CODEWITHSUNDEEP
javassltruststorejsse
Acetaminophen
Acetaminophen

Reputation: 131

javax.net.ssl.SSLException: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

I'm looking to parse an XML file that updates said file daily - the only issue I've run into is that they use their own certificate (https://...) and I can't use that specific URL, nor is there an http://... link available.

URL url = new URL("https://...");
...
Document document = db.parse(url.openStream());

This code throws the following exception while running my tests:

javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

I've seen a variety of suggestions dealing with creating various classes to deal with this kind of connection or with a personal server, as well as adding the certificate to a keystore and then adding that keystore to the Java project, but I've been unable to do that and am looking for a slightly simpler way for me to go about accessing the XML online.

Upvotes: 13

Views: 79872

Answers (4)

atiruz
atiruz

Reputation: 2858

You can try with this:

String javaHomePath = System.getProperty("java.home");
String keystore = javaHomePath + "/lib/security/cacerts";
String storepass= "changeit";
String storetype= "JKS";

String[][] props = {
    { "javax.net.ssl.trustStore", keystore, },
    { "javax.net.ssl.keyStore", keystore, },
    { "javax.net.ssl.keyStorePassword", storepass, },
    { "javax.net.ssl.keyStoreType", storetype, },
};
for (int i = 0; i < props.length; i++) {
    System.getProperties().setProperty(props[i][0], props[i][1]);
}
// Now you can proceed to connect to call the webservice.
// SSL will be used automatically if the service endpoint url 
// starts with <a href="https://." target="_blank"         rel="nofollow">https://.</a>
// The server will send its certificate signed by verisign and 
// client will trust and authenticate the server as it recognizes 
// verisign as one trusted root.

Upvotes: 2

MasterV
MasterV

Reputation: 1182

I ran into the same Exception for my MAC OSX (Yosemite), while developing Java 6 applications. You need to download and install Apple's Java for OSX 2014:

http://support.apple.com/kb/DL1572

Upvotes: -3

user207421
user207421

Reputation: 310893

This curious message means the truststore wasn't found.

Nothing whatsoever to do with XML BTW.

Upvotes: 3

Errepunto
Errepunto

Reputation: 141

You need a truststore to store SSL certificates. You can download the certificate using your preferred web browser. To load the certificate into the truststore, you need the "keytool" program, which comes with the JDK.

For example, if your certificate file is named "certificate.crt" and you want to create a truststore named "secure.ts", you can invoke keytool as follows:

keytool -importcert -keystore secure.ts -storepass S3cuR3pas$! -file certificate.crt

Now, you must tell your program where the keystore is and the password to open it, defining the system properties "javax.net.ssl.trustStore" and "javax.net.ssl.trustStorePassword" before opening the connection

URL url = new URL("https://...");

System.setProperty("javax.net.ssl.trustStore", "secure.ts");
System.setProperty("javax.net.ssl.trustStorePassword", "S3cuR3pas$!");
...
Document document = db.parse(url.openStream());

Upvotes: 12

Related Questions