9 messages in net.java.dev.glassfish.usersRe: custom X509TrustManager| From | Sent On | Attachments |
|---|---|---|
| glas...@javadesktop.org | Jul 4, 2008 2:39 pm | |
| glas...@javadesktop.org | Jul 7, 2008 6:29 am | |
| Jeanfrancois Arcand | Jul 7, 2008 9:00 am | |
| glas...@javadesktop.org | Jul 8, 2008 12:06 am | |
| glas...@javadesktop.org | Jul 8, 2008 1:50 am | |
| glas...@javadesktop.org | Jul 8, 2008 7:10 am | |
| glas...@javadesktop.org | Jul 9, 2008 12:01 am | |
| glas...@javadesktop.org | Jul 9, 2008 4:02 am | |
| glas...@javadesktop.org | Jul 11, 2008 1:59 am |
| Subject: | Re: custom X509TrustManager | |
|---|---|---|
| From: | glas...@javadesktop.org (glas...@javadesktop.org) | |
| Date: | Jul 8, 2008 12:06:57 am | |
| List: | net.java.dev.glassfish.users | |
this doesn't seem to work:
w/o any special implementation of X509TrustManager (aka "accept-all-version"),
by simply initializing SSLContext:
SSLContext context = SSLContext.getInstance("TLS"); TrustManager[] trustManagerArray = {new EMEX509TrustManager()}; context.init(null, trustManagerArray, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
glassfish in it's logs is saying that my custom Lifecyclelistener is
initializing, but next call to https website (where specific client certificate
is required) returns following error:
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1427)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:189)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at
com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1253)
at
com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:148)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:458)
at java.security.AccessController.doPrivileged(Native Method)
at
com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:875)
at
com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.executeDelegatedTask(SSLUtils.java:303)
at
com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:378)
... 4 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(X509TrustManagerImpl.java:167)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(X509TrustManagerImpl.java:237)
at
com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1232)
... 11 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 17 more
which basically says that my custom X509TrustManager is not picked up ?
/mareks [Message sent by forum member 'mareks' (mareks)]