# Schalter setzen um sebstsignierten Zertifikaten zu vertrauen



## VfL_Freak (4. Apr 2018)

Guten Morgen,
ich stehe hier vor einem Problem, dass mit leider an den Rand meiner Kenntnis bringt (oder vermutlich sogar darüber hinaus )

Ich soll von einem Java-Programm aus per REST Daten von unserer Telefonanlage abfragen.
Ich habe zunächst eine Methode gebastelt, die zu einem Benutzerkürzel die IP des von ihm angemeldeten SNOM-Telefons ermittelt und zurückgibt.


Spoiler: HTTP-Variante





```
public static void initialzeSnomFonData( String userKuerzel )
    {
       URL url = null;
       HttpURLConnection httpCon = null;

       try
       {
           // xxx.yyy.zzz = Adresse der Telefonanlage
           String abfrageString = "[URL]http://xxx.yyy.zzz/services/identity/[/URL]" + userKuerzel + "/defaultdevice";
           url = new URL( abfrageString );
           httpCon = (HttpURLConnection)url.openConnection();
           httpCon.setReadTimeout( 10000 );
           httpCon.setConnectTimeout( 10000 );

           final String userName = "myUserName";  // anonymisiert
           final String password = "MyPasswort";    // anonymisiert
           byte[] encodedPassword = ( userName + ":" + password ).getBytes();

           String base64encodedString = Base64.getEncoder().encodeToString( encodedPassword );
           httpCon.setRequestProperty( "Authorization", "Basic " + base64encodedString );

           httpCon.setRequestProperty( "Content-Type", "application/json" );
           httpCon.setRequestProperty( "Accept", "application/json" );
           httpCon.setRequestMethod( "GET" );

           // ################################################
           // hier fliegt in der  HTTPS-Variante die unten beschriebene Exception
           // ################################################                  BufferedReader reader = new BufferedReader( new InputStreamReader(httpCon.getInputStream()) );

           String inputLine;
           StringBuffer response = new StringBuffer();
           while( (inputLine = reader.readLine()) != null )
           {
               response.append(inputLine);
           }
           reader.close();

           String[] ergList = null;
           if( response.length() > 0 )
           {
               // alle '[', ']' und '"' durch Blanks ersetzen
               String s1 = response.toString().replace( "[", "" );
               String s2 = s1.replace( "]", "" );
               String s3 = s2.replace( "\"", "" );

               // ergList füllen
               Pattern p = Pattern.compile( "," ); // splitten nach dem Komma
                 String[] sData = p.split( s3, 0 );
               ergList = new String[sData.length];
               for( int i = 0; i < sData.length; i++ )
               {
                   ergList[I] = sData[I];
//System.out.println( "ergList[I]=<" + ergList[I] + ">" );
                   if( ergList[I].startsWith("ip:") )
                   {
                       // hier wird die gefundene IP auf eine globale Variable gesetzt
                       SNOMFON_IP_MOBYDICK = ergList[I].substring( 3, ergList[I].length() );
                       SNOM_IS_ACTIVE = true;
                       break;
                   }
               }
           }
           else
           {
               ergList = new String[] { " " };
               SNOM_IS_ACTIVE = false;
           }
       }
       catch (Exception e)
       {
           System.out.println( "Exception in der Rest-Abfrage" );
           e.printStackTrace();
       }
       finally
       {
           if( httpCon != null )
           {
               httpCon.disconnect();
               httpCon = null;
           }
       }
       System.out.println( "http: SNOMFON_IP_MOBYDICK=<" + SNOMFON_IP_MOBYDICK + ">" );
    } // initialzeSnonFonData
```
[/I][/I][/I][/I][/I][/I][/I]


_So weit, so gut - das funktioniert auch einwandfrei 

Jetzt versuche ich, diese HTTP-Variante durch HTTPS zu ersetzen.
Es ist genau der gleiche Code, nur das die *HttpURLConnection* durch *HttpsURLConnection* ersetzt wurde. Wenn sie dann ausführe, fliegt an der oben markierten Stelle folgende Exception:


