Schalter setzen um sebstsignierten Zertifikaten zu vertrauen

VfL_Freak

Top Contributor
Guten Morgen,
ich stehe hier vor einem Problem, dass mit leider an den Rand meiner Kenntnis bringt (oder vermutlich sogar darüber hinaus ;))

Ich soll von einem Java-Programm aus per REST Daten von unserer Telefonanlage abfragen.
Ich habe zunächst eine Methode gebastelt, die zu einem Benutzerkürzel die IP des von ihm angemeldeten SNOM-Telefons ermittelt und zurückgibt.
Java:
    public static void initialzeSnomFonData( String userKuerzel )
    {
       URL url = null;
       HttpURLConnection httpCon = null;

       try
       {
           // xxx.yyy.zzz = Adresse der Telefonanlage
           String abfrageString = "[URL]http://xxx.yyy.zzz/services/identity/[/URL]" + userKuerzel + "/defaultdevice";
           url = new URL( abfrageString );
           httpCon = (HttpURLConnection)url.openConnection();
           httpCon.setReadTimeout( 10000 );
           httpCon.setConnectTimeout( 10000 );

           final String userName = "myUserName";  // anonymisiert
           final String password = "MyPasswort";    // anonymisiert
           byte[] encodedPassword = ( userName + ":" + password ).getBytes();

           String base64encodedString = Base64.getEncoder().encodeToString( encodedPassword );
           httpCon.setRequestProperty( "Authorization", "Basic " + base64encodedString );

           httpCon.setRequestProperty( "Content-Type", "application/json" );
           httpCon.setRequestProperty( "Accept", "application/json" );
           httpCon.setRequestMethod( "GET" );

           // ################################################
           // hier fliegt in der  HTTPS-Variante die unten beschriebene Exception
           // ################################################                  BufferedReader reader = new BufferedReader( new InputStreamReader(httpCon.getInputStream()) );

           String inputLine;
           StringBuffer response = new StringBuffer();
           while( (inputLine = reader.readLine()) != null )
           {
               response.append(inputLine);
           }
           reader.close();

           String[] ergList = null;
           if( response.length() > 0 )
           {
               // alle '[', ']' und '"' durch Blanks ersetzen
               String s1 = response.toString().replace( "[", "" );
               String s2 = s1.replace( "]", "" );
               String s3 = s2.replace( "\"", "" );

               // ergList füllen
               Pattern p = Pattern.compile( "," ); // splitten nach dem Komma
                 String[] sData = p.split( s3, 0 );
               ergList = new String[sData.length];
               for( int i = 0; i < sData.length; i++ )
               {
                   ergList[I] = sData[I];
//System.out.println( "ergList[I]=<" + ergList[I] + ">" );
                   if( ergList[I].startsWith("ip:") )
                   {
                       // hier wird die gefundene IP auf eine globale Variable gesetzt
                       SNOMFON_IP_MOBYDICK = ergList[I].substring( 3, ergList[I].length() );
                       SNOM_IS_ACTIVE = true;
                       break;
                   }
               }
           }
           else
           {
               ergList = new String[] { " " };
               SNOM_IS_ACTIVE = false;
           }
       }
       catch (Exception e)
       {
           System.out.println( "Exception in der Rest-Abfrage" );
           e.printStackTrace();
       }
       finally
       {
           if( httpCon != null )
           {
               httpCon.disconnect();
               httpCon = null;
           }
       }
       System.out.println( "http: SNOMFON_IP_MOBYDICK=<" + SNOMFON_IP_MOBYDICK + ">" );
    } // initialzeSnonFonData
[/I][/I][/I][/I][/I][/I][/I]
So weit, so gut - das funktioniert auch einwandfrei :)

Jetzt versuche ich, diese HTTP-Variante durch HTTPS zu ersetzen.
Es ist genau der gleiche Code, nur das die HttpURLConnection durch HttpsURLConnection ersetzt wurde. Wenn sie dann ausführe, fliegt an der oben markierten Stelle folgende Exception:
javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
at sun.security.ssl.ClientHandshaker.handshakeAlert(ClientHandshaker.java:1542)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2026)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)

