I’m trying to connect to https url – https://rtpubcommission.api.cj.com/wsdl/version2/realtimeCommissionServiceV2.wsdl
But getting the errors (listed only chain of errors, without full stacktrace):
com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
Caused by: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: algorithm check failed: MD2withRSA is disabled
Caused by: java.security.cert.CertPathValidatorException: algorithm check failed: MD2withRSA is disabled
Here is my code:
private void processCommonRequest(String url, HashMap<String, String> params) throws Exception {
URL endpoint = new URL(url);
//MessageDigest md = MessageDigest.getInstance("MD5");
//System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// Create SOAP connection
SOAPConnectionFactory scf = SOAPConnectionFactory.newInstance();
SOAPConnection connection = scf.createConnection();
// Create a message from the message factory.
MessageFactory mf = MessageFactory.newInstance();
SOAPMessage msg = mf.createMessage();
// Get the SOAP Part from the message
SOAPPart soapPart = msg.getSOAPPart();
// Get the SOAP Envelope from the SOAP Part
SOAPEnvelope envelope = soapPart.getEnvelope();
envelope.addNamespaceDeclaration("SOAP-ENC", "http://schemas.xmlsoap.org/soap/encoding/");
envelope.addNamespaceDeclaration("xsd", "http://www.w3.org/1999/XMLSchema");
envelope.addNamespaceDeclaration("xsi", "http://www.w3.org/1999/XMLSchema-instance-instance");
envelope.addNamespaceDeclaration("tns", "http://api.cj.com");
envelope.setEncodingStyle("http://schemas.xmlsoap.org/soap/encoding/");
// Remove empty header from the Envelope
envelope.getHeader().detachNode();
// Create a soap body from the Envelope.
SOAPBody body = envelope.getBody();
body.addNamespaceDeclaration("soap-env", "http://schemas.xmlsoap.org/soap/encoding/");
// SOAPBodyElement item = body.addBodyElement(envelope.createName("GeScore") );
SOAPBodyElement item = body.addBodyElement(envelope.createName(
"GeScore", "soap-env", "http://schemas.xmlsoap.org/soap/encoding/"));
for (String keyMap : params.keySet()) {
addItem(envelope, keyMap, params.get(keyMap), item);
}
System.out.println("\nContent of the message: \n"); // FIXME
msg.writeTo(System.out);
// Send the SOAP message and get reply
System.err.println("\nSending message to URL: " + endpoint); // XXX
SOAPMessage reply = connection.call(msg, endpoint);
// ... nevermind what later ... .call function throws error ....
connection.close();
}
The MD2 is not secure any more, so Sun disabled its use in certification path validation. In the Release Notes of security update 6u17, http://java.sun.com/javase/6/webnotes/6u17.html, it is said that the vulnerability is addressed, “6861062: Disable MD2 in certificate chain validation”.
You could either run your code on older version of JRE (before 6u17) or try latest version instead, as there are some reports that it might work (https://forums.oracle.com/forums/thread.jspa?threadID=1237743).
Alternatively you could try to use custom TrustManager, although it’s not recommended if security is important for you.