Hvad betyder følgende fejl - og hvordan retter jeg den?

Der er problemer med certifikatet i forbindelse med en HTTPS URL.

Prøv med følgende kode først i programmet:

        SSLContext sslctx = SSLContext.getInstance("SSL");
        sslctx.init(null, new X509TrustManager[] { new MyTrustManager() }, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sslctx.getSocketFactory());

hvor:

class MyTrustManager implements X509TrustManager
{
    public void checkClientTrusted(X509Certificate[] chain, String authType) {
    }
    public void checkServerTrusted(X509Certificate[] chain, String authType) {
    }
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}

http://www.kickjava.com/?http://www.kickjava.com/2028.htm

kan du læse dokumentationen hvis ikke du har læst den

Jeg får stadigvæk den samme fejl.

Så prøv yderligere at tilføje:

HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());

hvor:

class MyHostnameVerifier implements HostnameVerifier {
  public boolean verify(String urlHostName, SSLSession session) {
      return true;
  }
}

altså:
SSLContext sslctx = null;
        HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());

        try {
            sslctx = SSLContext.getInstance("SSL");
            sslctx.init(null, new X509TrustManager[] { new MyTrustManager() }, null);
        }
        catch (KeyManagementException e)
        {
            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        }
        catch (NoSuchAlgorithmException e)
        {
            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        }
        HttpsURLConnection.setDefaultSSLSocketFactory(sslctx.getSocketFactory());

også har jeg oprette de to klasser:
class MyTrustManager implements X509TrustManager
{
    public void checkClientTrusted(X509Certificate[] chain, String authType)
    {
       
    }
    public void checkServerTrusted(X509Certificate[] chain, String authType)
    {
       
    }
    public X509Certificate[] getAcceptedIssuers()
    {
        return null;
    }
}

class MyHostnameVerifier implements HostnameVerifier
{
    public boolean verify(String urlHostName, SSLSession session)
    {
        return true;
    }
}

AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
faultActor:
faultNode:
faultDetail:
    {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:843)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
    at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
    at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:131)
    at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:370)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:88)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:147)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2719)
    at org.apache.axis.client.Call.invoke(Call.java:2702)
    at org.apache.axis.client.Call.invoke(Call.java:2378)
    at org.apache.axis.client.Call.invoke(Call.java:2301)
    at org.apache.axis.client.Call.invoke(Call.java:1758)
    at cvrwebservice.CVRBindingStub.getLegalUnit(Unknown Source)
    at CVR.Events.Update.updateUser(Update.java:85)
    at CVR.Events.Update.actionPerformed(Update.java:77)
    at java.awt.MenuItem.processActionEvent(MenuItem.java:597)
    at java.awt.MenuItem.processEvent(MenuItem.java:556)
    at java.awt.MenuComponent.dispatchEventImpl(MenuComponent.java:298)
    at java.awt.MenuComponent.dispatchEvent(MenuComponent.java:286)
    at java.awt.EventQueue.dispatchEvent(EventQueue.java:466)
    at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:234)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
    at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
    at sun.security.validator.Validator.validate(Validator.java:203)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
    at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:836)
    ... 32 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
    ... 37 more

Så er jeg vist løbet tør for gode ideer.

Skal man ikke importere cert i keystore.. mindes jeg måtte gøre noget ligende engang eller er det det du prøver at override

Kan man ikke gøre noget der minder om(fra c#):
internal class MySecurityPolicy : System.Net.ICertificatePolicy
    {
        public bool CheckValidationResult(ServicePoint sPoint, X509Certificate cert, WebRequest wRequest, int certProb)
        {
            return true;
        }
    }

Jeg er ligeglad med sikkerheden ligenu, der skal bare hul igennem - så kan jeg senere gøre det mere sikkert

Det var det som de 2 ovenfor skulle gøre.

ikke meget nyt her men jeg kan replikere fejlen .. godt nok ikke med axis da det ikke lige er sat op.

