cancel
Showing results for 
Search instead for 
Did you mean: 

GetHostedPayment page API not returning anything with java7 after setting TLS1.2

Hi Team,

 

Below is my API by which I am generating token for accept hosted.

Earlier it was working before 1May 2017 with JDK 1.7.

 

System.setProperty("https.protocols", "TLSv1.2");
			System.setProperty("javax.net.debug", "ssl:handshake");
			
			
			RuntimeMXBean runtimeMXBean = ManagementFactory.getRuntimeMXBean();
			List<String> jvmArgs = runtimeMXBean.getInputArguments();
			for (String arg : jvmArgs) {
			    System.out.println(arg);
			}
			
			System.out.println(System.getenv());
        //ApiOperationBase.setEnvironment(Environment.PRODUCTION);
        ApiOperationBase.setEnvironment(Environment.SANDBOX);

        MerchantAuthenticationType merchantAuthenticationType  = new MerchantAuthenticationType() ;
        merchantAuthenticationType.setName(apiLoginId);
        merchantAuthenticationType.setTransactionKey(transactionKey);
        
        ApiOperationBase.setMerchantAuthentication(merchantAuthenticationType);
        
        // Create the payment transaction request
        TransactionRequestType txnRequest = new TransactionRequestType();
        txnRequest.setTransactionType(TransactionTypeEnum.AUTH_CAPTURE_TRANSACTION.value());
        txnRequest.setAmount(new BigDecimal(amount).setScale(2, RoundingMode.CEILING));
        

        SettingType setting1 = new SettingType();
        setting1.setSettingName("hostedPaymentButtonOptions");
        setting1.setSettingValue("{\"text\": \"Pay\"}");
        
        SettingType setting2 = new SettingType();
        setting2.setSettingName("hostedPaymentOrderOptions");
        setting2.setSettingValue("{\"show\": false}");
		
		SettingType setting3 = new SettingType();
        setting3.setSettingName("hostedPaymentIFrameCommunicatorUrl");
        setting3.setSettingValue("{\"url\": \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}");
		
		SettingType setting4 = new SettingType();
        setting4.setSettingName("hostedPaymentPaymentOptions");
        setting4.setSettingValue("{\"cardCodeRequired\": true}");

        SettingType setting5 = new SettingType();
        setting5.setSettingName("hostedPaymentShippingAddressOptions");
        setting5.setSettingValue("{\"show\": false}");
        
        SettingType setting6 = new SettingType();
        setting6.setSettingName("hostedPaymentBillingAddressOptions");
        setting6.setSettingValue("{\"show\": false, \"required\":false}");
        
        
        SettingType setting7 = new SettingType();
        setting7.setSettingName("hostedPaymentReturnOptions");
        setting7.setSettingValue("{\"showReceipt\": false, \"url\": \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",\"cancelUrl\": \"xxxxxxxxxxxx"}");
        
        
		

        ArrayOfSetting alist = new ArrayOfSetting();
        alist.getSetting().add(setting1);
        alist.getSetting().add(setting2);
        alist.getSetting().add(setting3);
        alist.getSetting().add(setting4);
        alist.getSetting().add(setting5);
        alist.getSetting().add(setting6);
        alist.getSetting().add(setting7);


        GetHostedPaymentPageRequest apiRequest = new GetHostedPaymentPageRequest();
        apiRequest.setTransactionRequest(txnRequest);
        apiRequest.setHostedPaymentSettings(alist);

        GetHostedPaymentPageController controller = new GetHostedPaymentPageController(apiRequest);
        controller.execute();
       
        GetHostedPaymentPageResponse response = new GetHostedPaymentPageResponse();
		response = controller.getApiResponse();

		if (response!=null) {

             if (response.getMessages().getResultCode() == MessageTypeEnum.	OK) {

 				System.out.println(response.getMessages().getMessage().get(0).getCode());
                System.out.println(response.getMessages().getMessage().get(0).getText());

                System.out.println(response.getToken());
            }
            else
            {
                System.out.println("Failed to get hosted payment page:  " + response.getMessages().getResultCode());
            }
             return response;
        }
		}catch(Exception e){e.printStackTrace();}
		return null;
    }

After disablement of TLS1.0 and 1.1 it is not working even after setting TLS1.2 with java code as well JVM arguments but not luck with JDK1.7.

 

 

I have checked 'controller' object and found response of this api is null.

