I am using Java and Netbeans to fetch data from web service given on http://webservices.nbs.rs/CommunicationOfficeSiteDoc/SerCyrl/default.html , the one I use is https://webservices.nbs.rs/CommunicationOfficeService1_0/CompanyAccountXmlService.asmx?WSDL this one .It is a service used by companies to get data about other companies in Serbia's National Bank Web service .
I got from them a user name password and a licence key. I did this earlier in php so I had some library and everything went fine and still does. Now I need to make this in a java desktop app...While working with php I did not need any certificate to install , now I think I do so I imported the certificate to my trusted jar certificates using keytool -import -keystore cacerts -file Bank.cer
.
These are the steps:
1.Make a new web service in the Java project
2.Now Netbeans will generate a code for web service access
3.I put the data that I got from the Bank in a generated class
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "AuthenticationHeader", propOrder = {
"This is where I put mu userName",
"This is where I put mu userName password",
"This is where I put mu userName licenceID"
})
4.I drag a method I need I get the code generated to which I add a few lines of code
public class BankWebService {
/**
* @param args the command line arguments
*/
public static void main(String[] args) {
String mycompany=getCompanyAccountByNationalIdentificationNumber(107286472);
System.out.println(mycompany);
// TODO code application logic here
}
private static String getCompanyAccountByNationalIdentificationNumber(long nationalIdentificationNumber) {
rs.nbs.communicationoffice.CompanyAccountXmlService service = new rs.nbs.communicationoffice.CompanyAccountXmlService();
rs.nbs.communicationoffice.CompanyAccountXmlServiceSoap port = service.getCompanyAccountXmlServiceSoap();
return port.getCompanyAccountByNationalIdentificationNumber(nationalIdentificationNumber);
}
}
And I get a nice result as :
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:117)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:194)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:122)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:95)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:626)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:585)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:570)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:467)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:308)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:146)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:98)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:129)
at com.sun.proxy.$Proxy30.getCompanyAccountByNationalIdentificationNumber(Unknown Source)
at bankwebservice.BankWebService.getCompanyAccountByNationalIdentificationNumber(BankWebService.java:25)
at bankwebservice.BankWebService.main(BankWebService.java:17)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:105)
... 15 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 27 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 33 more
IS THERE A SIMPLE WAY TO DO THIS IN NETBEANS AND MAKE IT WORK !
Solved the problem by avoiding the check for certificate using the next class :
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivilegedAction;
import java.security.Security;
import java.security.cert.X509Certificate;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509TrustManager;
public final class XTrustProvider extends java.security.Provider {
/**
*
*/
private static final long serialVersionUID = 1L;
private final static String NAME = "XTrustJSSE";
private final static String INFO = "XTrust JSSE Provider (implements trust factory with truststore validation disabled)";
private final static double VERSION = 1.0D;
public XTrustProvider() {
super(NAME, VERSION, INFO);
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
put("TrustManagerFactory." + TrustManagerFactoryImpl.getAlgorithm(), TrustManagerFactoryImpl.class.getName());
return null;
}
});
}
public static void install() {
if(Security.getProvider(NAME) == null) {
Security.insertProviderAt(new XTrustProvider(), 2);
Security.setProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactoryImpl.getAlgorithm());
}
}
public final static class TrustManagerFactoryImpl extends TrustManagerFactorySpi {
public TrustManagerFactoryImpl() { }
public static String getAlgorithm() { return "XTrust509"; }
protected void engineInit(KeyStore keystore) throws KeyStoreException { }
protected void engineInit(ManagerFactoryParameters mgrparams) throws InvalidAlgorithmParameterException {
throw new InvalidAlgorithmParameterException( XTrustProvider.NAME + " does not use ManagerFactoryParameters");
}
protected TrustManager[] engineGetTrustManagers() {
return new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() { return null; }
public void checkClientTrusted(X509Certificate[] certs, String authType) { }
public void checkServerTrusted(X509Certificate[] certs, String authType) { }
}
};
}
}
}
In your code on the start you call the class with
XTrustProvider.install();
this will avoid certificate checking...