Spoiler: Exception



javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name
   at sun.security.ssl.ClientHandshaker.handshakeAlert(ClientHandshaker.java:1542)
   at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2026)
   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
   at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
   at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
   at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)

// #################
// 1080 ist die oben markierte Zeile !!
// #################
   at com.gselectronic.worker.config.Config.initialzeSnomFonDataViaHttps(Config.java:1080)
   at com.gselectronic.worker.dialogs.DlgLogin.actionPerformed(DlgLogin.java:306)

   at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
   at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
   at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
   at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
   at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
   at javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(BasicRootPaneUI.java:208)
   at javax.swing.SwingUtilities.notifyAction(SwingUtilities.java:1663)
   at javax.swing.JComponent.processKeyBinding(JComponent.java:2882)
   at javax.swing.KeyboardManager.fireBinding(KeyboardManager.java:307)
   at javax.swing.KeyboardManager.fireKeyboardAction(KeyboardManager.java:250)
   at javax.swing.JComponent.processKeyBindingsForAllComponents(JComponent.java:2974)
   at javax.swing.JComponent.processKeyBindings(JComponent.java:2966)
   at javax.swing.JComponent.processKeyEvent(JComponent.java:2845)
   at java.awt.Component.processEvent(Component.java:6310)
   at java.awt.Container.processEvent(Container.java:2237)
   at java.awt.Component.dispatchEventImpl(Component.java:4889)
   at java.awt.Container.dispatchEventImpl(Container.java:2295)
   at java.awt.Component.dispatchEvent(Component.java:4711)
   at java.awt.KeyboardFocusManager.redispatchEvent(KeyboardFocusManager.java:1954)
   at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(DefaultKeyboardFocusManager.java:806)
   at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(DefaultKeyboardFocusManager.java:1074)
   at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(DefaultKeyboardFocusManager.java:945)
   at java.awt.DefaultKeyboardFocusManager.dispatchEvent(DefaultKeyboardFocusManager.java:771)
   at java.awt.Component.dispatchEventImpl(Component.java:4760)
   at java.awt.Container.dispatchEventImpl(Container.java:2295)
   at java.awt.Window.dispatchEventImpl(Window.java:2746)
   at java.awt.Component.dispatchEvent(Component.java:4711)
   at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
   at java.awt.EventQueue.access$500(EventQueue.java:97)
   at java.awt.EventQueue$3.run(EventQueue.java:709)
   at java.awt.EventQueue$3.run(EventQueue.java:703)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
   at java.awt.EventQueue$4.run(EventQueue.java:731)
   at java.awt.EventQueue$4.run(EventQueue.java:729)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
   at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:109)
   at java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)
   at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311)
   at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:756)
   at java.awt.EventQueue.access$500(EventQueue.java:97)
   at java.awt.EventQueue$3.run(EventQueue.java:709)
   at java.awt.EventQueue$3.run(EventQueue.java:703)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.awt.EventQueue.dispatchEvent(EventQueue.java:726)
   at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
   at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
   at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
   at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
   at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
// Ausgabe:
HTTPS: SNOMFON_IP_MOBYDICK=<0.0.0.0>



Der Kollege aus der IT, der sich um die Telefonanlage kümmert, meinte nur lax



			"... Du musst dem Java cert manuell vertrauen oder einen Schalter setzten, dass selbstsignierten Zertifikaten vertraut wird ..."
		
Zum Vergrößern anklicken....

Nur sagt mir dies beides, auch nach dem Lesen div. Webseiten herzlich wenig!
Das ich das Java-Zertifikat nicht kenne, ist mein Vertrauen doch ziemlich getrübt 
Wie sähe denn der genannte Schalter aus?
Er müsste ja vermutlich als Argument mit "-D" übergeben werden, oder?

