hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: Can't get org.apache.http.conn.ssl.TrustSelfSignedStrategy to work
Date Fri, 17 Feb 2017 21:13:58 GMT
I should also tried a custom class and it did not work either and it was
never called either.

public class AcceptAllTrustStrategy implements TrustStrategy {

    @Override
    public boolean isTrusted(X509Certificate[] chain, String authType) {
        return true;
    }

}

Gary

On Fri, Feb 17, 2017 at 12:56 PM, Gary Gregory <garydgregory@gmail.com>
wrote:

> Hi All,
>
> I cannot seem to get org.apache.http.conn.ssl.TrustSelfSignedStrategy to
> work with an SSL connection.
>
> I am creating the HttpClient (4.5.3, the latest) like so:
>
>         final PoolingHttpClientConnectionManager cm = new
> PoolingHttpClientConnectionManager();
>         httpClient = HttpClientFactory.createHttpClientBuilder(trustStrategy,
> hostnameVerifier, getTimeoutMillis())
>                 .setConnectionManager(cm)
>                 .build();
>
> Where HttpClientFactory is as below and trustStrategy=a new
> org.apache.http.conn.ssl.TrustSelfSignedStrategy, hostnameVerifier=null,
> getTimeoutMillis()=210,000:
>
> public class HttpClientFactory {
>
>     public static CloseableHttpClient createHttpClient(final TrustStrategy
> trustStrategy, final HostnameVerifier hostnameVerifier, final int
> timeoutMillis)
>             throws NoSuchAlgorithmException, KeyManagementException,
> KeyStoreException {
>         return createHttpClientBuilder(trustStrategy, hostnameVerifier,
> timeoutMillis).build();
>     }
>
>     public static HttpClientBuilder createHttpClientBuilder(final
> TrustStrategy trustStrategy, final HostnameVerifier hostnameVerifier, final
> int timeoutMillis)
>             throws NoSuchAlgorithmException, KeyManagementException,
> KeyStoreException {
>         final SSLContext sslContext = trustStrategy == null ? null :
> SSLContextBuilder.create().loadTrustMaterial(trustStrategy).build();
>         final SocketConfig socketConfig = timeoutMillis < 0 ? null :
> SocketConfig.custom().setSoTimeout(timeoutMillis).build();
>         final HttpClientBuilder builder = HttpClients.custom();
>         if (sslContext != null) {
>             builder.setSSLContext(sslContext);
>         }
>         if (hostnameVerifier != null) {
>             builder.setSSLHostnameVerifier(hostnameVerifier);
>         }
>         if (socketConfig != null) {
>             builder.setDefaultSocketConfig(socketConfig);
>         }
>         return builder;
>     }
>
> }
>
> I also tried hostnameVerifier=NoopHostnameVerifier.INSTANCE just for
> grins but that makes no difference, the failure is the same. If I had a
> breakpoint in TrustSelfSignedStrategy#isTrusted(), it never gets hit.
>
> The error:
>
> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
> at sun.security.ssl.ClientHandshaker.serverCertificate(
> ClientHandshaker.java:1446)
> at sun.security.ssl.ClientHandshaker.processMessage(
> ClientHandshaker.java:209)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(
> SSLSocketImpl.java:1332)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
> at org.apache.http.conn.ssl.SSLConnectionSocketFactory.
> createLayeredSocket(SSLConnectionSocketFactory.java:396)
> at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(
> SSLConnectionSocketFactory.java:355)
> at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(
> DefaultHttpClientConnectionOperator.java:142)
> at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(
> PoolingHttpClientConnectionManager.java:359)
> at org.apache.http.impl.execchain.MainClientExec.
> establishRoute(MainClientExec.java:381)
> at org.apache.http.impl.execchain.MainClientExec.
> execute(MainClientExec.java:237)
> at org.apache.http.impl.execchain.ProtocolExec.
> execute(ProtocolExec.java:185)
> at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
> at org.apache.http.impl.execchain.RedirectExec.
> execute(RedirectExec.java:111)
> at org.apache.http.impl.client.InternalHttpClient.doExecute(
> InternalHttpClient.java:185)
> at org.apache.http.impl.client.CloseableHttpClient.execute(
> CloseableHttpClient.java:83)
> at com.seagullsw.appinterface.comm.cics.ScgHttpConnection.
> sendRequest(ScgHttpConnection.java:165)
> at com.seagullsw.appinterface.comm.cics.ScgHttpConnection.
> sendRequest(ScgHttpConnection.java:177)
> at com.seagullsw.appinterface.server.backend.cics.
> ScgByteBufferExecutor.execute(ScgByteBufferExecutor.java:121)
> at com.seagullsw.appinterface.server.backend.cics.
> CicsBackEnd.handleRequestImpl(CicsBackEnd.java:232)