enten klares det med arnes forslag

public class Test {
    public static void main(String[] args) {
        TrustManager[] trustAllCerts = new TrustManager[]{
              new X509TrustManager() {
                  public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                      return null;
                  }
                  public void checkClientTrusted(
                      java.security.cert.X509Certificate[] certs, String authType) {
                  }
                  public void checkServerTrusted(
                      java.security.cert.X509Certificate[] certs, String authType) {
                  }
              }
          };
          try {
              SSLContext sc = SSLContext.getInstance("SSL");
              sc.init(null, trustAllCerts, new java.security.SecureRandom());
              HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
          } catch (Exception e) {
              e.printStackTrace();
          }
        HostnameVerifier hv = new HostnameVerifier() {
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        };
        HttpsURLConnection.setDefaultHostnameVerifier(hv);

        URL url = null;
        try {
            url = new URL("https://orda.dk");
        } catch (MalformedURLException e) {
            e.printStackTrace();
        }

        try {
            System.out.println(url.openConnection().getContent());
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}


eller ved at importere cert .. gå til https adressen og vælg view certificate/details -> copy to file

og så importer det med noget ala

keytool -import -file "C:\orda.cer" -trustcacerts -keystore "C:\Java\jdk1.5.0_01\jre\lib\security\cacerts"
default password: changeit
og brug


    public static void main(String[] args) {
        HostnameVerifier hv = new HostnameVerifier() {
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        };
        HttpsURLConnection.setDefaultHostnameVerifier(hv);

        URL url = null;
        try {
            url = new URL("https://orda.dk");
        } catch (MalformedURLException e) {
            e.printStackTrace();
        }

        try {
            System.out.println(url.openConnection().getContent());
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

så hvis det ikke kan gøre det så må der være et eller andet i axis.

Nu spørger jeg nok lidt dumt - men hvad gør:
URL url = null;
        try {
            url = new URL("https://orda.dk");
        } catch (MalformedURLException e) {
            e.printStackTrace();
        }

Han laver bare en helt normal HTTPS connection.

Prøv og kør med:

java -Daxis.socketSecureFactory=org.apache.axis.components.net.SunFakeTrustSocketFactory ...

0 [main] WARN utils.JavaUtils  - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
faultActor:
faultNode:
faultDetail:
    {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:843)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
    at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
    at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:131)
    at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:370)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:88)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:147)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2719)
    at org.apache.axis.client.Call.invoke(Call.java:2702)
    at org.apache.axis.client.Call.invoke(Call.java:2378)
    at org.apache.axis.client.Call.invoke(Call.java:2301)
    at org.apache.axis.client.Call.invoke(Call.java:1758)
    at cvrwebservice.CVRBindingStub.getLegalUnit(Unknown Source)
    at CVR.Events.Update.updateUser(Update.java:87)
    at CVR.Events.Update.actionPerformed(Update.java:79)
    at java.awt.MenuItem.processActionEvent(MenuItem.java:597)
    at java.awt.MenuItem.processEvent(MenuItem.java:556)
    at java.awt.MenuComponent.dispatchEventImpl(MenuComponent.java:298)
    at java.awt.MenuComponent.dispatchEvent(MenuComponent.java:286)
    at java.awt.EventQueue.dispatchEvent(EventQueue.java:466)
    at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:234)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
    at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
    at sun.security.validator.Validator.validate(Validator.java:203)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
    at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:836)
    ... 32 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
    ... 37 more

Hvad betyder disse egentligt:
0 [main] WARN utils.JavaUtils  - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.

det ser ud til at du mangler jaf og javamail i din classpath
http://java.sun.com/products/javabeans/glasgow/jaf.html
http://java.sun.com/products/javamail/

men det er vist ikke noget der har indflydelse på dit problem. den smider kun en warning.

At mail.jar (fra JavaMail) og activation.jar (fra JAF) ikke er i classpath.

Nope - det havde intet at gøre med problemet.

Og det var bare "-Daxis.socketSecureFactory=org.apache.axis.components.net.SunFakeTrustSocketFactory" jeg skulle forsøge at sætte ind i min classpath?

Ikke i classpath - som seperat option til Java kommandoen

FIk det aldirg til at virke