Ich hoffe, dass mich hier irgendwer auf die richtige Spur bringen kann 
Bei Fragen fragen 

VG Klaus_


----------



## mrBrown (4. Apr 2018)

u.U. passt das? https://www.naschenweng.info/2017/0...lexception-handshake-alert-unrecognized_name/


----------



## VfL_Freak (4. Apr 2018)

Moin mrBrown,
erstmal Danke 

Habe gerade mal die erste Variante mit "*-Djsse.enableSNIExtension=false*" getestet.
Das klappt leider auch nicht, jetzt an der gleichen Stelle allerdings eine andere Exception 
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching xxx.yyy.zzz found


Spoiler: Exception



javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching gsetk.gselectronic.com found
   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
   at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
   at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
   at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
   at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
   at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
   at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
   at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
   at com.gselectronic.worker.config.Config.initialzeSnomFonDataViaHttps(Config.java:1076)
   at com.gselectronic.worker.dialogs.DlgLogin.actionPerformed(DlgLogin.java:306)
   at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
   at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
   at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
   at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
   at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
   at javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(BasicRootPaneUI.java:208)
   at javax.swing.SwingUtilities.notifyAction(SwingUtilities.java:1663)
   at javax.swing.JComponent.processKeyBinding(JComponent.java:2882)
   at javax.swing.KeyboardManager.fireBinding(KeyboardManager.java:307)
   at javax.swing.KeyboardManager.fireKeyboardAction(KeyboardManager.java:250)
   at javax.swing.JComponent.processKeyBindingsForAllComponents(JComponent.java:2974)
   at javax.swing.JComponent.processKeyBindings(JComponent.java:2966)
   at javax.swing.JComponent.processKeyEvent(JComponent.java:2845)
   at java.awt.Component.processEvent(Component.java:6310)
   at java.awt.Container.processEvent(Container.java:2237)
   at java.awt.Component.dispatchEventImpl(Component.java:4889)
   at java.awt.Container.dispatchEventImpl(Container.java:2295)
   at java.awt.Component.dispatchEvent(Component.java:4711)
   at java.awt.KeyboardFocusManager.redispatchEvent(KeyboardFocusManager.java:1954)
   at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(DefaultKeyboardFocusManager.java:806)
   at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(DefaultKeyboardFocusManager.java:1074)
   at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(DefaultKeyboardFocusManager.java:945)
   at java.awt.DefaultKeyboardFocusManager.dispatchEvent(DefaultKeyboardFocusManager.java:771)
   at java.awt.Component.dispatchEventImpl(Component.java:4760)
   at java.awt.Container.dispatchEventImpl(Container.java:2295)
   at java.awt.Window.dispatchEventImpl(Window.java:2746)
   at java.awt.Component.dispatchEvent(Component.java:4711)
   at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
   at java.awt.EventQueue.access$500(EventQueue.java:97)
   at java.awt.EventQueue$3.run(EventQueue.java:709)
   at java.awt.EventQueue$3.run(EventQueue.java:703)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
   at java.awt.EventQueue$4.run(EventQueue.java:731)
   at java.awt.EventQueue$4.run(EventQueue.java:729)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
   at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:109)
   at java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)
   at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311)
   at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:756)
   at java.awt.EventQueue.access$500(EventQueue.java:97)
   at java.awt.EventQueue$3.run(EventQueue.java:709)
   at java.awt.EventQueue$3.run(EventQueue.java:703)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.awt.EventQueue.dispatchEvent(EventQueue.java:726)
   at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
   at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
   at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
   at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
   at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Caused by: java.security.cert.CertificateException: No name matching gsetk.gselectronic.com found
   at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:231)
   at sun.security.util.HostnameChecker.match(HostnameChecker.java:96)
   at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
   at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
   at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
   at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
   ... 71 more