> at com.seagullsw.appinterface.server.backend.BasicBackEnd.
> handleRequest(BasicBackEnd.java:325)
> at com.seagullsw.appinterface.server.BasicInvocation.backEndDispatch(
> BasicInvocation.java:372)
> at com.seagullsw.appinterface.server.BasicInvocation.
> invokeInner(BasicInvocation.java:1146)
> at com.seagullsw.appinterface.server.BasicInvocation.invokeWithChecks(
> BasicInvocation.java:1191)
> at com.seagullsw.appinterface.server.BasicInvocation.invoke(
> BasicInvocation.java:1106)
> at com.seagullsw.appinterface.server.AppInterfaceServer.
> dispatch(AppInterfaceServer.java:722)
> at com.seagullsw.appinterface.server.AppInterfaceServer.
> dispatch(AppInterfaceServer.java:710)
> at com.seagullsw.appinterface.server.AisHelper.assertXmlRequest(AisHelper.
> java:59)
> at com.seagullsw.appinterface.server.backend.cics.
> AbstractScgBackEndTestCase.callMirrorCommArea(AbstractScgBackEndTestCase.
> java:409)
> at com.seagullsw.appinterface.server.backend.cics.
> AbstractScgBackEndTestCase.callMirrorCicsWriteQLimitCommArea(
> AbstractScgBackEndTestCase.java:379)
> at com.seagullsw.appinterface.server.backend.cics.
> AbstractScgBackEndStressTestCase.testMirrorCicsWriteQLimitCommA
> reaConsecutiveRequests10(AbstractScgBackEndStressTestCase.java:1896)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(
> FrameworkMethod.java:50)
> at org.junit.internal.runners.model.ReflectiveCallable.run(
> ReflectiveCallable.java:12)
> at org.junit.runners.model.FrameworkMethod.invokeExplosively(
> FrameworkMethod.java:47)
> at org.junit.internal.runners.statements.InvokeMethod.
> evaluate(InvokeMethod.java:17)
> at org.junit.rules.TestWatcher$1.evaluate(TestWatcher.java:55)
> at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:48)
> at org.junit.rules.RunRules.evaluate(RunRules.java:20)
> at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
> at org.junit.runners.BlockJUnit4ClassRunner.runChild(
> BlockJUnit4ClassRunner.java:78)
> at org.junit.runners.BlockJUnit4ClassRunner.runChild(
> BlockJUnit4ClassRunner.java:57)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
> at org.junit.internal.runners.statements.RunBefores.
> evaluate(RunBefores.java:26)
> at org.junit.internal.runners.statements.RunAfters.evaluate(
> RunAfters.java:27)
> at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:48)
> at org.junit.rules.RunRules.evaluate(RunRules.java:20)
> at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
> at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(
> JUnit4TestReference.java:86)
> at org.eclipse.jdt.internal.junit.runner.TestExecution.
> run(TestExecution.java:38)
> at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.
> runTests(RemoteTestRunner.java:459)
> at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.
> runTests(RemoteTestRunner.java:678)
> at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.
> run(RemoteTestRunner.java:382)
> at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.
> main(RemoteTestRunner.java:192)
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
> at sun.security.validator.PKIXValidator.engineValidate(
> PKIXValidator.java:292)
> at sun.security.validator.Validator.validate(Validator.java:260)
> at sun.security.ssl.X509TrustManagerImpl.validate(
> X509TrustManagerImpl.java:326)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(
> X509TrustManagerImpl.java:231)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(
> X509TrustManagerImpl.java:126)
> at sun.security.ssl.ClientHandshaker.serverCertificate(
> ClientHandshaker.java:1428)
> ... 63 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(
> SunCertPathBuilder.java:196)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
> ... 69 more
>
> Thoughts?
>
> Thank you,
> Gary
>
> --
> E-Mail: garydgregory@gmail.com | ggregory@apache.org
> Java Persistence with Hibernate, Second Edition
> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
> JUnit in Action, Second Edition
> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
> Spring Batch in Action
> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
> Blog: http://garygregory.wordpress.com
> Home: http://garygregory.com/
> Tweet! http://twitter.com/GaryGregory
>



-- 
E-Mail: garydgregory@gmail.com | ggregory@apache.org
Java Persistence with Hibernate, Second Edition
<https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
JUnit in Action, Second Edition
<https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
Spring Batch in Action
<https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message