You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@chemistry.apache.org by Naresh Bhatia <bh...@comcast.net> on 2011/07/28 23:31:44 UTC
Connecting to CMIS repository via https
I am trying to connect to a CMIS repository via https. The server uses a
test certificate. When I connect via the browser, it warns that "The site's
security certificate is not trusted!". However I can ignore the warning and
proceed anyway. Is it possible to do something similar with OpenCMIS?
Currently it is giving me the following exception:
org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException:
Cannot access
https://localhost:8443/alfresco/service/cmis?repositoryId=df9d48f6-a276-4e5b-8168-1175a672a9fc:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils.invoke(HttpUtils.java:184)
org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils.invokeGET(HttpUtils.java:60)
org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:484)
org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:652)
org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfo(RepositoryServiceImpl.java:62)
org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfo(RepositoryServiceImpl.java:69)
org.apache.chemistry.opencmis.client.runtime.SessionImpl.connect(SessionImpl.java:581)
org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.createSession(SessionFactoryImpl.java:61)
Thanks.
Naresh
Re: Connecting to CMIS repository via https
Posted by Naresh Bhatia <bh...@comcast.net>.
Thanks Florian. Importing the server certificate into the Java truststore
fixed the problem.
Naresh
On Thu, Jul 28, 2011 at 6:07 PM, Florian Müller <
florian.mueller@alfresco.com> wrote:
> Hi Naresh,
>
> You can (and should) import the server certificate into the Java truststore
> [1] and this exception should go away.
>
> The brute force alternative is to call the following piece of code before
> you connect and unknown certificates will be ignored.
> Make sure you remove this code before you use your application in
> production!
>
>
> Florian
>
>
> [1]
> http://download.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>
>
>
> <code>
> private void acceptSelfSignedCertificates() {
> TrustManager[] trustAllCerts = new TrustManager[] { new
> X509TrustManager() {
> public X509Certificate[] getAcceptedIssuers() {
> return null;
> }
>
> public void checkClientTrusted(X509Certificate[] certs, String
> authType) { }
>
> public void checkServerTrusted(X509Certificate[] certs, String
> authType) { }
> } };
>
> try {
> SSLContext sc = SSLContext.getInstance("SSL");
> sc.init(null, trustAllCerts, new java.security.SecureRandom());
>
> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
> } catch (Exception e) {
> }
> }
> </code>
>
>
> On 28/07/2011 22:31, Naresh Bhatia wrote:
> > I am trying to connect to a CMIS repository via https. The server uses a
> > test certificate. When I connect via the browser, it warns that "The
> site's
> > security certificate is not trusted!". However I can ignore the warning
> and
> > proceed anyway. Is it possible to do something similar with OpenCMIS?
> > Currently it is giving me the following exception:
> >
> > org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException:
> > Cannot access
> >
> https://localhost:8443/alfresco/service/cmis?repositoryId=df9d48f6-a276-4e5b-8168-1175a672a9fc
> :
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find
> > valid certification path to requested target
> >
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils.invoke(HttpUtils.java:184)
> >
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils.invokeGET(HttpUtils.java:60)
> >
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:484)
> >
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:652)
> >
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfo(RepositoryServiceImpl.java:62)
> >
> org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfo(RepositoryServiceImpl.java:69)
> >
> org.apache.chemistry.opencmis.client.runtime.SessionImpl.connect(SessionImpl.java:581)
> >
> org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.createSession(SessionFactoryImpl.java:61)
> >
> > Thanks.
> > Naresh
> >
>
>
Re: Connecting to CMIS repository via https
Posted by Florian Müller <fl...@alfresco.com>.
Hi Naresh,
You can (and should) import the server certificate into the Java truststore [1] and this exception should go away.
The brute force alternative is to call the following piece of code before you connect and unknown certificates will be ignored.
Make sure you remove this code before you use your application in production!
Florian
[1] http://download.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
<code>
private void acceptSelfSignedCertificates() {
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) { }
public void checkServerTrusted(X509Certificate[] certs, String authType) { }
} };
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
}
</code>
On 28/07/2011 22:31, Naresh Bhatia wrote:
> I am trying to connect to a CMIS repository via https. The server uses a
> test certificate. When I connect via the browser, it warns that "The site's
> security certificate is not trusted!". However I can ignore the warning and
> proceed anyway. Is it possible to do something similar with OpenCMIS?
> Currently it is giving me the following exception:
>
> org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException:
> Cannot access
> https://localhost:8443/alfresco/service/cmis?repositoryId=df9d48f6-a276-4e5b-8168-1175a672a9fc:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils.invoke(HttpUtils.java:184)
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils.invokeGET(HttpUtils.java:60)
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:484)
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:652)
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfo(RepositoryServiceImpl.java:62)
> org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfo(RepositoryServiceImpl.java:69)
> org.apache.chemistry.opencmis.client.runtime.SessionImpl.connect(SessionImpl.java:581)
> org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.createSession(SessionFactoryImpl.java:61)
>
> Thanks.
> Naresh
>