topic Re: GetAcceptPaymentPage API is not working even after change of Jdk 1.7 and TLSv1.2 in Integration and Testing

GetAcceptPaymentPage API is not working even after change of Jdk 1.7 and TLSv1.2

raviparmarce88 — Tue, 09 May 2017 12:33:54 GMT

Hi Team,

This is really looks like a blocker for development.

After TLS disablement my GetHostedPaymentPage* API stoped working.

It is returning null response.

Note:Here I am using Jdk1.7 and set TLSv1.2 in JVM arguments.

The code is as same as given by AN in developer guide.

This is the exception I am getting :

00A0: 00 16 00 0B 00 02 01 00                            ........
pool-1-thread-1, received EOFException: error
pool-1-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
pool-1-thread-1, SEND TLSv1 ALERT:  fatal, description = handshake_failure
pool-1-thread-1, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28                               ......(
pool-1-thread-1, called closeSocket()
pool-1-thread-1, IOException in getSession():  javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
pool-1-thread-1, called close()
pool-1-thread-1, called closeInternal(true)
pool-1-thread-1, called close()

Re: GetAcceptPaymentPage API is not working even after change of Jdk 1.7 and TLSv1.2

Aaron — Tue, 09 May 2017 17:11:42 GMT

Hi @raviparmarce88,

Can you verify that your setup also supports the ciphers in use on our server? You can see the ciphers used in sandbox here:

https://www.ssllabs.com/ssltest/analyze.html?d=apitest.authorize.net

Could you also maybe code up a little test to determine if you can even reach the server using TLS 1.2? If you could just cause your code to do an HTTP get request to https://apitest.authorize.net, you should get back an HTTP 403 status and some HTML showing a "Forbidden" page. If you get that but API access isn't working, we can troubleshoot some more. If you can't even connect to the server at all, that's a different level of troubleshooting on your end.

Re: GetAcceptPaymentPage API is not working even after change of Jdk 1.7 and TLSv1.2

raviparmarce88 — Wed, 10 May 2017 08:18:11 GMT

Thanks @Aaron

Yes, I have tried to connect the server with HTTP get request to https://apitest.authorize.net and getting response code 403 which means https://apitest.authorize.net is accessible to me. And it seems working as expected and taking correct TLSv1.2.

URL obj = new URL(url);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
// optional default is GET
con.setRequestMethod("GET");

SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, null, new java.security.SecureRandom());
con.setSSLSocketFactory(sc.getSocketFactory());
		
int responseCode = con.getResponseCode();

But with the below API access is getting the exception as mentioned in earlier post.

GetHostedPaymentPageController controller = new GetHostedPaymentPageController(apiRequest);
controller.execute();
       
        GetHostedPaymentPageResponse response = new GetHostedPaymentPageResponse();
		response = controller.getApiResponse();

Could you please guide me how to debug into this API access

Is there any way by which i can verify supported ciphers from my setup which is same as in AN server.?

Re: GetAcceptPaymentPage API is not working even after change of Jdk 1.7 and TLSv1.2

raviparmarce88 — Wed, 10 May 2017 13:24:27 GMT

Hi @Aaron

Finally I have concluded on workaround for this issue.

I have added below code snippet in GetAnAcceptPaymentPage API calling.

final SSLContext sc = SSLContext.getInstance("TLSv1.2");
			sc.init(null,null, new java.security.SecureRandom());
			final SSLSocketFactory socketFactory = sc.getSocketFactory();
			HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);

and it is working fine with jdk1.7 and TLSv1.2.(Lot more to resolve like this way!!!! :)....)

And if this is concrete solutions to get the Token from AN server.

I really appreciate your help and quick response.

Re: GetAcceptPaymentPage API is not working even after change of Jdk 1.7 and TLSv1.2

hexaplus — Mon, 12 Jun 2017 23:32:32 GMT

Re: GetAcceptPaymentPage API is not working even after change of Jdk 1.7 and TLSv1.2

hexaplus — Mon, 12 Jun 2017 23:59:38 GMT

We are having a very similar issue to Ravi, but we are using the precompiled libraries (compile 'net.authorize:anet-java-sdk:1.8.3'):

'Connection reset': 'null', '[java.net.SocketInputStream.read(SocketInputStream.java:196),
java.net.SocketInputStream.read(SocketInputStream.java:122),
sun.security.ssl.InputRecord.readFully(InputRecord.java:442),
sun.security.ssl.InputRecord.read(InputRecord.java:480),
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946),
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344), 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371), 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355),
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543),
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409),
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177),
org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304),
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611),
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446),
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882), 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82),
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107), 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55),
net.authorize.util.HttpClient.executeXML(HttpClient.java:222), 
net.authorize.Merchant.postTransaction(Merchant.java:295), 
net.authorize.Merchant$postTransaction$1.call(Unknown Source),

We tried the seting the default factory both in a static block and directly before the call to create merchant and in a static block:

final SSLContext sc = SSLContext.getInstance("TLSv1.2");
			sc.init(null,null, new java.security.SecureRandom());
			final SSLSocketFactory socketFactory = sc.getSocketFactory();
			HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);

 Merchant.createMerchant(anetEnvironment, apiLoginId, transactionKey);

Our JVM is OpenJDK 64-Bit Server VM (build 24.95-b01, mixed mode)

Any help would be greatly appreciated.

Re: GetAcceptPaymentPage API is not working even after change of Jdk 1.7 and TLSv1.2

Aaron — Tue, 13 Jun 2017 17:04:27 GMT

Hi @hexaplus,

You reference a 1.8.3 version in your post. Any improvement if you try with the latest version (1.9.3)?