Die zweite Variante werde ich gleich mal ausprobieren!
VG Klaus


----------



## VfL_Freak (4. Apr 2018)

oha, jetzt werden die Meldungen noch wilder ...
*unable to find valid certification path to requested target*


Spoiler: Exceptions



javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
   at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
   at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
   at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
   at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
   at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
   at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
   at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
   at com.gselectronic.worker.config.Config.initialzeSnomFonDataViaHttps(Config.java:1077)
   at com.gselectronic.worker.dialogs.DlgLogin.actionPerformed(DlgLogin.java:306)
   at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
   at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
   at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
   at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
   at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
   at javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(BasicRootPaneUI.java:208)
   at javax.swing.SwingUtilities.notifyAction(SwingUtilities.java:1663)
   at javax.swing.JComponent.processKeyBinding(JComponent.java:2882)
   at javax.swing.KeyboardManager.fireBinding(KeyboardManager.java:307)
   at javax.swing.KeyboardManager.fireKeyboardAction(KeyboardManager.java:250)
   at javax.swing.JComponent.processKeyBindingsForAllComponents(JComponent.java:2974)
   at javax.swing.JComponent.processKeyBindings(JComponent.java:2966)
   at javax.swing.JComponent.processKeyEvent(JComponent.java:2845)
   at java.awt.Component.processEvent(Component.java:6310)
   at java.awt.Container.processEvent(Container.java:2237)
   at java.awt.Component.dispatchEventImpl(Component.java:4889)
   at java.awt.Container.dispatchEventImpl(Container.java:2295)
   at java.awt.Component.dispatchEvent(Component.java:4711)
   at java.awt.KeyboardFocusManager.redispatchEvent(KeyboardFocusManager.java:1954)
   at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(DefaultKeyboardFocusManager.java:806)
   at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(DefaultKeyboardFocusManager.java:1074)
   at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(DefaultKeyboardFocusManager.java:945)
   at java.awt.DefaultKeyboardFocusManager.dispatchEvent(DefaultKeyboardFocusManager.java:771)
   at java.awt.Component.dispatchEventImpl(Component.java:4760)
   at java.awt.Container.dispatchEventImpl(Container.java:2295)
   at java.awt.Window.dispatchEventImpl(Window.java:2746)
   at java.awt.Component.dispatchEvent(Component.java:4711)
   at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
   at java.awt.EventQueue.access$500(EventQueue.java:97)
   at java.awt.EventQueue$3.run(EventQueue.java:709)
   at java.awt.EventQueue$3.run(EventQueue.java:703)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
   at java.awt.EventQueue$4.run(EventQueue.java:731)
   at java.awt.EventQueue$4.run(EventQueue.java:729)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
   at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:109)
   at java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)
   at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311)
   at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:756)
   at java.awt.EventQueue.access$500(EventQueue.java:97)
   at java.awt.EventQueue$3.run(EventQueue.java:709)
   at java.awt.EventQueue$3.run(EventQueue.java:703)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.awt.EventQueue.dispatchEvent(EventQueue.java:726)
   at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
   at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
   at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
   at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
   at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
   at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
   at sun.security.validator.Validator.validate(Validator.java:260)
   at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
   at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
   at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
   ... 71 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
   at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
   at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
   at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
   ... 77 more


----------



## Thallius (4. Apr 2018)

Ich habe das schon mal gemacht vor ein paar Jahren weis aber nicht mehr auswendig wie ich es geschafft habe, weis nur das ich auch lange gebastelt habe. Bin noch bis Sonntag im Urlaub. Wenn du bis nächste Woche keine Lösung findest erinnert mich noch mal, dann suche ich mal ob ich die alten Sourcen noch finde. 

