axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Asen <asen.m.ase...@gmail.com>
Subject Re: Accept Self-Signed Certificate
Date Fri, 14 Jan 2011 18:31:29 GMT
Not really.
This error has nothing to do with Axis itself, but please anyone can correct me.
It is your java certs.
Write little program to ping the remote server and download its cert.
Then import it into your java cert file.
That worked for me, and it is the way I took to overcome it.

On Fri, Jan 14, 2011 at 10:03 AM, Afkham Azeez <afkham@gmail.com> wrote:
> Doesn't
>
> stub._getServiceClient().getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
> new Protocol("https",(ProtocolSocketFactory)new
> SSLProtocolSocketFactory(sslCtx),443));
>
> do that?
>
> On Fri, Jan 14, 2011 at 7:39 PM, Zach Calvert <zachcalvert@gmail.com> wrote:
>>
>> This works fine for allowing java.net SSL access, but Apache Axis
>> doesn't expose APIs to send this into its SSL checking mechanism.
>>
>>
>>
>> Zach
>>
>>
>> On Tue, Jan 11, 2011 at 10:07 PM, Afkham Azeez <afkham@gmail.com> wrote:
>> > Check the class level doc comment
>> >
>> > in https://svn.apache.org/repos/asf/axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/java/security/TrustAllTrustManager.java
>> > Is that what you are looking for?
>> >
>> > On Wed, Jan 12, 2011 at 2:37 AM, Zach Calvert <zachcalvert@gmail.com>
>> > wrote:
>> >>
>> >> Also, I was looking at
>> >> http://www.mail-archive.com/axis-user@ws.apache.org/msg21872.html and
>> >> this method doesn't seem to work either, mostly because the dots are
>> >> not connected for the part
>> >> "
>> >> In your SSLSocketFactory, override the "private static TrustManager[]
>> >> createTrustManagers(final KeyStore keystore)" method.
>> >> And create your own X509TrustManager to trust all certs.
>> >> "
>> >> since this function doesn't seem to exist in
>> >>
>> >>
>> >> http://download.oracle.com/javase/1.4.2/docs/api/javax/net/ssl/SSLSocketFactory.html
>> >>
>> >> Any ideas?
>> >>
>> >>
>> >> On Tue, Jan 11, 2011 at 2:18 PM, Zach Calvert <zachcalvert@gmail.com>
>> >> wrote:
>> >> > I am writing internal test code chatting to an internal test server
>> >> > with a self signed certificate.  The team is distributed and I am
not
>> >> > an admin on our build servers so I cannot install the certificate
>> >> > into
>> >> > the certificate chain (can't do this on other developer machines
>> >> > anyway).  The idea is that I need to be able to execute SOAP APIs
>> >> > built using the mvn plugin for wsdl2code and the abd bindings (not
>> >> > XMLBeans).  The server will not accept clear port SOAP commands for
>> >> > authentication, but we are entirely willing to accept
>> >> > man-in-the-middle attacks as a risk since we're executing code on an
>> >> > internally managed network and this is not public facing code.
>> >> >
>> >> > I have searched the mailing lists, documentation, and various
>> >> > blogs/dev wikis and cannot find the answer.  I have tried the old
>> >> > flavor of AxisProperties.setProperty("axis.socketSecureFactory"...
