Paypal HttpHostConnectException

Question

I'm having a little trouble setting up Paypal and seem to be getting a HttpHostConnectException all the time (See full stacktrace below) I though that this could be an issue with the firewall but the networks team have guaranteed that they are allowing the address through the firewall. So does anyone have any suggestions on what might be causing this?

org.apache.http.conn.HttpHostConnectException: Connect to api-3t.sandbox.paypal.com:443 [api-3t.sandbox.paypal.com/173.0.82.83] failed: Connection timed out: connect
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:140)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
at uk.co.cdl.webclient.servicefacade.payment.PaypalPaymentService.paypalHttpCall(PaypalPaymentService.java:192)
at uk.co.cdl.webclient.servicefacade.payment.PaypalPaymentService.registerPaypalExpressCheckoutTransaction(PaypalPaymentService.java:125)
at uk.co.cdl.webclient.model.paypal.RegisterPaypalPayment.doPost(RegisterPaypalPayment.java:41)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:239)
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123)
... 31 more

Here's my Java code for the request

public HashMap<String, String> paypalHttpCall(final String methodName, List<NameValuePair> nvps) {
    String responseText = "";
    HashMap<String, String> responseNvp = null;

    CloseableHttpClient httpClient = HttpClientHelper.getDefaultHttpClient(30000);
    Status status = Status.HEALTHY;
    String description = "Paypal Connection Successful";

    addPostParameterIfNotEmpty(nvps, Paypal.METHOD, methodName);
    addPostParameterIfNotEmpty(nvps, "VERSION", this.paypalEndpointVersion);
    addPostParameterIfNotEmpty(nvps, "PWD", this.paypalPassword);
    addPostParameterIfNotEmpty(nvps, "USER", this.paypalUsername);
    addPostParameterIfNotEmpty(nvps, "SIGNATURE", this.paypalSignature);
    CloseableHttpResponse postResponse = null;      
    try {
        super.transactionStart();

        /* getExternalURL() returns https://api-3t.sandbox.paypal.com/nvp
         *
         */
        if (!UrlHelper.isAValidFullURL(getExternalURL())) {
            // shouldn't happen, but we're toasted if it does, so don't even try
            throw new IllegalArgumentException("bad url: "+getExternalURL());
        }

        final HttpPost httpPost = new HttpPost(getExternalURL());
        httpPost.setEntity(new UrlEncodedFormEntity(nvps, "UTF-8"));
        postResponse = httpClient.execute(httpPost); // Connection timeout here

    } catch (IOException ioe) {
        status = Status.DEAD;
        description = "We through an IOException so something bad has happened.";
        ioe.printStackTrace();
    } finally {
        super.transactionFinish(status, description);
    }

    return responseNvp;
}

Are you able to prove the networks team's claim? (Did they show it to you or did they tell you this?) e.g. Are you able to access and ping the address in question from the environment the program is executing from? I'm not saying the networks team is lying or doing a bad job, but sometimes careless mistakes happen and sometimes miscommunication can occur. — Ceiling Gecko, Jan 16 '15 at 11:25
They are certain that it has been added. It seems odd as I can now hit it in my browser but not in my code but it is sending over the same request. — Popeye, Jan 16 '15 at 11:40
That is odd. By chance do you have the application deployed locally? If it's deployed remotely then the networks team might have opened the connection for your local machine but not for the machine the application is deployed on. — Ceiling Gecko, Jan 16 '15 at 11:46
@ToYonos I've share some of my java code around where it makes the request hope it helps — Popeye, Jan 20 '15 at 09:39
So `https://api-3t.sandbox.paypal.com/nvp` works in your browser but in your code, running on your machine, it does not work ? — ToYonos, Jan 20 '15 at 10:14
@ToYonos Correct and I can even do a `curl -v https://api-3t.sandbox.paypal.com/nvp` and get a response (Though it has said about issuer of local certificates). The only place I can't seem to hit it is when sending the request through code — Popeye, Jan 20 '15 at 10:23
is this code working : http://pastebin.com/3L935xzQ ? For me it gives `HTTP/1.1 200 OK` — ToYonos, Jan 20 '15 at 10:47
@ToYonos nope doesn't work I get the exact same error but with `Connect to www.google.com:443 [www.google.com/173.194.66.99, www.google.com/173.194.66.103, www.google.com/173.194.66.104, www.google.com/173.194.66.105, www.google.com/173.194.66.106, www.google.com/173.194.66.147] failed: Connection timed out: connect` instead of saying paypal — Popeye, Jan 20 '15 at 14:10
@ToYonos The response I got from doing `telnet www.google.com 443` was `Connecting To www.google.com...Could not open connection to the host, on port 443: Connect failed` Could this still be a firewall issue? — Popeye, Jan 20 '15 at 14:47
Ok, I am positive now, it IS a firewall issue, port 443 is not opened. I think it's working in your browser because this one is using a proxy. — ToYonos, Jan 20 '15 at 14:49
@ToYonos right thanks I will send the log back to our networks team — Popeye, Jan 20 '15 at 14:50

score 3 · Accepted Answer · edited May 23 '17 at 11:50

3

According to the discussion with the OP in the comment section, I'm pretty sure it's a firewall issue. It's impossible to connect through telnet with the port 443, whatever the target, google or paypal.

This diagram, found in this answer is pretty useful when you are stuck like this :

Steps

edited May 23 '17 at 11:50

Community

1
1

answered Jan 20 '15 at 14:55

ToYonos

16,469
2
54
70

I am more then happy to reward you with the 250 points as you have been a huge help but I am just going to wait for the log I have sent back to our networks team to come back to see what they say, however +1 for now. – Popeye Jan 20 '15 at 15:07
1

On that note: **Do not-under any circumstance-use Telnet to verify connectivity to PayPal API endpoints or other IP addresses.** As Telnet is not SSL-aware and does not acknowledge the SSL handshake, this may trigger a temporary blacklist on the PayPal side, further complicating troubleshooting. Use CURL or OpenSSL instead. Source: https://ppmts.custhelp.com/app/answers/detail/a_id/733 – PayPal_Martin Jan 20 '15 at 15:15
@PayPal_Martin Does not *initiate* the SSL handshake. The client side of SSL does the initiating: the acknowledging, or rather the responding, is done by the server. The document is wrong. – user207421 Jan 20 '15 at 16:00
Technically, that explanation should be mended - The message stays the same. If we have an incoming TCP connection and it is not followed up by an SSL handshake, the originating IP address will eventually be blocked. – PayPal_Martin Jan 20 '15 at 16:20
Turns out that the firewall was still blocking me but then we found out that we were also being blocked by the proxy so thanks, enjoy the 250 points they were well spent. – Popeye Jan 22 '15 at 14:37

Paypal HttpHostConnectException

1 Answers1