AXIS2启用HTTPS,只需要设置truststore及密码,然后对于HTTPS协议,就会自动启用SSL通信了。
System.setProperty("javax.net.ssl.trustStore", PATH_TO_TRUSTSTORE);
System.setProperty("javax.net.ssl.trustStorePassword", PASSWORD_OF_TRUSTSTORE);
但有时,基于种种原因,比如证书链有问题,比如证书HOST有问题,比如证书本身就有问题,说多了都是泪,这是后就要绕过HTTPS的证书验证了。总起来说,AXIS2有下面几种方式可以跳过HTTPS证书验证:
1、通过设置TrustAllTrustManager来绕过证书验证
这是一种局部设置方式,方式适合用wsdl2java生成stub代码的程序来执行,比如,客户端可以:
SSLContext sslCtx = SSLContext.getInstance("TLS");
sslCtx.init(null, new TrustManager[] {new TrustAllTrustManager()}, null);
stub._getServiceClient().getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
new Protocol("https",(ProtocolSocketFactory)new SSLProtocolSocketFactory(sslCtx),443));
2、通过设置CUSTOM_PROTOCOL_HANDLER来绕过证书验证
这是一种全局设置的方式。
Protocol myProtocolHandler = new Protocol("https", new NeoSecureSocketFactory(), 443);
//中心端注册CUSTOM_PROTOCOL_HANDLER
messageContext.getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER, myProtocolHandler);
//客户端注册CUSTOM_PROTOCOL_HANDLER
stub._getServiceClient().getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER, myProtocolHandler);
3、注册Protocol来绕过证书验证
这是一种全局设置的方式。
Protocol.registerProtocol("https", new Protocol("https", new NeoSecureSocketFactory(), 443));
4、最后是NeoSecureSocketFactory.java
package com.neohope.axis2test;
import javax.net.ssl.*;
import java.io.*;
import java.net.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import javax.net.SocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
/**
*
* @author Hansen
*/
public class NeoSecureSocketFactory implements ProtocolSocketFactory {
private static SSLContext ssl = null;
private static TrustManager[ ] getTrustManagers() {
TrustManager[ ] certs = new TrustManager[ ] {
new X509TrustManager() {
public X509Certificate[ ] getAcceptedIssuers() { return null; }
public void checkClientTrusted(X509Certificate[ ] certs, String t) { }
public void checkServerTrusted(X509Certificate[ ] certs, String t) { }
}
};
return certs;
}
private static SSLContext createSSLContext() {
try {
TrustManager[] trustManagers = getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagers, null);
return sslContext;
} catch (KeyManagementException e) {
;
} catch (NoSuchAlgorithmException e) {
;
}
return null;
}
private static SSLContext getSSLContext() {
if (ssl == null) {
ssl = createSSLContext();
}
return ssl;
}
@Override
public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(host, port,
clientHost, clientPort);
}
@Override
public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort, HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException {
if (params == null) {
throw new IllegalArgumentException("Parameters may not be null");
}
int timeout = params.getConnectionTimeout();
SocketFactory socketfactory = getSSLContext().getSocketFactory();
if (timeout == 0) {
return socketfactory.createSocket(host, port, clientHost,
clientPort);
}
Socket socket = socketfactory.createSocket();
SocketAddress localaddr = new InetSocketAddress(clientHost, clientPort);
SocketAddress remoteaddr = new InetSocketAddress(host, port);
socket.bind(localaddr);
try {
socket.connect(remoteaddr, timeout);
} catch (Exception e) {
throw new ConnectTimeoutException(e.getMessage(), e);
}
return socket;
}
@Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(host, port);
}
}