custom ssl handling for axis2

Tue, Oct 23, 2007

I have a problem. You can mount various Fedora repositories in the Sakai resource tool but to upload resources you need to use the API-M endpoint, which is normally protected via SSL. That means the client code on the Sakai side needs to verify incoming Fedora server certificates.

The easiest way to do this is to use System properties with Axis2:

System.setProperty(“javax.net.ssl.trustStore”, “…"); System.setProperty(“javax.net.ssl.trustStorePassword”, “…");

but that is such useless method I really don’t know why it’s used. It’s fine if you have one client on the system and completely useless if you want to have a threaded, dynamic client environment. In that case, each client ends up overwriting other clients' trust settings. So I did bit of googling and found out that Axis2 uses HttpClient behind the scenes and therefore you can specify your own Protocol handler for SSL. Now, that sounds a bit familiar. I did this for the Guanxi SSL Layer a while ago, specifically the EntityConnection and SSL classes. However, they were designed to work with the javax.net.ssl classes and Axis2 uses org.apache.commons.httpclient.

So all I have to do is port the Guanxi SSL Layer to HttpClient and I should be able to customise the SSL handling of Fedora connections. I’ll add a Fedora specific parameter to the mountpoint xml, to allow auto-trust, so I can just use the one truststore and get the SSL layer to probe for a Fedora server’s certificate, just like the Guanxi SP Engine does when it talks to a Guard that it trusts.

comments powered by Disqus