trying to acess an ssl resource fail

[ahmeddrira]

hi
after securing my jboss server by enbling ssl and creating my certifica , i am note able to access my services from android using restetmplate
the stack error is

Code:

05-24 07:56:15.662: W/System.err(457): org.springframework.web.client.ResourceAccessException: I/O error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
......

05-24 07:56:15.682: W/System.err(457): Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.


05-24 07:56:15.732: W/System.err(457): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.


05-24 07:56:15.742: W/System.err(457): Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

on the naviguator i have to accept the untrested sertifica ... is there somthing like this on android ?

[ahmeddrira]

thanks a lot for the 40 views your suggestion was very helpful this is the solution that i found ==>

first i creat this class

Code:

package com.soutem.service;

import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.conn.ssl.SSLSocketFactory;

public class SpringSSLSocketFactory extends SSLSocketFactory {
	SSLContext sslContext = SSLContext.getInstance("TLS");

	public SpringSSLSocketFactory(KeyStore truststore)
			throws NoSuchAlgorithmException, KeyManagementException,
			KeyStoreException, UnrecoverableKeyException {
		super(truststore);
		TrustManager tm = new X509TrustManager() {
			public void checkClientTrusted(X509Certificate[] chain,
					String authType) throws CertificateException {
			}

			public void checkServerTrusted(X509Certificate[] chain,
					String authType) throws CertificateException {
			}

			public X509Certificate[] getAcceptedIssuers() {
				return null;
			}
		};

		sslContext.init(null, new TrustManager[] { tm }, null);
	}

	@Override
	public Socket createSocket(Socket socket, String host, int port,
			boolean autoClose) throws IOException, UnknownHostException {
		return sslContext.getSocketFactory().createSocket(socket, host, port,
				autoClose);
	}

	@Override
	public Socket createSocket() throws IOException {
		return sslContext.getSocketFactory().createSocket();
	}

}

then this one

Code:

package com.soutem.service;
import java.security.KeyStore;

import org.apache.http.HttpVersion;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpParams;
import org.apache.http.params.HttpProtocolParams;
import org.apache.http.protocol.HTTP;

public class HttpsClient {
        public static HttpClient getNewHttpClient() {
            try {
                KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                trustStore.load(null, null);
                SSLSocketFactory sf = new SpringSSLSocketFactory(trustStore);
                sf.setHostnameVerifier(
                       SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
                HttpParams params = new BasicHttpParams();
                HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
                HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
                SchemeRegistry registry = new SchemeRegistry();
                registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 8080));
                registry.register(new Scheme("https", sf, 8443));
                ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
                return new DefaultHttpClient(ccm, params);
            } catch (Exception e) {
                return new DefaultHttpClient();
            }
        }
}

on my methode service

Code:

HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
				RestTemplate restTemplate = new RestTemplate(requestFactory);
				restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory(HttpsClient.getNewHttpClient()));
				PersonneMorale response = restTemplate.getForObject(url
						+ "findByLogin?login=" + params[0]+"&password="+params[1], PersonneMorale.class);

so this my solution thanks for the ipragmatech comunity
ma be there is a more powrful solution

[ahmeddrira]

you are welcome

[Roy Clarkson]

Thanks for providing your solution, and the feedback! I'll add a JIRA for evaluating if there is a better way to handle untrusted SSL certificates in Spring for Android.

[noXi1]

"Trust anchor for certification path not found.; "
Just use a verifyed cert (on your server) or add your selfsigned cert to the trusted certs in android...

[Tuno]

Thanks for this life saving post. Could you post the JIRA issue so we can track it/vote on it?