Announcement Announcement Module
Collapse
No announcement yet.
Web service client and SSL Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Web service client and SSL

    I have a spring web service and client that work fine as long as I'm using http, but now I have to switch over to HTTPS. The web service side of things is working fine.

    But as expected, the client is broken and there's an exception being thrown during the call to WebServiceTemplate.sendSourceAndReceiveToResult:

    org.springframework.ws.client.WebServiceIOExceptio n: I/O error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1518)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:174)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:168)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:848)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:106)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:495)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:433)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:818)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1030)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1057)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1041)
    at sun.net.http://www.protocol.https.HttpsClien...lient.java:402)
    at sun.net.http://www.protocol.https.AbstractDe...ction.java:170)
    at sun.net.http://www.protocol.http.HttpURLConn...ction.java:839)
    at sun.net.http://www.protocol.https.HttpsURLCo...nImpl.java:230)
    at org.springframework.ws.transport.http.HttpUrlConne ction.getRequestOutputStream(HttpUrlConnection.jav a:70)
    at org.springframework.ws.transport.AbstractSenderCon nection$RequestTransportOutputStream.createOutputS tream(AbstractSenderConnection.java:92)
    at org.springframework.ws.transport.TransportOutputSt ream.getOutputStream(TransportOutputStream.java:40 )
    at org.springframework.ws.transport.TransportOutputSt ream.close(TransportOutputStream.java:47)
    at org.springframework.ws.transport.AbstractWebServic eConnection.send(AbstractWebServiceConnection.java :39)
    at org.springframework.ws.client.core.WebServiceTempl ate.sendRequest(WebServiceTemplate.java:546)
    at org.springframework.ws.client.core.WebServiceTempl ate.sendAndReceive(WebServiceTemplate.java:404)
    at org.springframework.ws.client.core.WebServiceTempl ate.doSendAndReceive(WebServiceTemplate.java:357)
    at org.springframework.ws.client.core.WebServiceTempl ate.sendSourceAndReceiveToResult(WebServiceTemplat e.java:305)
    at org.springframework.ws.client.core.WebServiceTempl ate.sendSourceAndReceiveToResult(WebServiceTemplat e.java:296)
    at org.springframework.ws.client.core.WebServiceTempl ate.sendSourceAndReceiveToResult(WebServiceTemplat e.java:286)

    Obviously, there's an automatic handshake attempt which is failing. In part because the client has not installed the server's cert and in part because the server is using a self-signed cert.

    I want to avoid having to manually install the cert chain if at all possible. What I'd like to do is be able to participate in the handshake such that I can prompt the user, accept the cert and move on.

    Is there any means of accomplishing this?

  • #2
    Spring-WS delegates to java.net.HTTPURLConnection or Commons HttpClient for its HTTP access. So you might want to see what these libraries offer with regard to SSL (my best bet would be to use Commons).

    As to getting a references to the underlying libraries, use the TransportContext. See http://static.springframework.org/sp...nsport-context

    Comment


    • #3
      If you haven't already found another solution, you might want to take a look at http://blogs.sun.com/andreas/entry/n...unable_to_find for a way to programatically install a cert chain.

      Comment

      Working...
      X