You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@ws.apache.org by Vincent Chen <vc...@yahoo.com> on 2006/02/28 09:23:41 UTC
xmlrpc over SSL problem?
Hi, all
I tried to use apache xmlrpc over SSL transport, the following 2 simple code
works in command line:
--- server.java --
public class Server {
public Server() {
import javax.net.ssl.*;
import org.apache.xmlrpc.secure.*;
SecurityTool.setKeyStore("secure.store");
SecurityTool.setKeyStorePassword("SecurePassword");
SecureWebServer web=new SecureWebServer(8080);
web.start();
web.addHandler("Secure",this);
}
public String echo(String message) {
return message;
}
}
--- client.java ---
import java.util.*;
import java.security.cert.*;
import javax.net.ssl.*;
import org.apache.xmlrpc.secure.*;
try {
SSLContext sslContext=SSLContext.getInstance("SSL");
sslContext.init(null, new X509TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(X509Certificate[]
chain, String authType) {
}
public void checkServerTrusted(X509Certificate[]
chain, String authType) {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFa
ctory());
} catch (Exception e) {
// SSL connection configure error
}
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
// ignore FQDN not matched with certificate common name
return true;
}
});
SecureXmlRpcClient client;
Vector parameters;
String result;
try {
client=new SecureXmlRpcClient("https://localhost:8080");
parameters=new Vector();
parameters.add("Echo");
result=(String)client.execute("Secure.echo",parameters);
System.out.println(result);
} catch (Exception e) {
// error here
System.out.println(e);
}
}
--- code ends here --
the above code work under command line, but 2 problems occur after I put them
to my appplication.
1. the above code did not use truststore but it work ok. After put them to my
application, java complains about:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter
must be non-empty
Why the above 2 java code do not have this error?
2. I import my private CA's certificate to truststore add the following line to
server code,
SecurityTool.setTrustStore("trust.store");
SecurityTool.setTrustStorePassword("TrustMe");
The above error is gone but new one comes:
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
I already configure SSL link not to check certificate's issuer and not to check
whether URL matches certificate's common name. It works with the above code,
when I got thoese errors again?
Thanks,
Vincent Chen
___________________________________________________ 最新版 Yahoo!奇摩即時通訊 7.0,免費網路電話任你打! http://messenger.yahoo.com.tw/