All geek questions in one place

Error using web service due to lack of certificate in Java (based on XML SOAP)

I need to use a web service that was created under Https in java. The web service client was generated using Eclipse, and I use the following code to call it:

ServicioTimbradoPruebasLocator ServicioTimbradoLocator = new ServicioTimbradoPruebasLocator(); ServicioTimbradoPruebasSoap ServicioTimbrado = ServicioTimbradoLocator.getServicioTimbradoPruebasSoap(); javax.xml.rpc.Stub s =((javax.xml.rpc.Stub)ServicioTimbrado); s._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "XXXXXXXX"); s._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, "psswd"); String resultado = ServicioTimbrado.generaTimbre(xml.getBytes()); System.out.println("resultado: " +resultado);

In this line String resultado = ServicioTimbrado.generaTimbre (xml.getBytes ()); I get the following error:

 AxisFault [java] faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException [java] faultSubcode: [java] faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [java] faultActor: [java] faultNode: [java] faultDetail: [java] {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [java] at sun.security.ssl.Alerts.getSSLException(Unknown Source) [java] at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) [java] at sun.security.ssl.Handshaker.fatalSE(Unknown Source) [java] at sun.security.ssl.Handshaker.fatalSE(Unknown Source) [java] at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) [java] at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) [java] at sun.security.ssl.Handshaker.processLoop(Unknown Source) [java] at sun.security.ssl.Handshaker.process_record(Unknown Source) [java] at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) [java] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) [java] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) [java] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) [java] at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186) [java] at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191) [java] at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404) [java] at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138) [java] at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) [java] at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) [java] at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) [java] at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) [java] at org.apache.axis.client.Call.invokeEngine(Call.java:2784) [java] at org.apache.axis.client.Call.invoke(Call.java:2767) [java] at org.apache.axis.client.Call.invoke(Call.java:2443) [java] at org.apache.axis.client.Call.invoke(Call.java:2366) [java] at org.apache.axis.client.Call.invoke(Call.java:1812) [java] at mx.com.timbrado.test.cfdi.ServicioTimbradoPruebasSoapStub.generaTimbre(ServicioTimbradoPruebasSoapStub.java:107) [java] at natura.facturacion.general.GuardarFacturaElectronicav2.doPost(GuardarFacturaElectronicav2.java:136) ...

I want to know if there is a way to send a certificate along with a webservice call. More information about the wsdl contract and files created in java can be found here.

+6
source share
2 answers

Depending on the version of Java you are using, one of the β€œlatest” 1.6 JRE / JDK updates includes a significant change to global CACerts (a trusted authority that signs SSL certificates, such as Verisign) to include some of the new types of certificates that are around.

I recommend upgrading to the latest versions of Java to make sure this works, if not, option 2 is ...

Using SSLPoke.java , you can find out which certificates are missing and InstallCert.java to install them as follows:

  • java InstallCert webserver.domain.com-00-0043
  • Copy the generated jssecacerts file to the $ JAVA_HOME \ jre \ lib \ security folder.

If this still causes problems, you can include the output from sslpoke, an example use;

 # java SSLPoke webserver.domain.com 443 Successfully connected

If ALL does not work, and you can get the certificate file (crt), you can manually import the file using the keytool command (cacerts is the file that will be created in your local working directory, make sure you move it to java in your JRE / JDK);

keytool -import -trustcacerts -alias AddTrustExternalCARoot -file cetificate.crt -keystore cacerts

+5
source

You can refer to this topic: How to handle invalid SSL certificates using Apache HttpClient?

Of course, you have the WSDL SOAP Web Service, there you have the Apache HTTP client, but the error is the same and you can handle it in the same way (or ways).

You can:

1 - make your program accept SSL certificate ANY

2 - Download and install the SSL certificate you are missing in your JVM

Option 1 is simpler (in most cases), but you should use it ONLY before the release, otherwise it will be easy for you to set β€œMan in medium attack”. The second (usually) best choice.

There is a synthetic but well-explained documentation for those two points above with code samples: http://ws.apache.org/xmlrpc/ssl.html

+1
source

Source: https://habr.com/ru/post/907349/

More articles:


All Articles