Mi sto occupando dello sviluppo di un connettore per OpenAM. Per effettuare le varie operazioni, al posto di utilizzare il clientsdk, abbiamo scelto di usare le interfacce REST offerte da OpenAM; nel caso in cui quest'ultimo sia deployato in https, la chiamata restituisce un'eccezione del tipo:
Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:309) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:260) at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:167) at Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
per superare questo basta lanciare il metodo seguente prima delle chiamate REST.
public static void trustSelfSignedSSL() { try { SSLContext ctx = SSLContext.getInstance("TLS"); X509TrustManager tm = new X509TrustManager() { @Override public void checkClientTrusted(final X509Certificate[] xcs, final String string) throws CertificateException { } @Override</p> public void checkServerTrusted(final X509Certificate[] xcs, final String string) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; ctx.init(null, new TrustManager[]{tm}, null); SSLContext.setDefault(ctx); } catch (KeyManagementException kme) { LOG.error("Error during SSL configuration", kme); } catch (NoSuchAlgorithmException nsae) { LOG.error("Error during SSL configuration", nsae); } }