Equivalent of org.apache.axis.components.net.SunFakeTrustSocketFactory for wsimport

Question

When I generate webservice client stubs using Apache Axis, I disable the server certificate trust check in my code using the client stubs by calling the following method

AxisProperties.setProperty("axis.socketSecureFactory",
     "org.apache.axis.components.net.SunFakeTrustSocketFactory");

How do I disable the trust check with client stubs that were generated by running wsimport?

I use this when I am running some test code.

Answer 1

All that's happening in that class is the provision of a bogus trust store manager, that trusts anything. Knowing that, you can use this article and put something together.

1. First the easy trust manager

   public class EasyTrustManager implements X509TrustManager {
     public void checkClientTrusted(X509Certificate[] chain, String authType) {
           //do nothing
     }
   
     public void checkServerTrusted(X509Certificate[] chain, String authType) {
          //do nothing
     }
   
     public java.security.cert.X509Certificate[] getAcceptedIssuers() {
          return null;
     }
   }
   

2. Then feed your trust manager to an instance of SSLContext, just like axis was doing:

   SSLContext sCtxt = SSLContext.getInstance("SSL"); 
   sCtxt.init(null, new TrustManager[]{new EasyTrustManager()}, new java.security.SecureRandom()); 
   

3. Setup the custom context, by calling HttpsURLConnection#setDefaultSSLSocketFactory based on the fact that all your web service calls are based on an underlying instance of HttpsURLConnection. This call will setup the context, by way of SSLContext#getContext, for all https calls

   HttpsURLConnection.setDefaultSSLSocketFactory(sCtxt.getSocketFactory());