Gruss

Claus


----------



## VfL_Freak (4. Apr 2018)

Moin Claus,
ja, das wäre super 
Da ich imMoment überhaupt nicht weiterkomme, werde ich das Thema erst mal beiseite schieben und mich um ein anderes Thema kümmern!
Danke und VG 
Klaus


----------



## VfL_Freak (5. Apr 2018)

Moin, 
habe mittlerweile in einem anderen Forum die Info bekommen, dass es womöglich um ein Problem mit einem 'selbstsignierten' Zertifikat auf der Telefonanlage handeln könnte.
Ich habe unsere IT mal darauf angesetzt ...
VG Klaus


----------



## sascha-sphw (5. Apr 2018)

Hast Du es schon mit einem eigenen TrustManager versucht?
https://www.javacodegeeks.com/2014/...rys-trustmanager-per-each-url-connection.html


----------



## VfL_Freak (5. Apr 2018)

Moin Sascha,
nein, aber Danke für den Tip 
Werde ich heute nachmittag oder morgen gleich mal machen!
VG Klaus


----------



## VfL_Freak (5. Apr 2018)

Hi Sascha,
hatte gerade etwas Zeit und habe es mal schnell eingebaut.
Leider kommt die gleiche Meldung wie in meinem ersten Post - wieder beim "*getInputStream()*" 

Hier nochmal schnell der aktuelle Code dazu:


Spoiler: Code





```
public static void initialzeSnomFonDataViaHttps( String userKuerzel )
    {
       URL url = null;
       HttpsURLConnection httpsUrlConnection = null;
       String https_url = "https://gsetk.gselectronic.com/services/identity/" + userKuerzel + "/defaultdevice";
       try
       {
           url = new URL( https_url );
           URLConnection urlConnection = url.openConnection();
           urlConnection.setReadTimeout( 10000 );
           urlConnection.setConnectTimeout( 10000 );

           final String userName = "mobyrest";
           final String password = "TiCjNT6KU72Qb5E";
           byte[] encodedPassword = ( userName + ":" + password ).getBytes();
          
           httpsUrlConnection = (HttpsURLConnection)urlConnection;

           String base64encodedString = Base64.getEncoder().encodeToString( encodedPassword );
           httpsUrlConnection.setRequestProperty( "Authorization", "Basic " + base64encodedString );
           httpsUrlConnection.setRequestProperty( "Content-Type", "application/json" );
           httpsUrlConnection.setRequestProperty( "Accept", "application/json" );
           httpsUrlConnection.setRequestMethod( "GET" );
          
           SSLSocketFactory sslSocketFactory = createSslSocketFactory();
           httpsUrlConnection.setSSLSocketFactory( sslSocketFactory );

           StringBuffer ergebnis = new StringBuffer();
           try( InputStream inputStream = httpsUrlConnection.getInputStream() )
           {
               BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
               String inputLine = null;
               while( (inputLine=reader.readLine()) != null )
               {
                   ergebnis.append( inputLine );
               }
           }
          
           String[] ergList = null;
           if( ergebnis.length() > 0 )
           {
               // alle '[', ']' und '"' entfernen
               String s1 = ergebnis.toString().replace( "[", "" );
               String s2 = s1.replace( "]", "" );
               String s3 = s2.replace( "\"", "" );

               // ergList füllen
               Pattern p = Pattern.compile( "," ); // nach dem Komma splitten
                 String[] sData = p.split( s3, 0 );
               ergList = new String[sData.length];
               for( int i = 0; i < sData.length; i++ )
               {
                   ergList[i] = sData[i];
//System.out.println( "ergList[i]=<" + ergList[i] + ">" );
                   if( ergList[i].startsWith("ip:") )
                   {
                       SNOMFON_IP_MOBYDICK = ergList[i].substring( 3, ergList[i].length() );
                       SNOM_IS_ACTIVE = true;
                       break;
                   }
               }
           }
           else
           {
               ergList = new String[] { " " };
               SNOM_IS_ACTIVE = false;
           }
       }
       catch (Exception e)
       {
           System.out.println( "Exception in der Rest-Abfrage" );
           e.printStackTrace();
       }
       finally
       {
           if( httpsUrlConnection != null )
           {
               httpsUrlConnection.disconnect();
               httpsUrlConnection = null;
           }
       }
       System.out.println( "HTTPS: SNOMFON_IP_MOBYDICK=<" + SNOMFON_IP_MOBYDICK + ">" );
    } // initialzeSnonFonDataViaHttps
// #####################################################
    private static SSLSocketFactory createSslSocketFactory()
       throws Exception
    {
       TrustManager[] byPassTrustManagers = new TrustManager[]
       {
           new X509TrustManager()
           {
               public java.security.cert.X509Certificate[ ] getAcceptedIssuers()
               {
                   return new java.security.cert.X509Certificate[0];
               }

               @Override
               public void checkClientTrusted( java.security.cert.X509Certificate[ ] chain, String authType )
                       throws CertificateException
               {
                   // TODO Auto-generated method stub
               }

               @Override
               public void checkServerTrusted( java.security.cert.X509Certificate[ ] chain, String authType )
                       throws CertificateException
               {
                   // TODO Auto-generated method stub
               }
           }
       };
      
       SSLContext sslContext = SSLContext.getInstance( "TLS" );
       sslContext.init( null, byPassTrustManagers, new SecureRandom() );
       return sslContext.getSocketFactory();
    } // createSslSocketFactory
```



