0

I have HTTPS URL which will directly point to a specific file.

In my servlet when I try to receive this file, I am getting SSLHandshakeException in the line connection.getInputStream().

I am able to run this program without any errors in my normal Eclipse environment.

I am receiving exception when I use it in IBM WebSphere Portal 7 Environment.

I have attached the code below.

String filename = ""+request.getParameter("newName");
String filepath = ""+request.getParameter("filePath");

URL url = new URL(filepath);
URLConnection connection = url.openConnection();

InputStream in =  connection.getInputStream();


response.setContentType("APPLICATION/OCTET-STREAM");    
response.setHeader("Content-Disposition", "attachment ; filename="+filename+" ");

int i;
while((i=in.read()) != -1)
{
    response.getWriter().write(i);
}
in.close();

Below is the exception which I am receiving

Error 500: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error

Below is the error which I am receiving from logs

[1/2/15 5:46:24:930 EST] 000000b9 ServletWrappe E com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0068E: Uncaught exception created in one of the service methods of the servlet downloadServlet in application PA_FileCabinet. Exception created : javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
    java.security.cert.CertPathValidatorException: The certificate issued by EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA is not trusted; internal cause is: 
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.jsse2.o.a(o.java:30)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:216)
    at com.ibm.jsse2.kb.a(kb.java:411)
    at com.ibm.jsse2.kb.a(kb.java:150)
    at com.ibm.jsse2.lb.a(lb.java:106)
    at com.ibm.jsse2.lb.a(lb.java:716)
    at com.ibm.jsse2.kb.s(kb.java:659)
    at com.ibm.jsse2.kb.a(kb.java:393)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:850)
    at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:63)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:316)
    at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:220)
    at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:184)
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:40)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1207)
    at com.ibm.net.ssl.www2.protocol.https.b.getInputStream(b.java:66)
    at com.infores.portal.filecabinet.downloadServlet.doGet(downloadServlet.java:52)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:718)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1661)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1602)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:113)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:80)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:939)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:507)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:181)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3994)
    at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:945)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1592)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:191)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:453)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:515)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:306)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:277)
    at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
    at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1660)
Caused by: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
    java.security.cert.CertPathValidatorException: The certificate issued by EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA is not trusted; internal cause is: 
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.jsse2.util.h.b(h.java:96)
    at com.ibm.jsse2.util.h.b(h.java:69)
    at com.ibm.jsse2.util.g.a(g.java:11)
    at com.ibm.jsse2.pc.a(pc.java:8)
    at com.ibm.jsse2.pc.checkServerTrusted(pc.java:7)
    at com.ibm.ws.ssl.core.WSX509TrustManager.checkServerTrusted(WSX509TrustManager.java:359)
    at com.ibm.jsse2.lb.a(lb.java:171)
    ... 41 more
Sarin Jacob Sunny
  • 2,138
  • 3
  • 29
  • 61
  • 1
    take a look on this http://www-01.ibm.com/support/docview.wss?uid=swg21369939 and this http://stackoverflow.com/questions/21336145/certificate-not-trusted-by-websphere – Georgy Gobozov Jan 05 '15 at 11:57

2 Answers2

0

When you get an error response code keep in mind that then you cannot read the returned body content with getInputStream()

In this case you have to read the returned body with getErrorStream()

Teixi
  • 1,077
  • 8
  • 21
0

You need to add the certificate to the trusted store in WAS.

Apps
  • 3,284
  • 8
  • 48
  • 75