Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

apache xmlrpc over SSL?

843811Feb 21 2006 — edited Jul 26 2006
Hi, all

I tried to use apache xmlrpc over SSL transport, the following 2 simple code works in command line:

--- server.java --

public class Server {

public Server() {

import javax.net.ssl.*;
import org.apache.xmlrpc.secure.*;

SecurityTool.setKeyStore("secure.store");
SecurityTool.setKeyStorePassword("SecurePassword");

SecureWebServer web=new SecureWebServer(8080);
web.start();
web.addHandler("Secure",this);

}

public String echo(String message) {

return message;

}

}

--- client.java ---

import java.util.*;
import java.security.cert.*;
import javax.net.ssl.*;
import org.apache.xmlrpc.secure.*;

try {
SSLContext sslContext=SSLContext.getInstance("SSL");
sslContext.init(null, new X509TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(X509Certificate[]
chain, String authType) {
}
public void checkServerTrusted(X509Certificate[]
chain, String authType) {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFa
ctory());
} catch (Exception e) {
// SSL connection configure error
}

HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
// ignore FQDN not matched with certificate common name
return true;
}
});

SecureXmlRpcClient client;
Vector parameters;
String result;

try {
client=new SecureXmlRpcClient("https://localhost:8080");
parameters=new Vector();
parameters.add("Echo");
result=(String)client.execute("Secure.echo",parameters);
System.out.println(result);
} catch (Exception e) {
// error here
System.out.println(e);
}

}

--- code ends here --

the above code work under command line, but 2 problems occur after I put them to my appplication.

1. the above code did not use truststore but it work ok. After put them to my application, java complains about:

javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Why the above 2 java code do not have this error?

2. I import my private CA's certificate to truststore add the following line to server code,

SecurityTool.setTrustStore("trust.store");
SecurityTool.setTrustStorePassword("TrustMe");

The above error is gone but new one comes:

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I already configure SSL link not to check certificate's issuer and not to check whether URL matches certificate's common name. It works with the above code, when I got thoese errors again?


Thanks,

Vincent Chen
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 23 2006
Added on Feb 21 2006
#java-secure-socket-extension-jsse
2 comments
1,080 views