chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Müller <florian.muel...@alfresco.com>
Subject Re: Connecting to CMIS repository via https
Date Thu, 28 Jul 2011 22:07:26 GMT
Hi Naresh,

You can (and should) import the server certificate into the Java truststore [1] and this exception
should go away.

The brute force alternative is to call the following piece of code before you connect and
unknown certificates will be ignored.
Make sure you remove this code before you use your application in production!


Florian


[1] http://download.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html



<code>
    private void acceptSelfSignedCertificates() {
        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            public void checkClientTrusted(X509Certificate[] certs, String authType) { }

            public void checkServerTrusted(X509Certificate[] certs, String authType) { }
        } };

        try {
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        } catch (Exception e) {
        }
    }
</code>


On 28/07/2011 22:31, Naresh Bhatia wrote:
> I am trying to connect to a CMIS repository via https. The server uses a
> test certificate. When I connect via the browser, it warns that "The site's
> security certificate is not trusted!". However I can ignore the warning and
> proceed anyway. Is it possible to do something similar with OpenCMIS?
> Currently it is giving me the following exception:
> 
> org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException:
> Cannot access
> https://localhost:8443/alfresco/service/cmis?repositoryId=df9d48f6-a276-4e5b-8168-1175a672a9fc:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils.invoke(HttpUtils.java:184)
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils.invokeGET(HttpUtils.java:60)
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:484)
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:652)
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfo(RepositoryServiceImpl.java:62)
> org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfo(RepositoryServiceImpl.java:69)
> org.apache.chemistry.opencmis.client.runtime.SessionImpl.connect(SessionImpl.java:581)
> org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.createSession(SessionFactoryImpl.java:61)
> 
> Thanks.
> Naresh
> 


Mime
View raw message