aspose file tools*
The moose likes Security and the fly likes creating naive Trust Providers to get around testing agaisnt a different domain to the cert Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "creating naive Trust Providers to get around testing agaisnt a different domain to the cert" Watch "creating naive Trust Providers to get around testing agaisnt a different domain to the cert" New topic
Author

creating naive Trust Providers to get around testing agaisnt a different domain to the cert

Gavin Tranter
Ranch Hand

Joined: Jan 01, 2007
Posts: 333
Hi all,
I am trying to test an application I have control over, however I can not change the application as that would invalidate the testing I am trying to carry out.
The application uses certificates to talk to a third party server.

The problem is, the values are hard coded, and we have hacked hosts file and iptables so we can connect it to the the third parties testing site.
(please dont ask, its horrible if you ask I may cry).

So the test site is a sub domain (partners.test.somedomain.com rather than partners.somedomain.com) and of course java complains.
So I would like to create a trust provider that just trusts everything.

Is it possible, from the command line, to somehow "install" this provider into the virtual machine so that my application will just trust all the responses?



Thanks
G

Gavin Tranter
Ranch Hand

Joined: Jan 01, 2007
Posts: 333
Ok, seems the easiest way was to call the main class of the jar from an external class that had already added a naive security provide that just accepted everything.

Not the cleanest but it works.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: creating naive Trust Providers to get around testing agaisnt a different domain to the cert