// #################
// 1080 ist die oben markierte Zeile !!
// #################
at com.gselectronic.worker.config.Config.initialzeSnomFonDataViaHttps(Config.java:1080)
at com.gselectronic.worker.dialogs.DlgLogin.actionPerformed(DlgLogin.java:306)

at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
at javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(BasicRootPaneUI.java:208)
at javax.swing.SwingUtilities.notifyAction(SwingUtilities.java:1663)
at javax.swing.JComponent.processKeyBinding(JComponent.java:2882)
at javax.swing.KeyboardManager.fireBinding(KeyboardManager.java:307)
at javax.swing.KeyboardManager.fireKeyboardAction(KeyboardManager.java:250)
at javax.swing.JComponent.processKeyBindingsForAllComponents(JComponent.java:2974)
at javax.swing.JComponent.processKeyBindings(JComponent.java:2966)
at javax.swing.JComponent.processKeyEvent(JComponent.java:2845)
at java.awt.Component.processEvent(Component.java:6310)
at java.awt.Container.processEvent(Container.java:2237)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2295)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.KeyboardFocusManager.redispatchEvent(KeyboardFocusManager.java:1954)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(DefaultKeyboardFocusManager.java:806)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(DefaultKeyboardFocusManager.java:1074)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(DefaultKeyboardFocusManager.java:945)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent(DefaultKeyboardFocusManager.java:771)
at java.awt.Component.dispatchEventImpl(Component.java:4760)
at java.awt.Container.dispatchEventImpl(Container.java:2295)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:109)
at java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:756)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:726)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
// Ausgabe:
HTTPS: SNOMFON_IP_MOBYDICK=<0.0.0.0>

Der Kollege aus der IT, der sich um die Telefonanlage kümmert, meinte nur lax
"... Du musst dem Java cert manuell vertrauen oder einen Schalter setzten, dass selbstsignierten Zertifikaten vertraut wird ..."
Nur sagt mir dies beides, auch nach dem Lesen div. Webseiten herzlich wenig!
Das ich das Java-Zertifikat nicht kenne, ist mein Vertrauen doch ziemlich getrübt ;)
Wie sähe denn der genannte Schalter aus?
Er müsste ja vermutlich als Argument mit "-D" übergeben werden, oder?

Ich hoffe, dass mich hier irgendwer auf die richtige Spur bringen kann :)
Bei Fragen fragen ;)

VG Klaus
 

VfL_Freak

Top Contributor
Moin mrBrown,
erstmal Danke :)

Habe gerade mal die erste Variante mit "-Djsse.enableSNIExtension=false" getestet.
Das klappt leider auch nicht, jetzt an der gleichen Stelle allerdings eine andere Exception :(
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching xxx.yyy.zzz found
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching gsetk.gselectronic.com found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
at com.gselectronic.worker.config.Config.initialzeSnomFonDataViaHttps(Config.java:1076)
at com.gselectronic.worker.dialogs.DlgLogin.actionPerformed(DlgLogin.java:306)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
at javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(BasicRootPaneUI.java:208)
at javax.swing.SwingUtilities.notifyAction(SwingUtilities.java:1663)
at javax.swing.JComponent.processKeyBinding(JComponent.java:2882)
at javax.swing.KeyboardManager.fireBinding(KeyboardManager.java:307)
at javax.swing.KeyboardManager.fireKeyboardAction(KeyboardManager.java:250)
at javax.swing.JComponent.processKeyBindingsForAllComponents(JComponent.java:2974)
at javax.swing.JComponent.processKeyBindings(JComponent.java:2966)
at javax.swing.JComponent.processKeyEvent(JComponent.java:2845)
at java.awt.Component.processEvent(Component.java:6310)
at java.awt.Container.processEvent(Container.java:2237)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2295)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.KeyboardFocusManager.redispatchEvent(KeyboardFocusManager.java:1954)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(DefaultKeyboardFocusManager.java:806)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(DefaultKeyboardFocusManager.java:1074)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(DefaultKeyboardFocusManager.java:945)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent(DefaultKeyboardFocusManager.java:771)
at java.awt.Component.dispatchEventImpl(Component.java:4760)
at java.awt.Container.dispatchEventImpl(Container.java:2295)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:109)
at java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:756)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:726)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Caused by: java.security.cert.CertificateException: No name matching gsetk.gselectronic.com found
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:231)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:96)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
... 71 more
Die zweite Variante werde ich gleich mal ausprobieren!
VG Klaus
 

