I have written Jersey RESTful clients that made use of a Dumb X509TrustManager and HostnameVerifier to trust all SSL certs on our lab systems to make it easier to deal with certs that are self-signed.
ClientConfig config = new DefaultClientConfig();
SSLContext context = null;
try
{
context = SSLContext.getInstance("SSL");
context.init(null,
new TrustManager[] { new DumbX509TrustManager() },
null);
config.getProperties()
.put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
new HTTPSProperties(this.getHostnameVerifier(),
context));
webClient = Client.create(config);
}
....
Is there a way for me to do something similar using CXF?
This is from the CXF mailing list. Note that I didn't have to implement it due to other system updates, so this is theoretical:
WebClient webClient = WebClient.create(this.serviceURL,
this.username,
this.password,
null); // Spring config file - we don't use this
if (trustAllCerts)
{
HTTPConduit conduit = WebClient.getConfig(webClient)
.getHttpConduit();
TLSClientParameters params =
conduit.getTlsClientParameters();
if (params == null)
{
params = new TLSClientParameters();
conduit.setTlsClientParameters(params);
}
params.setTrustManagers(new TrustManager[] { new
DumbX509TrustManager() });
params.setDisableCNCheck(true);
}