>> >> > (http://marc.info/?l=axis-user&m=120965970202812&w=2) but of
course
>> >> > this does not work with the new flavor of Axis. I have also tried
>> >> > setting the default trust site manager to accept all certificates
>> >> >
>> >> >
>> >> > (http://www.coderanch.com/t/207318/sockets/java/do-hold-Java-default-SSL)
>> >> > but AXIS seems to use its own flavor from the Protocol classes.  I
>> >> > then tried overriding the Protocol using the sample code provided at
>> >> > http://hc.apache.org/httpclient-3.x/sslguide.html.  None of this
>> >> > seems
>> >> > to work and still gets me a
>> >> > Exception in thread "main" org.apache.axis2.AxisFault:
>> >> > sun.security.validator.ValidatorException: PKIX path building failed:
>> >> > sun.security.provider.certpath.SunCertPathBuilderException: unable
to
>> >> > find valid certification path to requested target
>> >> >        at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
>> >> >        at
>> >> >
>> >> > org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98)
>> >> >        at
>> >> >
>> >> > org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
>> >> >        at
>> >> >
>> >> > org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
>> >> >        at
>> >> >
>> >> > org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
>> >> >        at
>> >> >
>> >> > org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
>> >> >        at
>> >> >
>> >> > org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
>> >> >        at
>> >> >
>> >> > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
>> >> >        at
>> >> >
>> >> > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
>> >> >        at
>> >> >
>> >> > org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:550)
>> >> >        at
>> >> >
>> >> > org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:189)
>> >> >        at
>> >> > org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
>> >> >        at
>> >> >
>> >> > org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:389)
>> >> >        at
>> >> >
>> >> > org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:222)
>> >> >        at
>> >> > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:435)
>> >> >        at
>> >> >
>> >> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
>> >> >        at
>> >> >
>> >> > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
>> >> >        at
>> >> >
>> >> > org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
>> >> >        at
>> >> >
>> >> > vmware.labmanager.soap.LabManager_x0020_SOAP_x0020_interfaceStub.getConfigurationByName(LabManager_x0020_SOAP_x0020_interfaceStub.java:724)
>> >> >        at ZachTest.main(ZachTest.java:188)
>> >> > Caused by: javax.net.ssl.SSLHandshakeException:
>> >> > sun.security.validator.ValidatorException: PKIX path building failed:
>> >> > sun.security.provider.certpath.SunCertPathBuilderException: unable
to
>> >> > find valid certification path to requested target
>> >> >        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
>> >> > Source)
>> >> >        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
>> >> > Source)
>> >> >        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
>> >> > Source)
>> >> >        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
>> >> > Source)
>> >> >        at
>> >> >
>> >> > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
>> >> > Source)
>> >> >        at
>> >> > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
>> >> > Source)
>> >> >        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
>> >> > Source)
>> >> >        at
>> >> > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
>> >> > Source)
>> >> >        at
>> >> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
>> >> > Source)
>> >> >        at
>> >> >
>> >> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
>> >> > Source)
>> >> >        at
>> >> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
>> >> > Source)
>> >> >        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown
>> >> > Source)
>> >> >        at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
>> >> >        at java.io.BufferedOutputStream.flush(Unknown Source)
>> >> >        at
>> >> >
>> >> > org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:94)
>> >> >        ... 18 more
>> >> > Caused by: sun.security.validator.ValidatorException: PKIX path
>> >> > building failed:
>> >> > sun.security.provider.certpath.SunCertPathBuilderException: unable
to
>> >> > find valid certification path to requested target
>> >> >        at sun.security.validator.PKIXValidator.doBuild(Unknown
>> >> > Source)
>> >> >        at sun.security.validator.PKIXValidator.engineValidate(Unknown
>> >> > Source)
>> >> >        at sun.security.validator.Validator.validate(Unknown Source)
>> >> >        at
>> >> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
>> >> > Source)
>> >> >        at
>> >> >
>> >> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
>> >> > Source)
>> >> >        at
>> >> >
>> >> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
>> >> > Source)
>> >> >        ... 29 more
>> >> > Caused by:
>> >> > sun.security.provider.certpath.SunCertPathBuilderException:
>> >> > unable to find valid certification path to requested target
>> >> >        at
>> >> > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
>> >> > Source)
>> >> >        at java.security.cert.CertPathBuilder.build(Unknown Source)
>> >> >        ... 35 more
>> >> >
>> >> >
>> >> > Is there ANY support to override SSL validation for Apache AXIS SOAP
>> >> > calls using wsdl2java generated code?
>> >> >
>> >> >
>> >> >
>> >> > Thanks,
>> >> > Zach
>> >> >
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
>> >> For additional commands, e-mail: java-user-help@axis.apache.org
>> >>
>> >
>> >
>> >
>> > --
>> > Afkham Azeez
>> > Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
>> >
>> > Member; Apache Software Foundation; http://www.apache.org/
>> > email: azeez@wso2.com cell: +94 77 3320919
>> > blog: http://blog.afkham.org
>> > twitter: http://twitter.com/afkham_azeez
>> > linked-in: http://lk.linkedin.com/in/afkhamazeez
>> >
>> > Lean . Enterprise . Middleware
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
>> For additional commands, e-mail: java-user-help@axis.apache.org
>>
>
>
>
> --
> Afkham Azeez
> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
>
> Member; Apache Software Foundation; http://www.apache.org/
> email: azeez@wso2.com cell: +94 77 3320919
> blog: http://blog.afkham.org
> twitter: http://twitter.com/afkham_azeez
> linked-in: http://lk.linkedin.com/in/afkhamazeez
>
> Lean . Enterprise . Middleware
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org


Mime
View raw message