Assuming you have your PATH set properly on your machine, JAR'ing files is relatively easy. But I think I screwed something up at first. I first JAR'd .java files together using the command jar cvf journyxapi.jar *, which took everything in my jxapi_pkg directory and jar'd it up.
This of course did me no good whatsoever, since I need the actual class files in the jar for my application to work. So I made class files of everything in jxapi_pkg and re-ran the same command.
When I imported this JAR file into my eclipse project, I still was not able to import files in there. It was like the file didn't exist in eclipse.
So I finally bundled both my class files, and java files together in a directory, and then ran the command jar cvf journyxapi.jar jxapi_pkg.
This worked like a charm when I imported it into my project. I'm not sure if I'm just ignorant when it comes to jarring or what, but this is what I had to do to get my jar file behaving.
Tuesday, February 24, 2009
The Battle With cacerts and HTTPS
While trying to work through the tutorial to Journyx's Web Services (jxapi), all kinds of crap started going wrong. First off, I needed to generate the Java Code from Journyx's WSDL.
The URL that had the WSDL file was under https. When I tried to do a WSDL2Java Axis command from my command prompt, I started getting back all kinds of errors. The first problem was that when you're running Axis, all of the/lib jar files, need to be in your classpath. I fixed this by explicitly setting the SYSTEM's Environment Variables to include all of the jar files axis.jar, axis-ant.jar, commons-discovery-0.2.jar, commons-logging-1.0.4.jar, jaxrpc.jar, log4j.jar, log4j-1.2.8.jar, saaj.jar, wsdl4j-1.5.1.jar.
Problem 1 down. Next, I had to add the xercesImpl.jar file (from Xerces) to the class path. Problem 2 down. Finally I had to add the mail.jar and activation.jar files into the CLASSPATH. I had to go and download all this stuff from the Java 6 EE SDK from Sun's website. Both mail.jar and activation.jar are in/lib. I downloaded Java 6 EE from http://java.sun.com/javaee/downloads/index.jsp. I downloaded the Glassfish Java EE + JDK one.
So all the classnotfound exceptions coming from the DOS window were stopped, but instead I was getting a
The URL that had the WSDL file was under https. When I tried to do a WSDL2Java Axis command from my command prompt, I started getting back all kinds of errors. The first problem was that when you're running Axis, all of the
Problem 1 down. Next, I had to add the xercesImpl.jar file (from Xerces) to the class path. Problem 2 down. Finally I had to add the mail.jar and activation.jar files into the CLASSPATH. I had to go and download all this stuff from the Java 6 EE SDK from Sun's website. Both mail.jar and activation.jar are in
So all the classnotfound exceptions coming from the DOS window were stopped, but instead I was getting a
java.security.cert.CertPathValidatorExcep
tion: basic constraints check failed: pathLenConstraint violated - this cert must be the last cert in the certification path
This was a bummer. I read various sites, and the first issue was that the CA Certificate that Journyx was using, was not located in my cacerts file. Basically, CA Certificates seems to be what https uses to communicate. Both the client (my code), and the server (their code), have to have this certificate included as a trusted certificate. I think that in order to make the certificate trusted, you have to place it in java's cacerts file. THIS FILE FOR ME WAS LOCATED IN 2 SEPERATE PLACES. One was at
Anywho, in order modify the cacerts file, you have to use Java's keytool. I hit the WSDL address directly from the browser and was able to see the WSDL in the browser. In the browser, from the WSDL, if you double click the lock icon at the bottom of your browser, and click View Certificate, you can actually see what certificates are being used by Journyx. There were 3, but I only exported the bottom one Network Solutions Certificate Authority because I am a dumbass. So I downloaded that certificate to my local machine, and using the command,
keytool -keystore
was able to get rid of the above error.
Naturally, this caused a different error to appear. This time it was an error saying
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathB
uilderException: unable to find valid certification path to requested target
After digging around for days, I realized that the other 2 certificates in the hierarchy from the WSDL in the browser needed to be added as well. So I followed the same steps to download those certificates and keytool them into my cacerts file. Finally I was able to generate the java using Axis's WSDL2Java command.
But wait, there's more. Probably due to how my eclipse, tomcat, and environment variables are configured, when I tried to call one of the web services the jxapi offers, login, I was encountering the same exact piece of trash error "unable to find valid certification path to requested target."
WTF said I.
The issue here, was the related to what I mentioned way at the top of this beast of a post. There are 2 cacerts files. My Dos prompt used the one at
Once both cacerts files were the exact same, everything started working fine.
Hopefully this helps someone. It was uncool having to figure all this crap out.
This is my first post, and I can't sort out all the font crap, so forgive the length and look of this blathering. I'll pare it down to essentials on future posts. Maybe.
Subscribe to:
Posts (Atom)