VfL_Freak

Top Contributor
oha, jetzt werden die Meldungen noch wilder ...
unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
at com.gselectronic.worker.config.Config.initialzeSnomFonDataViaHttps(Config.java:1077)
at com.gselectronic.worker.dialogs.DlgLogin.actionPerformed(DlgLogin.java:306)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
at javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(BasicRootPaneUI.java:208)
at javax.swing.SwingUtilities.notifyAction(SwingUtilities.java:1663)
at javax.swing.JComponent.processKeyBinding(JComponent.java:2882)
at javax.swing.KeyboardManager.fireBinding(KeyboardManager.java:307)
at javax.swing.KeyboardManager.fireKeyboardAction(KeyboardManager.java:250)
at javax.swing.JComponent.processKeyBindingsForAllComponents(JComponent.java:2974)
at javax.swing.JComponent.processKeyBindings(JComponent.java:2966)
at javax.swing.JComponent.processKeyEvent(JComponent.java:2845)
at java.awt.Component.processEvent(Component.java:6310)
at java.awt.Container.processEvent(Container.java:2237)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2295)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.KeyboardFocusManager.redispatchEvent(KeyboardFocusManager.java:1954)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(DefaultKeyboardFocusManager.java:806)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(DefaultKeyboardFocusManager.java:1074)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(DefaultKeyboardFocusManager.java:945)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent(DefaultKeyboardFocusManager.java:771)
at java.awt.Component.dispatchEventImpl(Component.java:4760)
at java.awt.Container.dispatchEventImpl(Container.java:2295)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:109)
at java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:756)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:726)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
... 71 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 77 more
:(
 

Thallius

Top Contributor
Ich habe das schon mal gemacht vor ein paar Jahren weis aber nicht mehr auswendig wie ich es geschafft habe, weis nur das ich auch lange gebastelt habe. Bin noch bis Sonntag im Urlaub. Wenn du bis nächste Woche keine Lösung findest erinnert mich noch mal, dann suche ich mal ob ich die alten Sourcen noch finde.

Gruss

Claus
 

VfL_Freak

Top Contributor
Moin Claus,
ja, das wäre super :)
Da ich imMoment überhaupt nicht weiterkomme, werde ich das Thema erst mal beiseite schieben und mich um ein anderes Thema kümmern!
Danke und VG
Klaus
 

VfL_Freak

Top Contributor
Moin,
habe mittlerweile in einem anderen Forum die Info bekommen, dass es womöglich um ein Problem mit einem 'selbstsignierten' Zertifikat auf der Telefonanlage handeln könnte.
Ich habe unsere IT mal darauf angesetzt ...
VG Klaus
 

VfL_Freak

Top Contributor
Hi Sascha,
hatte gerade etwas Zeit und habe es mal schnell eingebaut.
Leider kommt die gleiche Meldung wie in meinem ersten Post - wieder beim "getInputStream()" :(

