apache xmlrpc over SSL?
Hi, all
I tried to use apache xmlrpc over SSL transport, the following 2 simple code works in command line:
server.java --
public class Server {
public Server() {
import javax.net.ssl.*;
import org.apache.xmlrpc.secure.*;
SecurityTool.setKeyStore("secure.store");
SecurityTool.setKeyStorePassword("SecurePassword");
SecureWebServer web=new SecureWebServer(8080);
web.start();
web.addHandler("Secure",this);
}
public String echo(String message) {
return message;
}
}
client.java
import java.util.*;
import java.security.cert.*;
import javax.net.ssl.*;
import org.apache.xmlrpc.secure.*;
try {
SSLContext sslContext=SSLContext.getInstance("SSL");
sslContext.init(null, new X509TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(X509Certificate[]
chain, String authType) {
}
public void checkServerTrusted(X509Certificate[]
chain, String authType) {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFa
ctory());
} catch (Exception e) {
// SSL connection configure error
}
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
// ignore FQDN not matched with certificate common name
return true;
}
});
SecureXmlRpcClient client;
Vector parameters;
String result;
try {
client=new SecureXmlRpcClient("https://localhost:8080");
parameters=new Vector();
parameters.add("Echo");
result=(String)client.execute("Secure.echo",parameters);
System.out.println(result);
} catch (Exception e) {
// error here
System.out.println(e);
}
}
code ends here --
the above code work under command line, but 2 problems occur after I put them to my appplication.
1. the above code did not use truststore but it work ok. After put them to my application, java complains about:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Why the above 2 java code do not have this error?
2. I import my private CA's certificate to truststore add the following line to server code,
SecurityTool.setTrustStore("trust.store");
SecurityTool.setTrustStorePassword("TrustMe");
The above error is gone but new one comes:
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I already configure SSL link not to check certificate's issuer and not to check whether URL matches certificate's common name. It works with the above code, when I got thoese errors again?
Thanks,
Vincent Chen
