AIM Transactions with Java SDK, SSL/TLS issue

elameno — Wed, 25 May 2011 15:09:55 GMT

Hello all,

I'm writing an application that is using the Authorize.NET Java SDK and Advanced Integration Method to post payments. Currently, when I attempt to post a payment to Authorize.NET using AIM I receive an SSLPeerUnverifiedException. To attempt to fix the issue I've gone to entrust.net and made sure that all of their signing certificates are trusted by my JVM, but I still receive the same SSLPeerUnverifiedException.

To gain further insight into the problem I downloaded the source for the anet-java-sdk-1.4.3 and ran the tests included there. None of the AIM tests work in the SDK test suite, but the ARB tests execute like a champ (as well as some other tests). An interesting tidbit is that it looks like the ARB tests in the SDK are posting to https://apitest.authorize.net rather than https://test.authorize.net.

After gleaning that information from the SDK tests I turned on the -Djava.net.debug=all option and I find that when my machine is attempting to connect to https://test.authorize.net I am not being sent any SSL Certificate information during the SSL/TLS handshake. At the point where I should be receiving the SSL cert, I receive an "unexpected message" and the connection closes and throws the SSLPeerUnverifiedException.

Here is some output from the javax.net.debug logging when my machine attempts to connect to https://test.authorize.net:

-----------------------

trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1289486633 bytes = { 190, 205, 75, 22, 69, 252, 32, 181, 36, 207, 181, 222, 126, 163, 194, 28, 40, 183, 132, 23, 131, 33, 142, 51, 143, 162, 4, 12 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 75
0000: 01 00 00 47 03 01 4D DC   01 29 BE CD 4B 16 45 FC ...G..M..)..K.E.
0010: 20 B5 24 CF B5 DE 7E A3   C2 1C 28 B7 84 17 83 21   .$.......(....!
0020: 8E 33 8F A2 04 0C 00 00   20 00 04 00 05 00 2F 00 .3...... ...../.
0030: 33 00 32 00 0A 00 16 00   13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 00   FF 01 00                 ...........
main, WRITE: TLSv1 Handshake, length = 75
[write] MD5 and SHA1 hashes: len = 101
0000: 01 03 01 00 3C 00 00 00   20 00 00 04 01 00 80 00 ....<... .......
0010: 00 05 00 00 2F 00 00 33   00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00   00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00   80 00 00 08 00 00 14 00 ................
0040: 00 11 00 00 FF 4D DC 01   29 BE CD 4B 16 45 FC 20 .....M..)..K.E.
0050: B5 24 CF B5 DE 7E A3 C2   1C 28 B7 84 17 83 21 8E .$.......(....!.
0060: 33 8F A2 04 0C                                     3....
main, WRITE: SSLv2 client hello message, length = 101
[Raw write]: length = 103
0000: 80 65 01 03 01 00 3C 00   00 00 20 00 00 04 01 00 .e....<... .....
0010: 80 00 00 05 00 00 2F 00   00 33 00 00 32 00 00 0A ....../..3..2...
0020: 07 00 C0 00 00 16 00 00   13 00 00 09 06 00 40 00 ..............@.
0030: 00 15 00 00 12 00 00 03   02 00 80 00 00 08 00 00 ................
0040: 14 00 00 11 00 00 FF 4D   DC 01 29 BE CD 4B 16 45 .......M..)..K.E
0050: FC 20 B5 24 CF B5 DE 7E   A3 C2 1C 28 B7 84 17 83 . .$.......(....
0060: 21 8E 33 8F A2 04 0C                               !.3....
main, handling exception: java.net.SocketException: Connection reset
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
main, called closeSocket()
main, IOException in getSession(): java.net.SocketException: Connection reset
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
05/24/11 14:04:09,960: ERROR [main] (net.authorize.util.HttpClient:150) - HttpClient execution failed
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
   at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
   at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
   at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339)
   at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123)
   at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)
   at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
   at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
   at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
   at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
   at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
   at net.authorize.util.HttpClient.execute(HttpClient.java:127)
   at net.authorize.Merchant.postTransaction(Merchant.java:286)
   at edu.letu.ecommerce.nottingham.payment.service.TestAuthorizeDotNetPaymentGatewayTest.testSimpleTransaction(TestAuthorizeDotNetPaymentGatewayTest.java:153)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
   at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
   at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
   at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
   at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
   at org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79)
   at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71)
   at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49)
   at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
   at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
   at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
   at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
   at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
   at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
   at org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:35)
   at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:115)
   at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:97)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.maven.surefire.booter.ProviderFactory$ClassLoaderProxy.invoke(ProviderFactory.java:103)
   at $Proxy0.invoke(Unknown Source)
   at org.apache.maven.surefire.booter.SurefireStarter.invokeProvider(SurefireStarter.java:150)
   at org.apache.maven.surefire.booter.SurefireStarter.runSuitesInProcess(SurefireStarter.java:91)
   at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:69)

From what I'm seeing, it seems that https://test.authorize.net isn't responding properly to the requests I'm sending. Is this an authorize.net issue or something wrong on my end? Any thoughts or help is much appreciated!

Thanks,

Elameno

Re: AIM Transactions with Java SDK, SSL/TLS issue

elameno — Thu, 02 Jun 2011 14:20:52 GMT

Another bit of info is that, when I direct my browser to https://test.authorize.net I get "Connection was reset" and no SSL cert is provided. When I navigate to https://apitest.authroize.net I do get an SSL cert and an HTTP response.

Any thoughts?

Re: AIM Transactions with Java SDK, SSL/TLS issue

Trevor — Fri, 03 Jun 2011 21:09:59 GMT

I am not able to reproduce any kind of error connecting to https://test.authorize.net either programmatically or using a web browser. In all cases, I am receiving a valid certificate. In fact, the same certificate for *.authorize.net is used for both https://test.authorize.net and https://apitest.authorize.net. The only recommendation I can make is to trace your connection ane make sure that you are not being redirected by a proxy of some sort. I have not seen any other reports of errors establishing this connection.

Re: AIM Transactions with Java SDK, SSL/TLS issue

authorize_jk — Mon, 19 Sep 2011 12:37:12 GMT

I am getting the following error while processing the payment-

javax.net.ssl.SSLPeerUnverifiedException: No peer certificate01-01 07:39:05.476: WARN/System.err(12324): t org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:258)

org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)

org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)0org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)01-org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)

org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)

org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:436)

org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)0

org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)0

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)

com.ddsionline.ddsipharm.MakePayment.postData(MakePayment.java:360)

com.ddsionline.ddsipharm.MakePayment$14$1.run(MakePayment.java:233)

t java.lang.Thread.run(Thread.java:1019)

Re: AIM Transactions with Java SDK, SSL/TLS issue

elameno — Mon, 19 Sep 2011 13:50:58 GMT

I forgot to follow up here, but the problem we were running into happened to be that WebSense was blocking test.authorize.net We altered our configuration and it began working like a champ.

topic Re: AIM Transactions with Java SDK, SSL/TLS issue in Integration and Testing

AIM Transactions with Java SDK, SSL/TLS issue

Re: AIM Transactions with Java SDK, SSL/TLS issue

Re: AIM Transactions with Java SDK, SSL/TLS issue

Re: AIM Transactions with Java SDK, SSL/TLS issue

Re: AIM Transactions with Java SDK, SSL/TLS issue