientParameters I can see the store in
>  all its glory with all the correct configurations that are in the
>  configuration xml file.
> 
>  I want cxf to make this project a success.  Any ideas on what I am doing
> wrong?
> Thanks
> 

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message