VG Klaus


----------



## sascha-sphw (5. Apr 2018)

Versuch mal

```
System.setProperty("jsse.enableSNIExtension", "false");
```
vor die Zeile

```
SSLSocketFactory sslSocketFactory = createSslSocketFactory();
```

Sonst weiß ich gerade auch nicht mehr weiter.


----------



## VfL_Freak (5. Apr 2018)

Danke, dass hatte ich anfangs schon mal mit der "-D"-Option ans Programm übergeben.
Das hilft auch nicht wirklich, allerdings bekomme ich dann eine andere Exception:


Spoiler: Exception



javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching gsetk.gselectronic.com found
   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
   at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
   at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
   at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
   at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
   at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
   at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
   at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)

// gleiche Zeile wie oben (getInputStream)
   at com.gselectronic.worker.config.Config.initialzeSnomFonDataViaHttps(Config.java:1082)
   at com.gselectronic.worker.dialogs.DlgLogin.actionPerformed(DlgLogin.java:306)

   at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
   at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
   at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
   at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
   at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
   at javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(BasicRootPaneUI.java:208)
   at javax.swing.SwingUtilities.notifyAction(SwingUtilities.java:1663)
   at javax.swing.JComponent.processKeyBinding(JComponent.java:2882)
   at javax.swing.KeyboardManager.fireBinding(KeyboardManager.java:307)
   at javax.swing.KeyboardManager.fireKeyboardAction(KeyboardManager.java:250)
   at javax.swing.JComponent.processKeyBindingsForAllComponents(JComponent.java:2974)
   at javax.swing.JComponent.processKeyBindings(JComponent.java:2966)
   at javax.swing.JComponent.processKeyEvent(JComponent.java:2845)
   at java.awt.Component.processEvent(Component.java:6310)
   at java.awt.Container.processEvent(Container.java:2237)
   at java.awt.Component.dispatchEventImpl(Component.java:4889)
   at java.awt.Container.dispatchEventImpl(Container.java:2295)
   at java.awt.Component.dispatchEvent(Component.java:4711)
   at java.awt.KeyboardFocusManager.redispatchEvent(KeyboardFocusManager.java:1954)
   at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(DefaultKeyboardFocusManager.java:806)
   at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(DefaultKeyboardFocusManager.java:1074)
   at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(DefaultKeyboardFocusManager.java:945)
   at java.awt.DefaultKeyboardFocusManager.dispatchEvent(DefaultKeyboardFocusManager.java:771)
   at java.awt.Component.dispatchEventImpl(Component.java:4760)
   at java.awt.Container.dispatchEventImpl(Container.java:2295)
   at java.awt.Window.dispatchEventImpl(Window.java:2746)
   at java.awt.Component.dispatchEvent(Component.java:4711)
   at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
   at java.awt.EventQueue.access$500(EventQueue.java:97)
   at java.awt.EventQueue$3.run(EventQueue.java:709)
   at java.awt.EventQueue$3.run(EventQueue.java:703)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
   at java.awt.EventQueue$4.run(EventQueue.java:731)
   at java.awt.EventQueue$4.run(EventQueue.java:729)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
   at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:109)
   at java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)
   at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311)
   at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:756)
   at java.awt.EventQueue.access$500(EventQueue.java:97)
   at java.awt.EventQueue$3.run(EventQueue.java:709)
   at java.awt.EventQueue$3.run(EventQueue.java:703)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
   at java.awt.EventQueue.dispatchEvent(EventQueue.java:726)
   at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
   at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
   at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
   at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
   at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
   at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Caused by: java.security.cert.CertificateException: No name matching gsetk.gselectronic.com found
   at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:231)
   at sun.security.util.HostnameChecker.match(HostnameChecker.java:96)
   at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
   at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1019)
   at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
   ... 71 more


