Written by massi
Mi sto occupando dello sviluppo di un connettore per OpenAM. Per effettuare le varie operazioni, al posto di utilizzare il clientsdk, abbiamo scelto di usare le interfacce REST offerte da OpenAM; nel caso in cui quest'ultimo sia deployato in https, la chiamata restituisce un'eccezione del tipo:
Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:309) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:260) at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:167) at Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
per superare questo basta lanciare il metodo seguente prima delle chiamate REST.
public static void trustSelfSignedSSL() { try { SSLContext ctx = SSLContext.getInstance("TLS"); X509TrustManager tm = new X509TrustManager() { @Override public void checkClientTrusted(final X509Certificate[] xcs, final String string) throws CertificateException { } @Override</p> public void checkServerTrusted(final X509Certificate[] xcs, final String string) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; ctx.init(null, new TrustManager[]{tm}, null); SSLContext.setDefault(ctx); } catch (KeyManagementException kme) { LOG.error("Error during SSL configuration", kme); } catch (NoSuchAlgorithmException nsae) { LOG.error("Error during SSL configuration", nsae); } }