axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zach Calvert <zachcalv...@gmail.com>
Subject Accept Self-Signed Certificate
Date Tue, 11 Jan 2011 20:18:34 GMT
I am writing internal test code chatting to an internal test server
with a self signed certificate.  The team is distributed and I am not
an admin on our build servers so I cannot install the certificate into
the certificate chain (can't do this on other developer machines
anyway).  The idea is that I need to be able to execute SOAP APIs
built using the mvn plugin for wsdl2code and the abd bindings (not
XMLBeans).  The server will not accept clear port SOAP commands for
authentication, but we are entirely willing to accept
man-in-the-middle attacks as a risk since we're executing code on an
internally managed network and this is not public facing code.

I have searched the mailing lists, documentation, and various
blogs/dev wikis and cannot find the answer.  I have tried the old
flavor of AxisProperties.setProperty("axis.socketSecureFactory"...
(http://marc.info/?l=axis-user&m=120965970202812&w=2) but of course
this does not work with the new flavor of Axis. I have also tried
setting the default trust site manager to accept all certificates
(http://www.coderanch.com/t/207318/sockets/java/do-hold-Java-default-SSL)
but AXIS seems to use its own flavor from the Protocol classes.  I
then tried overriding the Protocol using the sample code provided at
http://hc.apache.org/httpclient-3.x/sslguide.html.  None of this seems
to work and still gets me a
Exception in thread "main" org.apache.axis2.AxisFault:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
	at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
	at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98)
	at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
	at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
	at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
	at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:550)
	at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:189)
	at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
	at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:389)
	at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:222)
	at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:435)
	at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
	at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
	at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
	at vmware.labmanager.soap.LabManager_x0020_SOAP_x0020_interfaceStub.getConfigurationByName(LabManager_x0020_SOAP_x0020_interfaceStub.java:724)
	at ZachTest.main(ZachTest.java:188)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
	at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
	at java.io.BufferedOutputStream.flush(Unknown Source)
	at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:94)
	... 18 more
Caused by: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
	at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
	at sun.security.validator.Validator.validate(Unknown Source)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
	... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
	at java.security.cert.CertPathBuilder.build(Unknown Source)
	... 35 more


Is there ANY support to override SSL validation for Apache AXIS SOAP
calls using wsdl2java generated code?



Thanks,
Zach

---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org


Mime
View raw message