ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Morris <tmor...@tmorris.net>
Subject <get> with HTTPS
Date Mon, 17 Apr 2006 11:57:37 GMT
Hello everyone,
I am having an issue with the <get> task to a HTTPS address that I can't 
seem to reproduce using my own Java code.
I have attached below my build.xml which contains the minimum that is 
required to observe the behaviour that I am observing - specifically, 
the get task fails because it does not trust the public key that the 
server is responding with (fair enough - it is my own self-signed 
certificate).

javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target

After some googling about, I learned that I need to set the 
javax.net.ssl.trustStore system property to refer to a keystore that 
contains this public key. This is where my problem begins. I apologise 
for the verbosity of this problem - I have trimmed to as little as I 
possibly can. The keystore that I am using - that contains the trusted 
public key - is available at: 
http://xdweb.net/~dibblego/source.tmorris.net.jks

I have tried downloading this keystore file, and setting the 
javax.net.ssl.trustStore system property to refer to this file using -D 
at the command line when starting ant. For example
 > ant -Djavax.net.ssl.trustStore=/path/to/source.tmorris.net.jks

This does not seem to change the situation. However, I wrote some Java 
code that indeed works fine when I set this system property. "Working 
fine" means that the server responds with a 401 message (requesting 
authentication) instead of "not working fine" meaning that the VM 
doesn't trust my public key. This Java code is part of my build.xml (see 
below). Again, I apologise for the verbosity, but I believe that I am at 
the end for solving this problem.

Just why does it work (401) for my trivial Java code, but not for my 
equally trivial build.xml (javax.net.ssl.SSLHandshakeException)?
If someone could somehow use an Ant <get> request to establish a 
successful HTTPS connection to https://source.tmorris.net (so that they 
receive a 401 response), I'd most appreciate knowing whatever the answer 
is. I am just short of writing my own Ant task, since I know that I can 
get my own Java code to make a successful request - with trust of the 
public key that is returned by the server.

Below is build.xml which includes aforementioned Java source code and 
the public key itself:

<?xml version="1.0"?>

<project name="test" default="test" basedir=".">
    <target name="test" description="test case for SSL problem at 
17/04/2006">
        <!-- should be set to a local file downloaded from 
http://xdweb.net/~dibblego/source.tmorris.net.jks -->
        <echo message="javax.net.ssl.trustStore = 
${javax.net.ssl.trustStore}"/>
        <get src="https://source.tmorris.net/" dest="source.tmorris.net"/>
    </target>
</project>

<!--
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;

public final class Main {
    private Main() throws UnsupportedOperationException {
        throw new UnsupportedOperationException();
    }

    public static void main(final String[] args) throws IOException {
        // args[0] should point to a local file downloaded from 
http://xdweb.net/~dibblego/source.tmorris.net.jks
        System.setProperty("javax.net.ssl.trustStore", args[0]);

        final URL u = new URL("https://source.tmorris.net");
        final InputStream in = u.openStream();

        try {
            int c;

            while((c = in.read()) != -1) {
                System.out.print((char)c);
            }
        }
        finally {
            in.close();
        }
    }
}
-->

<!--
This is the public key that is sent back from the server and that which 
is stored
in the JKS keystore that can be found at 
http://xdweb.net/~dibblego/source.tmorris.net.jks

-----BEGIN CERTIFICATE-----
MIICkTCCAfoCCQDI29GgYmuIUzANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMC
QVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRQwEgYD
VQQKEwtUb255IE1vcnJpczEbMBkGA1UEAxMSc291cmNlLnRtb3JyaXMubmV0MSIw
IAYJKoZIhvcNAQkBFhN0bW9ycmlzQHRtb3JyaXMubmV0MB4XDTA2MDMyMDAwMjMy
NloXDTE2MDMxNzAwMjMyNlowgYwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVl
bnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEUMBIGA1UEChMLVG9ueSBNb3JyaXMx
GzAZBgNVBAMTEnNvdXJjZS50bW9ycmlzLm5ldDEiMCAGCSqGSIb3DQEJARYTdG1v
cnJpc0B0bW9ycmlzLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuBL4
k70JKTq3Swvyq5Z8pwCJPkWQrsC+GOoxxt/FUaGITQOi27VEGlulXw5yYUTu+uyD
1FUduIgU5iGx3Be7kFYpk+b/6S1qp9f59MxTh5fze4VQmByocGBJWPmmJdk/f/j7
5Ywt6oUfQoHHGwDX7PY3FU3MAnfjrkmxy2F+yx8CAwEAATANBgkqhkiG9w0BAQUF
AAOBgQACi9s2Y1q+J6HiTeydp3/V3I+SygzIx8qIFapvxSzajz93zJrq4S4RcvnC
niRVrRi1WtYF5F8Oslggjy0HmUjS98vMoONBpEH6Hc+zi+B3zwPJhZipEe605qEz
zT8P0OHZrsm3klHyr1J2HtW6r3dl3/kqf+z/mTIY9dmpxo7Haw==
-----END CERTIFICATE-----
-->


-- 
Tony Morris
http://tmorris.net/

s/Commonwealth Games/Commonwealth Swimming


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message