Trevor Did the key store approach not work for you?
That is the preferred approach as the code approach you've used essentially removes any SSL security from your application and makes it vulnerable to man in the middle attacks Rob On 04/02/2015 08:10, "Trevor Donaldson" <[email protected]> wrote: >In case anyone else is struggling with this. I had to go with the method >that Rob described here > >https://github.com/rvesse/sparql-query-bm/blob/master/cmd/src/main/java/ne >t/sf/sparql/benchmarking/commands/AbstractCommand.java#L444 > >More specifically trusting all certificates. > >On Tue, Feb 3, 2015 at 8:19 PM, Rob Vesse <[email protected]> wrote: > >> As I suggested based on your original description this error does indeed >> mean that the certificate is not trusted. Either it is a self-signed >> certificate OR there is an untrusted certificate/certificate authority >>in >> the certificate chain >> >> You should not need to pass a SSLContext to anything in order to resolve >> this. >> >> Configuring the key store on your machine to trust the relevant >> certificate(s) is a JVM level feature and will be sufficient in most >> cases. The key store is automatically discovered by the JVM and used by >> higher level libraries like Apache HTTP Client (which underpins all HTTP >> functionality in ARQ). >> >> Rob >> >> On 03/02/2015 16:25, "Trevor Donaldson" <[email protected]> wrote: >> >> >Thanks Rob. Apologies for not adding some of the stacktrace. Here is >>the >> >error. >> > PKIX path building failed: >> >sun.security.provider.certpath.SunCertPathBuilderException: unable to >>find >> >valid certification path to requested target >> > >> >DatasetAccessor datasetAccessor = DatasetAccessorFactory.createHTTP(" >> >https://localhost:8443/ds";); >> > >> >I believe I may have to pass the HttpAuthenticator with an SSLContext. >>Not >> >sure how the DatasetAccessorFactory "knows" about my keystore and >> >truststore. >> > >> >On Tue, Feb 3, 2015 at 6:38 PM, Rob Vesse <[email protected]> wrote: >> > >> >> Trevor >> >> >> >> An invalid certificate exception generally means that the >>certificate is >> >> not trusted (often because it is self-signed) but without seeing a >> >> specific error condition and stack trace we can only guess what the >> >>actual >> >> problem is. >> >> >> >> Generally I would not expect it to be a HttpAuthenticator specific >> >>problem >> >> but again without a stack trace we can only speculate. You can use >>the >> >> debugging support (basically appropriately configuring logging) if >>you >> >> want to see exactly what Apache HTTP Client is doing under the hood: >> >> >> >> >> >> >> >>https://jena.apache.org/documentation/query/http-auth.html#debugging-auth >> >>en >> >> tication >> >> >> >> Trusting a certificate that would otherwise not be trusted is >>generally >> >>a >> >> JVM specific task and requires you to either configure the JVM key >>store >> >> on each machine your client runs on appropriately OR do some nasty >>code >> >> hacks that essentially disables SSL certificate verification in your >> >>JVM. >> >> For example the following SO question shows both approaches: >> >> >> >> >> >> >> >>http://stackoverflow.com/questions/2893819/telling-java-to-accept-self-si >> >>gn >> >> ed-ssl-certificate >> >> >> >> I have some helper scripts that I've used in the past up on BitBucket >> >>that >> >> can help automate the key store management because it is a little >> >>esoteric >> >> if you've never had to do it before: >> >> >> >> https://bitbucket.org/rvesse/java-ssl-helper/overview >> >> >> >> Note that under some JVMs using this approach may not help (IBM V9 >>was >> >> problematic if memory serves) and you may need to use the code >>approach >> >> instead. See the following code where I've done this in a tool that >> >>uses >> >> ARQ and HttpAuthenticator's in the past: >> >> >> >> >> >> >> >>https://github.com/rvesse/sparql-query-bm/blob/master/cmd/src/main/java/n >> >>et >> >> /sf/sparql/benchmarking/commands/AbstractCommand.java#L444 >> >> >> >> Rob >> >> >> >> >> >> On 03/02/2015 12:49, "Trevor Donaldson" <[email protected]> wrote: >> >> >> >> >Is it possible to setup an ssl context using HttpAuthenticator? I am >> >> >getting an invalid certificate exception when I try to use >> >>DataSetFactory. >> >> >I believe this is because the actual call is not using SSL. >> >> > >> >> >Thanks >> >> >> >> >> >> >> >> >> >> >> >> >> >> >>
