Re: Cannot reach an SSL-based SPARQL endpoint

Fri, 13 Jan 2017 01:27:00 -0800 

In Jena 3.1.1, the way security is handled changed.
Now, the application creates the appropriate Apache HttpClient and that is used for the remote service access. 

http://jena.apache.org/documentation/query/http-auth.html

see also:

http://stackoverflow.com/questions/30250102/any-apache-httpclient-4-4-example-for-trust-self-signed-certificates

        Andy

On 12/01/17 18:52, Zak Mc Kracken wrote:

Hi all,

as per subject, I get the error below when I try to reach an endpoint
that is based on SSL and has an invalid/non-signed certificate. I would
like to just disable any certificate verification, but this code:
https://goo.gl/AglsHv doesn't seem to work with Jena (I've successfully
used it with other HTTPS-based clients).

I'm invoking the endpoint the usual way:


QueryExecution qx = QueryExecutionFactory.sparqlService (
    SPARQL_HTTPS,
    sparql,
    new SimpleAuthenticator ( USER, PASSWD.toCharArray () )
);



I'm using Jena 3.1.0 from Maven.
Thanks in advance for any help,

Marco

Error output:



HttpException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target: Unexpected error
making the query: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
    at
org.apache.jena.sparql.engine.http.HttpQuery.rewrap(HttpQuery.java:414)
    at
org.apache.jena.sparql.engine.http.HttpQuery.execGet(HttpQuery.java:355)
    at
org.apache.jena.sparql.engine.http.HttpQuery.exec(HttpQuery.java:292)
    at
org.apache.jena.sparql.engine.http.QueryEngineHTTP.execResultSetInner(QueryEngineHTTP.java:359)

    at
org.apache.jena.sparql.engine.http.QueryEngineHTTP.execSelect(QueryEngineHTTP.java:351)

...
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)

    at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

    at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:436)

    at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)

    at
org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)

    at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)

    at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)

    at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)

    at
org.apache.http.impl.client.DecompressingHttpClient.execute(DecompressingHttpClient.java:137)

    at
org.apache.http.impl.client.DecompressingHttpClient.execute(DecompressingHttpClient.java:118)

    at org.apache.jena.riot.web.HttpOp.exec(HttpOp.java:1186)
    at org.apache.jena.riot.web.HttpOp.execHttpGet(HttpOp.java:378)
    at org.apache.jena.riot.web.HttpOp.execHttpGet(HttpOp.java:440)
    at
org.apache.jena.sparql.engine.http.HttpQuery.execGet(HttpQuery.java:343)
    ... 34 more
Caused by: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
    at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

    at sun.security.validator.Validator.validate(Validator.java:260)
    at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

    at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

    at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

    at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)

    ... 53 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
    at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

    at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 59 more
























					Reply via email to