xmlrpc over SSL problem?

[Vincent Chen <vc...@yahoo.com>]

Hi, all

I tried to use apache xmlrpc over SSL transport, the following 2 simple code
works in command line:

--- server.java --

public class Server {

public Server() {

import javax.net.ssl.*;
import org.apache.xmlrpc.secure.*;

SecurityTool.setKeyStore("secure.store");
SecurityTool.setKeyStorePassword("SecurePassword");

SecureWebServer web=new SecureWebServer(8080);
web.start();
web.addHandler("Secure",this);

}

public String echo(String message) {

return message;

}

}

--- client.java ---

import java.util.*;
import java.security.cert.*;
import javax.net.ssl.*;
import org.apache.xmlrpc.secure.*;

try {
SSLContext sslContext=SSLContext.getInstance("SSL");
sslContext.init(null, new X509TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(X509Certificate[]
chain, String authType) {
}
public void checkServerTrusted(X509Certificate[]
chain, String authType) {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFa
ctory());
} catch (Exception e) {
// SSL connection configure error
}

HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
// ignore FQDN not matched with certificate common name
return true;
}
});

SecureXmlRpcClient client;
Vector parameters;
String result;

try {
client=new SecureXmlRpcClient("https://localhost:8080");
parameters=new Vector();
parameters.add("Echo");
result=(String)client.execute("Secure.echo",parameters);
System.out.println(result);
} catch (Exception e) {
// error here
System.out.println(e);
}

}

--- code ends here --

the above code work under command line, but 2 problems occur after I put them
to my appplication.

1. the above code did not use truststore but it work ok. After put them to my
application, java complains about:

javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter
must be non-empty

Why the above 2 java code do not have this error?

2. I import my private CA's certificate to truststore add the following line to
server code,

SecurityTool.setTrustStore("trust.store");
SecurityTool.setTrustStorePassword("TrustMe");

The above error is gone but new one comes:

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target

I already configure SSL link not to check certificate's issuer and not to check
whether URL matches certificate's common name. It works with the above code,
when I got thoese errors again?


Thanks,

Vincent Chen

___________________________________________________  最新版 Yahoo!奇摩即時通訊 7.0，免費網路電話任你打！  http://messenger.yahoo.com.tw/