Sagt mir allerdings auch nicht viel ... die Adresse ist definitiv richtig, da es ja http funzt ... 

Scheint wirklich ein Zertifikatsproblem der Telefonanlage zu sein !
VG Klaus


----------



## mrBrown (5. Apr 2018)

Nutzt du beide Lösungen gleichzeitig?


----------



## VfL_Freak (5. Apr 2018)

Moin, was genau meinst Du mit


mrBrown hat gesagt.:


> beide


Die beiden Vorschläge von Sascha?
Dann ja!
VG Klaus


----------



## mrBrown (5. Apr 2018)

Oder den ersten Teil von @sascha-sphw und den zweiten Teil aus dem Link von mir 

Die Property währenden der Laufzeit setzen ist gefährlich, mit etwas Pech wurde die vorher schon ausgelesen und die Änderung geht deshalb ins Leere


----------



## VfL_Freak (5. Apr 2018)

mrBrown hat gesagt.:


> Die Property währenden der Laufzeit setzen ist gefährlich, mit etwas Pech wurde die vorher schon ausgelesen und die Änderung geht deshalb ins Leere


ok ...
erster Versuch: das '*setproperty*' wieder raus und stattdessen als Parameter '*-D ...*' an die VM übergeben
==> wieder/immer noch java.security.cert.CertificateException: No name matching gsetk.gselectronic.com found

zweiter Versuch: hinter httpsUrlConnection.setSSLSocketFactory( sslSocketFactory ) den '*SSLSkipSNIHostnameVerifier*' eingebaut und Parameter '*-D ...*' an die VM übergeben
==>* JAAAA* es halt endlich geklappt!!
@mrBrown Du bist mein Held und hast meinen Tag (oder auch Woche - ok, eigentlich das Jahr ) gerettet!

Ich werde es morgen noch in Ruhe verifizieren (muss jetzt erst zum Doc), aber es scheint wirklich zu klappen !
Vielen Dank für die Unterstützung!!
VG Klaus


----------



## mrBrown (5. Apr 2018)

Afaik ist -D... dann auch überflüssig, der eigene HostName-Verifier müsste reichen


----------



## VfL_Freak (6. Apr 2018)

Moinsen,


mrBrown hat gesagt.:


> Afaik ist -D... dann auch überflüssig, der eigene HostName-Verifier müsste reichen


leider nicht!
Die oben beschriebene Variante "zweiter Versuch" klappt auch nur dann, wenn der Parameter gesetzt ist!!
Ohne ihn kommt auch hier der *handshake alert* ....
VG Klaus


----------