Hier nochmal schnell der aktuelle Code dazu:
Java:
    public static void initialzeSnomFonDataViaHttps( String userKuerzel )
    {
       URL url = null;
       HttpsURLConnection httpsUrlConnection = null;
       String https_url = "https://gsetk.gselectronic.com/services/identity/" + userKuerzel + "/defaultdevice";
       try
       {
           url = new URL( https_url );
           URLConnection urlConnection = url.openConnection();
           urlConnection.setReadTimeout( 10000 );
           urlConnection.setConnectTimeout( 10000 );

           final String userName = "mobyrest";
           final String password = "TiCjNT6KU72Qb5E";
           byte[] encodedPassword = ( userName + ":" + password ).getBytes();
          
           httpsUrlConnection = (HttpsURLConnection)urlConnection;

           String base64encodedString = Base64.getEncoder().encodeToString( encodedPassword );
           httpsUrlConnection.setRequestProperty( "Authorization", "Basic " + base64encodedString );
           httpsUrlConnection.setRequestProperty( "Content-Type", "application/json" );
           httpsUrlConnection.setRequestProperty( "Accept", "application/json" );
           httpsUrlConnection.setRequestMethod( "GET" );
          
           SSLSocketFactory sslSocketFactory = createSslSocketFactory();
           httpsUrlConnection.setSSLSocketFactory( sslSocketFactory );

           StringBuffer ergebnis = new StringBuffer();
           try( InputStream inputStream = httpsUrlConnection.getInputStream() )
           {
               BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
               String inputLine = null;
               while( (inputLine=reader.readLine()) != null )
               {
                   ergebnis.append( inputLine );
               }
           }
          
           String[] ergList = null;
           if( ergebnis.length() > 0 )
           {
               // alle '[', ']' und '"' entfernen
               String s1 = ergebnis.toString().replace( "[", "" );
               String s2 = s1.replace( "]", "" );
               String s3 = s2.replace( "\"", "" );

               // ergList füllen
               Pattern p = Pattern.compile( "," ); // nach dem Komma splitten
                 String[] sData = p.split( s3, 0 );
               ergList = new String[sData.length];
               for( int i = 0; i < sData.length; i++ )
               {
                   ergList[i] = sData[i];
//System.out.println( "ergList[i]=<" + ergList[i] + ">" );
                   if( ergList[i].startsWith("ip:") )
                   {
                       SNOMFON_IP_MOBYDICK = ergList[i].substring( 3, ergList[i].length() );
                       SNOM_IS_ACTIVE = true;
                       break;
                   }
               }
           }
           else
           {
               ergList = new String[] { " " };
               SNOM_IS_ACTIVE = false;
           }
       }
       catch (Exception e)
       {
           System.out.println( "Exception in der Rest-Abfrage" );
           e.printStackTrace();
       }
       finally
       {
           if( httpsUrlConnection != null )
           {
               httpsUrlConnection.disconnect();
               httpsUrlConnection = null;
           }
       }
       System.out.println( "HTTPS: SNOMFON_IP_MOBYDICK=<" + SNOMFON_IP_MOBYDICK + ">" );
    } // initialzeSnonFonDataViaHttps
// #####################################################
    private static SSLSocketFactory createSslSocketFactory()
       throws Exception
    {
       TrustManager[] byPassTrustManagers = new TrustManager[]
       {
           new X509TrustManager()
           {
               public java.security.cert.X509Certificate[ ] getAcceptedIssuers()
               {
                   return new java.security.cert.X509Certificate[0];
               }

               @Override
               public void checkClientTrusted( java.security.cert.X509Certificate[ ] chain, String authType )
                       throws CertificateException
               {
                   // TODO Auto-generated method stub
               }

               @Override
               public void checkServerTrusted( java.security.cert.X509Certificate[ ] chain, String authType )
                       throws CertificateException
               {
                   // TODO Auto-generated method stub
               }
           }
       };
      
       SSLContext sslContext = SSLContext.getInstance( "TLS" );
       sslContext.init( null, byPassTrustManagers, new SecureRandom() );
       return sslContext.getSocketFactory();
    } // createSslSocketFactory
VG Klaus
 

sascha-sphw

Top Contributor
Versuch mal
Java:
System.setProperty("jsse.enableSNIExtension", "false");
vor die Zeile
Code:
SSLSocketFactory sslSocketFactory = createSslSocketFactory();

