ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Morris <>
Subject <get> with HTTPS
Date Mon, 17 Apr 2006 11:57:37 GMT
Hello everyone,
I am having an issue with the <get> task to a HTTPS address that I can't 
seem to reproduce using my own Java code.
I have attached below my build.xml which contains the minimum that is 
required to observe the behaviour that I am observing - specifically, 
the get task fails because it does not trust the public key that the 
server is responding with (fair enough - it is my own self-signed 
certificate). PKIX path building failed: unable to 
find valid certification path to requested target

After some googling about, I learned that I need to set the system property to refer to a keystore that 
contains this public key. This is where my problem begins. I apologise 
for the verbosity of this problem - I have trimmed to as little as I 
possibly can. The keystore that I am using - that contains the trusted 
public key - is available at:

I have tried downloading this keystore file, and setting the system property to refer to this file using -D 
at the command line when starting ant. For example
 > ant

This does not seem to change the situation. However, I wrote some Java 
code that indeed works fine when I set this system property. "Working 
fine" means that the server responds with a 401 message (requesting 
authentication) instead of "not working fine" meaning that the VM 
doesn't trust my public key. This Java code is part of my build.xml (see 
below). Again, I apologise for the verbosity, but I believe that I am at 
the end for solving this problem.

Just why does it work (401) for my trivial Java code, but not for my 
equally trivial build.xml (
If someone could somehow use an Ant <get> request to establish a 
successful HTTPS connection to (so that they 
receive a 401 response), I'd most appreciate knowing whatever the answer 
is. I am just short of writing my own Ant task, since I know that I can 
get my own Java code to make a successful request - with trust of the 
public key that is returned by the server.

Below is build.xml which includes aforementioned Java source code and 
the public key itself:

<?xml version="1.0"?>

<project name="test" default="test" basedir=".">
    <target name="test" description="test case for SSL problem at 
        <!-- should be set to a local file downloaded from -->
        <echo message=" = 
        <get src="" dest=""/>


public final class Main {
    private Main() throws UnsupportedOperationException {
        throw new UnsupportedOperationException();

    public static void main(final String[] args) throws IOException {
        // args[0] should point to a local file downloaded from
        System.setProperty("", args[0]);

        final URL u = new URL("");
        final InputStream in = u.openStream();

        try {
            int c;

            while((c = != -1) {
        finally {

This is the public key that is sent back from the server and that which 
is stored
in the JKS keystore that can be found at


Tony Morris

s/Commonwealth Games/Commonwealth Swimming

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message