Hi All,
I cannot seem to get org.apache.http.conn.ssl.TrustSelfSignedStrategy to
work with an SSL connection.
I am creating the HttpClient (4.5.3, the latest) like so:
final PoolingHttpClientConnectionManager cm = new
PoolingHttpClientConnectionManager();
httpClient =
HttpClientFactory.createHttpClientBuilder(trustStrategy, hostnameVerifier,
getTimeoutMillis())
.setConnectionManager(cm)
.build();
Where HttpClientFactory is as below and trustStrategy=a new
org.apache.http.conn.ssl.TrustSelfSignedStrategy, hostnameVerifier=null,
getTimeoutMillis()=210,000:
public class HttpClientFactory {
public static CloseableHttpClient createHttpClient(final TrustStrategy
trustStrategy, final HostnameVerifier hostnameVerifier, final int
timeoutMillis)
throws NoSuchAlgorithmException, KeyManagementException,
KeyStoreException {
return createHttpClientBuilder(trustStrategy, hostnameVerifier,
timeoutMillis).build();
}
public static HttpClientBuilder createHttpClientBuilder(final
TrustStrategy trustStrategy, final HostnameVerifier hostnameVerifier, final
int timeoutMillis)
throws NoSuchAlgorithmException, KeyManagementException,
KeyStoreException {
final SSLContext sslContext = trustStrategy == null ? null :
SSLContextBuilder.create().loadTrustMaterial(trustStrategy).build();
final SocketConfig socketConfig = timeoutMillis < 0 ? null :
SocketConfig.custom().setSoTimeout(timeoutMillis).build();
final HttpClientBuilder builder = HttpClients.custom();
if (sslContext != null) {
builder.setSSLContext(sslContext);
}
if (hostnameVerifier != null) {
builder.setSSLHostnameVerifier(hostnameVerifier);
}
if (socketConfig != null) {
builder.setDefaultSocketConfig(socketConfig);
}
return builder;
}
}
I also tried hostnameVerifier=NoopHostnameVerifier.INSTANCE just for grins
but that makes no difference, the failure is the same. If I had a
breakpoint in TrustSelfSignedStrategy#isTrusted(), it never gets hit.
The error:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
at
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at
com.seagullsw.appinterface.comm.cics.ScgHttpConnection.sendRequest(ScgHttpConnection.java:165)
at
com.seagullsw.appinterface.comm.cics.ScgHttpConnection.sendRequest(ScgHttpConnection.java:177)
at
com.seagullsw.appinterface.server.backend.cics.ScgByteBufferExecutor.execute(ScgByteBufferExecutor.java:121)
at
com.seagullsw.appinterface.server.backend.cics.CicsBackEnd.handleRequestImpl(CicsBackEnd.java:232)
at
com.seagullsw.appinterface.server.backend.BasicBackEnd.handleRequest(BasicBackEnd.java:325)
at
com.seagullsw.appinterface.server.BasicInvocation.backEndDispatch(BasicInvocation.java:372)
at
com.seagullsw.appinterface.server.BasicInvocation.invokeInner(BasicInvocation.java:1146)
at
com.seagullsw.appinterface.server.BasicInvocation.invokeWithChecks(BasicInvocation.java:1191)
at
com.seagullsw.appinterface.server.BasicInvocation.invoke(BasicInvocation.java:1106)
at
com.seagullsw.appinterface.server.AppInterfaceServer.dispatch(AppInterfaceServer.java:722)
at
com.seagullsw.appinterface.server.AppInterfaceServer.dispatch(AppInterfaceServer.java:710)
at
com.seagullsw.appinterface.server.AisHelper.assertXmlRequest(AisHelper.java:59)
at
com.seagullsw.appinterface.server.backend.cics.AbstractScgBackEndTestCase.callMirrorCommArea(AbstractScgBackEndTestCase.java:409)
at
com.seagullsw.appinterface.server.backend.cics.AbstractScgBackEndTestCase.callMirrorCicsWriteQLimitCommArea(AbstractScgBackEndTestCase.java:379)
at
com.seagullsw.appinterface.server.backend.cics.AbstractScgBackEndStressTestCase.testMirrorCicsWriteQLimitCommAreaConsecutiveRequests10(AbstractScgBackEndStressTestCase.java:1896)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.rules.TestWatcher$1.evaluate(TestWatcher.java:55)
at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:48)
at org.junit.rules.RunRules.evaluate(RunRules.java:20)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:48)
at org.junit.rules.RunRules.evaluate(RunRules.java:20)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)
... 63 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 69 more
Thoughts?
Thank you,
Gary
--
E-Mail: garydgreg...@gmail.com | ggreg...@apache.org
Java Persistence with Hibernate, Second Edition
<https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
JUnit in Action, Second Edition
<https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
Spring Batch in Action
<https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