Sonst weiß ich gerade auch nicht mehr weiter. :(
 

VfL_Freak

Top Contributor
Danke, dass hatte ich anfangs schon mal mit der "-D"-Option ans Programm übergeben.
Das hilft auch nicht wirklich, allerdings bekomme ich dann eine andere Exception:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching gsetk.gselectronic.com found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)

// gleiche Zeile wie oben (getInputStream)
at com.gselectronic.worker.config.Config.initialzeSnomFonDataViaHttps(Config.java:1082)
at com.gselectronic.worker.dialogs.DlgLogin.actionPerformed(DlgLogin.java:306)

at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
at javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(BasicRootPaneUI.java:208)
at javax.swing.SwingUtilities.notifyAction(SwingUtilities.java:1663)
at javax.swing.JComponent.processKeyBinding(JComponent.java:2882)
at javax.swing.KeyboardManager.fireBinding(KeyboardManager.java:307)
at javax.swing.KeyboardManager.fireKeyboardAction(KeyboardManager.java:250)
at javax.swing.JComponent.processKeyBindingsForAllComponents(JComponent.java:2974)
at javax.swing.JComponent.processKeyBindings(JComponent.java:2966)
at javax.swing.JComponent.processKeyEvent(JComponent.java:2845)
at java.awt.Component.processEvent(Component.java:6310)
at java.awt.Container.processEvent(Container.java:2237)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2295)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.KeyboardFocusManager.redispatchEvent(KeyboardFocusManager.java:1954)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(DefaultKeyboardFocusManager.java:806)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(DefaultKeyboardFocusManager.java:1074)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(DefaultKeyboardFocusManager.java:945)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent(DefaultKeyboardFocusManager.java:771)
at java.awt.Component.dispatchEventImpl(Component.java:4760)
at java.awt.Container.dispatchEventImpl(Container.java:2295)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:109)
at java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:756)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:726)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Caused by: java.security.cert.CertificateException: No name matching gsetk.gselectronic.com found
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:231)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:96)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1019)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
... 71 more
Sagt mir allerdings auch nicht viel ... die Adresse ist definitiv richtig, da es ja http funzt ... :(

Scheint wirklich ein Zertifikatsproblem der Telefonanlage zu sein !
VG Klaus
 

mrBrown

Super-Moderator
Mitarbeiter
Oder den ersten Teil von @sascha-sphw und den zweiten Teil aus dem Link von mir ;)

Die Property währenden der Laufzeit setzen ist gefährlich, mit etwas Pech wurde die vorher schon ausgelesen und die Änderung geht deshalb ins Leere
 

VfL_Freak

Top Contributor
Die Property währenden der Laufzeit setzen ist gefährlich, mit etwas Pech wurde die vorher schon ausgelesen und die Änderung geht deshalb ins Leere
ok ...
erster Versuch: das 'setproperty' wieder raus und stattdessen als Parameter '-D ...' an die VM übergeben
==> wieder/immer noch java.security.cert.CertificateException: No name matching gsetk.gselectronic.com found

zweiter Versuch: hinter httpsUrlConnection.setSSLSocketFactory( sslSocketFactory ) den 'SSLSkipSNIHostnameVerifier' eingebaut und Parameter '-D ...' an die VM übergeben
==> JAAAA es halt endlich geklappt!!
@mrBrown Du bist mein Held und hast meinen Tag (oder auch Woche - ok, eigentlich das Jahr :p) gerettet!

Ich werde es morgen noch in Ruhe verifizieren (muss jetzt erst zum Doc), aber es scheint wirklich zu klappen !
Vielen Dank für die Unterstützung!!
VG Klaus
 

Ähnliche Java Themen

Neue Themen


Oben