Hyland Connect

nkhoang · ‎08-03-2008

Hi all,

I have encountered some issues when I used Alfresco Web Service API to communicate with the ALfresco Repo running on SSL (https).

This is the way I configured my tomcat to run it on SSL.

<Connector port="8463" maxHttpHeaderSize="8192"               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"               enableLookups="false" disableUploadTimeout="true"               acceptCount="100" scheme="https" secure="true"               clientAuth="false" sslProtocol="TLS"             keystoreFile="certificates/.keystore"            keystorePass="changeit"            truststoreFile="C:\Program Files\Java\jdk1.5.0_04\jre\lib\security\cacerts"            />‍‍‍‍‍‍‍‍‍

What I'm doing here is to run the sample: FirstWebServiceClient.java (in Alfresco SDK samples) with Alfresco SSL.
After configuring the file: webserviceclient.properties (alfresco package) with the repository.location set to the right value:

https://localhost:8463/alfresco/api‍

and what I got is this:

Exception in thread "main" org.alfresco.webservice.util.WebServiceException: Error starting session.   at org.alfresco.webservice.util.AuthenticationUtils.startSession(AuthenticationUtils.java:94)   at org.alfresco.sample.FirstWebServiceClient.main(FirstWebServiceClient.java:54)Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target   at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)   at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)   at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)   at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)   at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)   at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)   at org.apache.axis.client.Call.invokeEngine(Call.java:2784)   at org.apache.axis.client.Call.invoke(Call.java:2767)   at org.apache.axis.client.Call.invoke(Call.java:2443)   at org.apache.axis.client.Call.invoke(Call.java:2366)   at org.apache.axis.client.Call.invoke(Call.java:1812)   at org.alfresco.webservice.authentication.AuthenticationServiceSoapBindingStub.startSession(AuthenticationServiceSoapBindingStub.java:187)   at org.alfresco.webservice.util.AuthenticationUtils.startSession(AuthenticationUtils.java:79)   … 1 moreCaused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target   at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)   at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)   at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)   at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)   at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)   at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)   at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)   at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)   at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)   at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)   at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)   … 12 moreCaused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target   at sun.security.validator.PKIXValidator.doBuild(Unknown Source)   at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)   at sun.security.validator.Validator.validate(Unknown Source)   at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)   at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)   at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)   … 24 moreCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target   at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)   at java.security.cert.CertPathBuilder.build(Unknown Source)   … 30 more‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Have I done anything wrong ? DO I have to configure anything else ?.

Please Help.

chapeaurouge · ‎09-14-2009

You need to import your web server certificate into your client with keytool.
Then in your code, you need to include the following:

System.setProperty("javax.net.ssl.trustStore", "/path/to/.keystore");        System.setProperty("javax.net.ssl.trustStorePassword", "password");‍‍

bwakkie · ‎09-16-2009

I guess that putting passwords hardcoded in a conf file isn't a very good idea. Can't you use ssl keys?

chapeaurouge · ‎09-16-2009

Maybe, I don't know. I just protect my conf file by setting restrictive permissions. These specific lines are in my code (.class) files… I don't fear much reverse engineering in my company (but who knows).

Hyland Connect

Web Services API and SSL Alfresco