?
Solved

Sending XML over HTTPS causes a javax.net.ssl.SSLHandshakeException

Posted on 2006-04-19
3
Medium Priority
?
916 Views
Last Modified: 2011-09-20
My web application gets information from web services provided by an outside company.  Some of this information doesn't need to be secured and a simple HttpURLConnection is opened passing the xml string as a URL parameter.  This works fine.  

For the sensitive information I am supposed to send the information to the https URL so I created a HttpsURLConnection.  When I try to get the InputStream on this line (bin = new BufferedInputStream(connection.getInputStream());)  it throws the following exception:

Opening connection...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:905)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
        at sun.security.validator.Validator.validate(Validator.java:203)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
        at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)

Do I need to ask them for a certificate?  Is there anyway to not require this?  I am currently running Tomcat 5.5.9 on my Windows XP system.  

Here is the code:

    public static final String XML_URL = "http://xml.xyzcompany.com/xml.jsp?xml=";
    public static final String SECURE_XML_URL = "https://xml.xyzcompany.com/xml.jsp?xml=";

    public static String getXMLResponse(String query) {
        StringBuffer sb = new StringBuffer();
        HttpURLConnection connection = null;
       
        try {
            String xmlQuery = XML_URL + query;
            System.out.println("NEW XML QUERY = " + xmlQuery);
           
            URL u = new URL(xmlQuery);
            System.out.println("Opening connection...");
            URLConnection uc = u.openConnection();
           
            connection = (HttpURLConnection) uc;
            connection.setDoOutput(true);
            connection.setDoInput(true);
            connection.setRequestMethod("POST");
           
            // Send the request and get the response.
            bin = new BufferedInputStream(connection.getInputStream());
            int ch=0;
            while((ch=bin.read())> -1) {
                sb.append((char)ch);
            }
        } catch (IOException ioe) {
            //System.err.println(ioe);
            ioe.printStackTrace();
        } finally {
            try {
                if(null != bin) {
                    bin.close();
                }
            } catch (IOException ioe) {
                ioe.printStackTrace();
            }
           
            if(null != connection) {
                System.out.println("Closing connection...");
                connection.disconnect();
            }
           
        }
       
        System.out.println("response = " + sb.toString());
        return sb.toString();
       
    }
   
    public static String getSecureXMLResponse(String query) {
        StringBuffer sb = new StringBuffer();
        HttpsURLConnection connection = null;
       
        try {
            String xmlQuery = SECURE_XML_URL + query;
            System.out.println("NEW XML QUERY = " + xmlQuery);
           
            URL u = new URL(xmlQuery);
            System.out.println("Opening connection...");
            URLConnection uc = u.openConnection();
           
           
            connection = (HttpsURLConnection) uc;
            connection.setDoOutput(true);
            connection.setDoInput(true);
            connection.setRequestMethod("POST");
           
            // Send the request and get the response.
            bin = new BufferedInputStream(connection.getInputStream());
            int ch=0;
            while((ch=bin.read())> -1) {
                sb.append((char)ch);
            }
        } catch (IOException ioe) {
            //System.err.println(ioe);
            ioe.printStackTrace();
        } finally {
            try {
                if(null != bin) {
                    bin.close();
                }
            } catch (IOException ioe) {
                ioe.printStackTrace();
            }
           
            if(null != connection) {
                System.out.println("Closing connection...");
                connection.disconnect();
            }
           
        }
       
        System.out.println("response = " + sb.toString());
        return sb.toString();
    }
0
Comment
Question by:nateforrest1
1 Comment
 
LVL 11

Accepted Solution

by:
WelkinMaze earned 2000 total points
ID: 16495794
Hi,

You can look here for how to create your own certificate:
http://www.experts-exchange.com/Programming/Programming_Languages/Q_21818679.html
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Browsing the questions asked to the Experts of this forum, you will be amazed to see how many times people are headaching about monster regular expressions (regex) to select that specific part of some HTML or XML file they want to extract. The examp…
Create a Windows 10 custom Image with custom task bar and custom start menu using XML for deployment.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Loops Section Overview

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question