2 Replies Latest reply on Feb 26, 2014 1:46 PM by anikulin

HTTPS with RESTeasy reference: SSLPeerUnverifiedException: peer not authenticated

anikulin Feb 26, 2014 8:03 AM

I tried to create a REST reference for fetching data from webservice, which uses only https protocol. I have my reference configured like this:

<sca:reference name="OwnCloudService" multiplicity="1..1" promote="StrategyService/OwnCloudService">
      <sca:interface.java interface="com.magick.metaConnector.service.rest.OwnCloudService"/>
      <resteasy:binding.rest name="rest1">
        <resteasy:interfaces>com.magick.metaConnector.service.rest.OwnCloudService</resteasy:interfaces>
        <resteasy:address>https://owncloud.magick.nu</resteasy:address>
        <resteasy:timeout>10000</resteasy:timeout>
      </resteasy:binding.rest>
    </sca:reference>

And when SY sends a request to this url, i have such exception:

14:13:18,948 ERROR [stderr] (http-localhost/127.0.0.1:8080-2) Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
14:13:18,948 ERROR [stderr] (http-localhost/127.0.0.1:8080-2) at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
14:13:18,948 ERROR [stderr] (http-localhost/127.0.0.1:8080-2) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
14:13:18,949 ERROR [stderr] (http-localhost/127.0.0.1:8080-2) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
14:13:18,949 ERROR [stderr] (http-localhost/127.0.0.1:8080-2) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
14:13:18,949 ERROR [stderr] (http-localhost/127.0.0.1:8080-2) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
14:13:18,950 ERROR [stderr] (http-localhost/127.0.0.1:8080-2) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
14:13:18,950 ERROR [stderr] (http-localhost/127.0.0.1:8080-2) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
14:13:18,950 ERROR [stderr] (http-localhost/127.0.0.1:8080-2) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)

It seems SSL sertificate that is provided by this particular website is not supported by HttpClient. There is an article where guys proposed a workaroud for this issue http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html

Is it possible to do something similar in SY or resolve this issue in some other way?

Thanks, Anton

1. Re: HTTPS with RESTeasy reference: SSLPeerUnverifiedException: peer not authenticated

kcbabo Feb 26, 2014 8:28 AM (in response to anikulin)

It is not possible to use an untrusted/invalid cert with the REST binding. I understand how this can be useful in test or isolated deployment scenarios, so feel free to file a JIRA requesting it as an enhancement. We have to be really careful about how this is supported, so it wouldn't be default behavior and would require explicit config to enable.
Actions
2. Re: HTTPS with RESTeasy reference: SSLPeerUnverifiedException: peer not authenticated

anikulin Feb 26, 2014 1:46 PM (in response to kcbabo)

Thanks, Keith
Actions

Go to original post