Announcement Announcement Module
Collapse
No announcement yet.
trying to acess an ssl resource fail Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • trying to acess an ssl resource fail

    hi
    after securing my jboss server by enbling ssl and creating my certifica , i am note able to access my services from android using restetmplate
    the stack error is
    Code:
    05-24 07:56:15.662: W/System.err(457): org.springframework.web.client.ResourceAccessException: I/O error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
    ......
    
    05-24 07:56:15.682: W/System.err(457): Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
    
    
    05-24 07:56:15.732: W/System.err(457): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
    
    
    05-24 07:56:15.742: W/System.err(457): Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
    on the naviguator i have to accept the untrested sertifica ... is there somthing like this on android ?

  • #2
    thanks a lot for the 40 views your suggestion was very helpful this is the solution that i found ==>

    first i creat this class
    Code:
    package com.soutem.service;
    
    import java.io.IOException;
    import java.net.Socket;
    import java.net.UnknownHostException;
    import java.security.*;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;
    
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;
    
    import org.apache.http.conn.ssl.SSLSocketFactory;
    
    public class SpringSSLSocketFactory extends SSLSocketFactory {
    	SSLContext sslContext = SSLContext.getInstance("TLS");
    
    	public SpringSSLSocketFactory(KeyStore truststore)
    			throws NoSuchAlgorithmException, KeyManagementException,
    			KeyStoreException, UnrecoverableKeyException {
    		super(truststore);
    		TrustManager tm = new X509TrustManager() {
    			public void checkClientTrusted(X509Certificate[] chain,
    					String authType) throws CertificateException {
    			}
    
    			public void checkServerTrusted(X509Certificate[] chain,
    					String authType) throws CertificateException {
    			}
    
    			public X509Certificate[] getAcceptedIssuers() {
    				return null;
    			}
    		};
    
    		sslContext.init(null, new TrustManager[] { tm }, null);
    	}
    
    	@Override
    	public Socket createSocket(Socket socket, String host, int port,
    			boolean autoClose) throws IOException, UnknownHostException {
    		return sslContext.getSocketFactory().createSocket(socket, host, port,
    				autoClose);
    	}
    
    	@Override
    	public Socket createSocket() throws IOException {
    		return sslContext.getSocketFactory().createSocket();
    	}
    
    }

    then this one
    Code:
    package com.soutem.service;
    import java.security.KeyStore;
    
    import org.apache.http.HttpVersion;
    import org.apache.http.client.HttpClient;
    import org.apache.http.conn.ClientConnectionManager;
    import org.apache.http.conn.scheme.PlainSocketFactory;
    import org.apache.http.conn.scheme.Scheme;
    import org.apache.http.conn.scheme.SchemeRegistry;
    import org.apache.http.conn.ssl.SSLSocketFactory;
    import org.apache.http.impl.client.DefaultHttpClient;
    import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
    import org.apache.http.params.BasicHttpParams;
    import org.apache.http.params.HttpParams;
    import org.apache.http.params.HttpProtocolParams;
    import org.apache.http.protocol.HTTP;
    
    public class HttpsClient {
            public static HttpClient getNewHttpClient() {
                try {
                    KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    trustStore.load(null, null);
                    SSLSocketFactory sf = new SpringSSLSocketFactory(trustStore);
                    sf.setHostnameVerifier(
                           SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
                    HttpParams params = new BasicHttpParams();
                    HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
                    HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
                    SchemeRegistry registry = new SchemeRegistry();
                    registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 8080));
                    registry.register(new Scheme("https", sf, 8443));
                    ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
                    return new DefaultHttpClient(ccm, params);
                } catch (Exception e) {
                    return new DefaultHttpClient();
                }
            }
    }
    on my methode service
    Code:
    HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
    				RestTemplate restTemplate = new RestTemplate(requestFactory);
    				restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory(HttpsClient.getNewHttpClient()));
    				PersonneMorale response = restTemplate.getForObject(url
    						+ "findByLogin?login=" + params[0]+"&password="+params[1], PersonneMorale.class);
    so this my solution thanks for the ipragmatech comunity
    ma be there is a more powrful solution

    Comment


    • #3
      you are welcome

      Comment


      • #4
        Thanks for providing your solution, and the feedback! I'll add a JIRA for evaluating if there is a better way to handle untrusted SSL certificates in Spring for Android.

        Comment


        • #5
          "Trust anchor for certification path not found.; "
          Just use a verifyed cert (on your server) or add your selfsigned cert to the trusted certs in android...

          Comment


          • #6
            Thanks for this life saving post. Could you post the JIRA issue so we can track it/vote on it?

            Comment

            Working...
            X