with HTTPS

Tony Morris Mon, 17 Apr 2006 04:58:01 -0700

Hello everyone,

I am having an issue with the <get> task to a HTTPS address that I can'tseem to reproduce using my own Java code.I have attached below my build.xml which contains the minimum that isrequired to observe the behaviour that I am observing - specifically,the get task fails because it does not trust the public key that theserver is responding with (fair enough - it is my own self-signedcertificate).

javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed:sun.security.provider.certpath.SunCertPathBuilderException: unable tofind valid certification path to requested target

After some googling about, I learned that I need to set thejavax.net.ssl.trustStore system property to refer to a keystore thatcontains this public key. This is where my problem begins. I apologisefor the verbosity of this problem - I have trimmed to as little as Ipossibly can. The keystore that I am using - that contains the trustedpublic key - is available at:http://xdweb.net/~dibblego/source.tmorris.net.jks

I have tried downloading this keystore file, and setting thejavax.net.ssl.trustStore system property to refer to this file using -Dat the command line when starting ant. For example

> ant -Djavax.net.ssl.trustStore=/path/to/source.tmorris.net.jks

This does not seem to change the situation. However, I wrote some Javacode that indeed works fine when I set this system property. "Workingfine" means that the server responds with a 401 message (requestingauthentication) instead of "not working fine" meaning that the VMdoesn't trust my public key. This Java code is part of my build.xml (seebelow). Again, I apologise for the verbosity, but I believe that I am atthe end for solving this problem.

Just why does it work (401) for my trivial Java code, but not for myequally trivial build.xml (javax.net.ssl.SSLHandshakeException)?If someone could somehow use an Ant <get> request to establish asuccessful HTTPS connection to https://source.tmorris.net (so that theyreceive a 401 response), I'd most appreciate knowing whatever the answeris. I am just short of writing my own Ant task, since I know that I canget my own Java code to make a successful request - with trust of thepublic key that is returned by the server.

Below is build.xml which includes aforementioned Java source code andthe public key itself:


<?xml version="1.0"?>

<project name="test" default="test" basedir=".">

<target name="test" description="test case for SSL problem at17/04/2006"><echo message="javax.net.ssl.trustStore =${javax.net.ssl.trustStore}"/>

       <get src="https://source.tmorris.net/"; dest="source.tmorris.net"/>
   </target>
</project>

<!--
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;

public final class Main {
   private Main() throws UnsupportedOperationException {
       throw new UnsupportedOperationException();
   }

   public static void main(final String[] args) throws IOException {

// args[0] should point to a local file downloaded fromhttp://xdweb.net/~dibblego/source.tmorris.net.jks

       System.setProperty("javax.net.ssl.trustStore", args[0]);

       final URL u = new URL("https://source.tmorris.net";);
       final InputStream in = u.openStream();

       try {
           int c;

           while((c = in.read()) != -1) {
               System.out.print((char)c);
           }
       }
       finally {
           in.close();
       }
   }
}
-->

<!--

This is the public key that is sent back from the server and that whichis storedin the JKS keystore that can be found athttp://xdweb.net/~dibblego/source.tmorris.net.jks

with HTTPS

Reply via email to