[AG-DEV] Venue Server certificates problem

Andrew A Rowley Andrew.Rowley at manchester.ac.uk
Wed Jul 12 02:57:03 CDT 2006


Hi,

Java by default will not accept a server certificate unless it, or its CA is in the trusted store.  As you say, you can get round this with TrustManagers by doing the following:

SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[]{new AcceptAllTrustManager()}, 
                new SecureRandom());
SSLSocketFactory sslsocketfactory = sslContext.getSocketFactory();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(server, 
                                                                port);

You then need the code for the AcceptAllTrustManager, which is:

public class AcceptAllTrustManager implements X509TrustManager {
    
    public void checkClientTrusted(X509Certificate[] chain, 
        String authType) {
        // Do Nothing just now
    }

    public void checkServerTrusted(X509Certificate[] chain, 
        String authType) {
        // Do nothing just now
    }

    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}

You can make this all more secure by adding prompts to check that the server is trusted by the client, but this will get round the problems (it does for me anyway).

Andrew :)

============================================
Access Grid Support Centre,
RSS Group,
Manchester Computing,
Kilburn Building,
University of Manchester,
Oxford Road,
Manchester, 
M13 9PL, 
UK
Tel: +44(0)161-275 0685
Email: Andrew.Rowley at manchester.ac.uk 

> -----Original Message-----
> From: owner-ag-dev at mcs.anl.gov [mailto:owner-ag-dev at mcs.anl.gov] On Behalf
> Of Rod Harris
> Sent: 12 July 2006 04:40
> To: ag-dev at mcs.anl.gov
> Subject: [AG-DEV] Venue Server certificates problem
> 
> Hi All
> 
>     I'm in the middle of trying to get VB running as a shared app with
> AG3.
> 
> VB is a Java app and I'm using WSIF to connect to the Venue to get the
> streams.
> 
> I've generated the Java code from the WSDL thats part of AG 3.0.1
> 
> I get this error however when calling the GetStreams method:
>     PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> 
> After searching today I found a few explanations that reckon that its
> that the certificate(s) obtained from the VenueServer are not trusted.
> 
> I tried a few hacks to get around this (disabling or modifying
> TrustManagers) but nothing worked.
> 
> I've used WSIF to successfully connect to another server that doesn't
> use SSL so I'm sure the problem is somewhere with the certificates.
> 
> I've also tried to connect to both the APAG and ANL venue servers and
> had the same problem.
> 
> So, I was wondering if anyone has used WSIF to connect to a secure AG3
> venue and if so what they did to get it to work.
> 
>     Cheers, Rod
> 
> 
> 
> 
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.394 / Virus Database: 268.9.10/385 - Release Date: 11/07/2006
> 




More information about the ag-dev mailing list