DISCLAIMER: Trusting all SSL certificates is generally a bad security practice and can leave your system vulnerable to man-in-the-middle attacks. Only implement this solution in a controlled environment.
For a JAX-WS client to accept all SSL certificates from any server, you must create an SLLSocketFactory that contains an X509TrustManager that bypasses all certificate validation.
Building the X509TrustManager is simple. Just create a class that implements the X509TrustManager interface and essentially do nothing in the methods:
If Host Name validation is desired, this can be implementd in the checkServerTrusted method. You can obtain the server Host Name from the last certificate in the passed-in array of X509Certificates.
Once your TrustManager is set up, the next step is to create an SSLSocketFactory. The factory is created by getting an instance of SSLContext and initializing it with your X509TrustManager you created previously. Then calling getSocketFactory on the context will return your SSLSocketFactory.
I recommended caching the SSLSocketFactory instance rather than creating a new one for each request because initialization can be time-consuming.
After the SSLSocketFactory is constructed, all that is left is to add it to your requestContext of your service proxy.
Your client should now be able to communicate with servers over SSL without needing to specify a trust store or add any new certificates to your existing trust store
BindingProviderProperties.SSL_SOCKET_FACTORY is not there
ReplyDelete