[MOBY-dev] HTTPS Moby services without importing certificates manually

[Tom Oinn]

Hi Moby people,

A recent thread on the myGrid list pointed out that for services 
accessed through HTTPS you have to download and manually add the server 
certificates to a keystore. This struck me as rather inelegant so I did 
a bit of digging around java.security and wrote a socket factory that 
allows you to selectively ignore the signature chain and therefore 
access such services as if you'd already installed everything.

Code's in CVS, link at 
http://taverna.cvs.sourceforge.net/viewvc/taverna/t2infrastructure/platform-core/src/main/java/net/sf/taverna/t2/platform/util/net/ThreadLocalSSLSocketFactory.java?view=markup

Feel free to just grab it (as far as I'm concerned) and use it. 
Basically you call install() to register it as the socket factory 
that'll be used by all HTTPS connections, then when you want to 
temporarily ignore certificate signatures you just do 
'startTrustingEverything()'. This isn't a global, it actually uses 
ThreadLocal to cause the change to only affect the current thread, so as 
long as you're not randomly spawning threads and you remember to call 
'stopTrustingEverything()' it won't affect anything other than that 
execution thread.

Enjoy.

Tom