How to make HTTPS SOAP request bypassing SSL certificate in Java

Question

I am trying to make a HTTPS request using Ksoap in a Java console application. I need to make a SOAP request to the following local URL on my LAN Network:

https://192.168.0.43:7002/Examples/TestService?WSDL

Since it is a HTTPS request, i need to bypass the certificate and hit the webservice. I am using the webservice in testing environment only.

Here is my java code that uses ksoap to send the SOAP request.

 public class ConnectHttps {
    public static void main(String[] args) throws Exception {
  /*
 *  fix for
 *    Exception in thread "main" javax.net.ssl.SSLHandshakeException:
 *       sun.security.validator.ValidatorException:
 *           PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
 *               unable to find valid certification path to requested target
 */
TrustManager[] trustAllCerts = new TrustManager[] {
   new X509TrustManager() {
      public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
      }

      public void checkClientTrusted(X509Certificate[] certs, String authType) {  }

      public void checkServerTrusted(X509Certificate[] certs, String authType) {  }

   }
};

SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
    public boolean verify(String hostname, SSLSession session) {
      return true;
    }
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
/*
 * end of the fix
 */
  
 //send SOAP Request
   URL url = new URL("https://192.168.0.43:7002/Examples/TestService?WSDL");

    SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);
    SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11); 
    envelope.setOutputSoapObject(request); 
    

    //HttpsTransportSE  androidHttpTransport= new KeepAliveHttpsTransportSE("https://192.168.0.43", 7002, "TestService", 9000);

    try{

        HttpTransportSE androidHttpTransport = new HttpTransportSE(URL);

        androidHttpTransport.call(SOAP_ACTION, envelope);   

        SoapPrimitive result = (SoapPrimitive)envelope.getResponse();

        if (envelope.bodyIn instanceof SoapFault) {
            String str= ((SoapFault) envelope.bodyIn).faultstring;

            System.out.println("" +str);

        } else {
            SoapObject resultsRequestSOAP = (SoapObject) envelope.bodyIn;
            System.out.println("WS"+ ""+ String.valueOf(resultsRequestSOAP));
        }
    }catch(Exception ex)
    {
        System.out.println("Error:" +ex.getMessage());
        ex.printStackTrace();

    }*/



  }
}

Note: I have modified the code as per mentioned in this link

However, whenever i run the code, I am getting a security policy error with code 1000. The error occurs at line androidHttpTransport.call(SOAP_ACTION, envelope); resulting in a SoapFault

How should I make the HTTPS call using Ksoap

Answer 1

I know this question is 2 years old, however I had to find a workaround for a similar problem so it may help someone. Here is what I did to bypass the SSL certificate while calling SOAP services over HTTPS :

BaseWLSSLAdapter.setStrictCheckingDefault(false);
SSLAdapterFactory.getDefaultFactory().createSSLAdapter();
System.setProperty("org.apache.axis.components.net.SecureSocketFactory", "org.apache.axis.components.net.SunFakeTrustSocketFactory");