Return-Path: 
 <user-return-55605-apmail-ant-user-archive=ant.apache.org@ant.apache.org>
Delivered-To: apmail-ant-user-archive@www.apache.org
Received: (qmail 13830 invoked from network); 17 Apr 2006 11:58:14 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 17 Apr 2006 11:58:14 -0000
Received: (qmail 12760 invoked by uid 500); 17 Apr 2006 11:58:01 -0000
Delivered-To: apmail-ant-user-archive@ant.apache.org
Received: (qmail 12707 invoked by uid 500); 17 Apr 2006 11:58:01 -0000
Mailing-List: contact user-help@ant.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:user-unsubscribe@ant.apache.org>
List-Help: <mailto:user-help@ant.apache.org>
List-Post: <mailto:user@ant.apache.org>
List-Id: "Ant Users List" <user.ant.apache.org>
Reply-To: "Ant Users List" <user@ant.apache.org>
Delivered-To: mailing list user@ant.apache.org
Received: (qmail 12696 invoked by uid 99); 17 Apr 2006 11:58:01 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Apr 2006 04:58:01 -0700
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: neutral (asf.osuosl.org: local policy)
Received: from [203.10.1.142] (HELO vscan03.westnet.com.au) (203.10.1.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Apr 2006 04:57:59 -0700
Received: from localhost (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with ESMTP id 75A95B6053D
	for <user@ant.apache.org>; Mon, 17 Apr 2006 19:58:53 +0800 (WST)
Received: from vscan03.westnet.com.au ([127.0.0.1])
 by localhost (vscan03.westnet.com.au [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 17844-03-2 for <user@ant.apache.org>;
 Mon, 17 Apr 2006 19:58:53 +0800 (WST)
Received: from [192.168.1.120] (dsl-202-173-178-172.qld.westnet.com.au
 [202.173.178.172])
	by vscan03.westnet.com.au (Postfix) with ESMTP id D5F06B60DD2
	for <user@ant.apache.org>; Mon, 17 Apr 2006 19:58:52 +0800 (WST)
Message-ID: <444382B1.6070309@tmorris.net>
Date: Mon, 17 Apr 2006 21:57:37 +1000
From: Tony Morris <tmorris@tmorris.net>
User-Agent: Mail/News 1.5 (X11/20060309)
MIME-Version: 1.0
To: user@ant.apache.org
Subject: <get> with HTTPS
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

Hello everyone,
I am having an issue with the <get> task to a HTTPS address that I can't 
seem to reproduce using my own Java code.
I have attached below my build.xml which contains the minimum that is 
required to observe the behaviour that I am observing - specifically, 
the get task fails because it does not trust the public key that the 
server is responding with (fair enough - it is my own self-signed 
certificate).

javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target

After some googling about, I learned that I need to set the 
javax.net.ssl.trustStore system property to refer to a keystore that 
contains this public key. This is where my problem begins. I apologise 
for the verbosity of this problem - I have trimmed to as little as I 
possibly can. The keystore that I am using - that contains the trusted 
public key - is available at: 
http://xdweb.net/~dibblego/source.tmorris.net.jks

I have tried downloading this keystore file, and setting the 
javax.net.ssl.trustStore system property to refer to this file using -D 
at the command line when starting ant. For example
 > ant -Djavax.net.ssl.trustStore=/path/to/source.tmorris.net.jks

This does not seem to change the situation. However, I wrote some Java 
code that indeed works fine when I set this system property. "Working 
fine" means that the server responds with a 401 message (requesting 
authentication) instead of "not working fine" meaning that the VM 
doesn't trust my public key. This Java code is part of my build.xml (see 
below). Again, I apologise for the verbosity, but I believe that I am at 
the end for solving this problem.

Just why does it work (401) for my trivial Java code, but not for my 
equally trivial build.xml (javax.net.ssl.SSLHandshakeException)?
If someone could somehow use an Ant <get> request to establish a 
successful HTTPS connection to https://source.tmorris.net (so that they 
receive a 401 response), I'd most appreciate knowing whatever the answer 
is. I am just short of writing my own Ant task, since I know that I can 
get my own Java code to make a successful request - with trust of the 
public key that is returned by the server.

Below is build.xml which includes aforementioned Java source code and 
the public key itself:

<?xml version="1.0"?>

<project name="test" default="test" basedir=".">
    <target name="test" description="test case for SSL problem at 
17/04/2006">
        <!-- should be set to a local file downloaded from 
http://xdweb.net/~dibblego/source.tmorris.net.jks -->
        <echo message="javax.net.ssl.trustStore = 
${javax.net.ssl.trustStore}"/>
        <get src="https://source.tmorris.net/" dest="source.tmorris.net"/>
    </target>
</project>

<!--
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;

public final class Main {
    private Main() throws UnsupportedOperationException {
        throw new UnsupportedOperationException();
    }

    public static void main(final String[] args) throws IOException {
        // args[0] should point to a local file downloaded from 
http://xdweb.net/~dibblego/source.tmorris.net.jks
        System.setProperty("javax.net.ssl.trustStore", args[0]);

        final URL u = new URL("https://source.tmorris.net");
        final InputStream in = u.openStream();

        try {
            int c;

            while((c = in.read()) != -1) {
                System.out.print((char)c);
            }
        }
        finally {
            in.close();
        }
    }
}
-->

<!--
This is the public key that is sent back from the server and that which 
is stored
in the JKS keystore that can be found at 
http://xdweb.net/~dibblego/source.tmorris.net.jks

-----BEGIN CERTIFICATE-----
MIICkTCCAfoCCQDI29GgYmuIUzANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMC
QVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRQwEgYD
VQQKEwtUb255IE1vcnJpczEbMBkGA1UEAxMSc291cmNlLnRtb3JyaXMubmV0MSIw
IAYJKoZIhvcNAQkBFhN0bW9ycmlzQHRtb3JyaXMubmV0MB4XDTA2MDMyMDAwMjMy
NloXDTE2MDMxNzAwMjMyNlowgYwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVl
bnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEUMBIGA1UEChMLVG9ueSBNb3JyaXMx
GzAZBgNVBAMTEnNvdXJjZS50bW9ycmlzLm5ldDEiMCAGCSqGSIb3DQEJARYTdG1v
cnJpc0B0bW9ycmlzLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuBL4
k70JKTq3Swvyq5Z8pwCJPkWQrsC+GOoxxt/FUaGITQOi27VEGlulXw5yYUTu+uyD
1FUduIgU5iGx3Be7kFYpk+b/6S1qp9f59MxTh5fze4VQmByocGBJWPmmJdk/f/j7
5Ywt6oUfQoHHGwDX7PY3FU3MAnfjrkmxy2F+yx8CAwEAATANBgkqhkiG9w0BAQUF
AAOBgQACi9s2Y1q+J6HiTeydp3/V3I+SygzIx8qIFapvxSzajz93zJrq4S4RcvnC
niRVrRi1WtYF5F8Oslggjy0HmUjS98vMoONBpEH6Hc+zi+B3zwPJhZipEe605qEz
zT8P0OHZrsm3klHyr1J2HtW6r3dl3/kqf+z/mTIY9dmpxo7Haw==
-----END CERTIFICATE-----
-->


-- 
Tony Morris
http://tmorris.net/

s/Commonwealth Games/Commonwealth Swimming


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org