WHen I enable ssl:handshake debugging it is giving me below error:

 

**
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 149
pool-1-thread-1, received EOFException: error
pool-1-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
pool-1-thread-1, SEND TLSv1 ALERT:  fatal, description = handshake_failure
pool-1-thread-1, WRITE: TLSv1 Alert, length = 2
pool-1-thread-1, called closeSocket()
pool-1-thread-1, IOException in getSession():  javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
pool-1-thread-1, called close()
pool-1-thread-1, called closeInternal(true)
pool-1-thread-1, called close()
pool-1-thread-1, called closeInternal(true)
[comment]: SUCCESS: Assembly.Load(ProcMonInject, Version=2.7.5159.0, Culture=neutral, PublicKeyToken=d34a061f079be347)

Can anyone suggest what is missing or what is the wrong thing I am doing  here?

raviparmarce88
Regular Contributor
1 ACCEPTED SOLUTION

Accepted Solutions

Finally I have concluded on workaround for this issue.

I have added below code snippet in GetAnAcceptPaymentPage API calling.

 

                        final SSLContext sc = SSLContext.getInstance("TLSv1.2");
			sc.init(null,null, new java.security.SecureRandom());
			final SSLSocketFactory socketFactory = sc.getSocketFactory();
			HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);

and it is working fine with jdk1.7 and TLSv1.2.(Lot more to resolve like this way!!!! :)....)

 

And if this is concrete solutions to get the Token from AN server.

 

I really appreciate  your help and quick response.

View solution in original post

6 REPLIES 6

The handshake failure could be occurring due to a variety of reasons:

  • Incompatible cipher suites in use by the client and the server.
  • Incompatible versions of SSL in use (the server might accept only TLS v1.2, while the client is capable of only using SSL v3).
  • Incomplete trust path for the server certificate; the server's certificate is probably not trusted by the client. 
  • The certificate is issued for a different domain. This and the incomplete trust path, would usually have resulted in a more verbose message, but just in case, the resolution would be get the server to use the correct certificate.

Since, the underlying failure cannot be pinpointed, it is better to switch on the -Djavax.net.debug=all flag to enable debugging of the SSL connection established. With the debug switched on, you can pinpoint what activity in the handshake has failed.

 

Most classes/libraries rely on the trust store used by the JVM for certificate validation. In most cases, this will be the cacerts file in the JRE_HOME/lib/security directory. If the location of the trust store has been specified using the JVM system property javax.net.ssl.trustStore, then the store in that path is usually the one used by the client library. 

Powered by NexWebSites.com -
Certified Authorize.net developers
NexusSoftware
Trusted Contributor

I have tried to look into full debug log but not getting any idea from that debug.

It seems my client is still sending TLSv1.

 

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
pool-1-thread-1, setSoTimeout(30000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1493984546 bytes = { 77, 239, 5, 146, 194, 54, 254, 85, 200, 232, 225, 148, 38, 208, 149, 244, 230, 203, 78, 120, 235, 28, 36, 161, 219, 67, 139, 165 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 149
pool-1-thread-1, received EOFException: error
pool-1-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
pool-1-thread-1, SEND TLSv1 ALERT:  fatal, description = handshake_failure
pool-1-thread-1, WRITE: TLSv1 Alert, length = 2
pool-1-thread-1, called closeSocket()
pool-1-thread-1, IOException in getSession():  javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
pool-1-thread-1, called close()
pool-1-thread-1, called closeInternal(true)
pool-1-thread-1, called close()
pool-1-thread-1, called closeInternal(true)

Can you please suggest what exactly should i look into ?

 

 

The JDK provides a separate package called JCE Unlimited Strength, designed to add stronger algorithm support than what’s available by default.

Powered by NexWebSites.com -
Certified Authorize.net developers

@NexusSoftware

 

I don't think this is root cause of the issue which I am facing.

Could you please elaborate in details ?

 

This is working perfactly with Jdk1.8 but when I point it to 1.7 and pass the TLSv1.2 VM arguments, it is not working and throwing exception.

Team,

 

I am totaly clueless.

This is really blocker for me. Can anyone please guide here ?

 

Thanks In advance.

RavI Parmar

Finally I have concluded on workaround for this issue.

I have added below code snippet in GetAnAcceptPaymentPage API calling.

 

                        final SSLContext sc = SSLContext.getInstance("TLSv1.2");
			sc.init(null,null, new java.security.SecureRandom());
			final SSLSocketFactory socketFactory = sc.getSocketFactory();
			HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);

and it is working fine with jdk1.7 and TLSv1.2.(Lot more to resolve like this way!!!! :)....)

 

And if this is concrete solutions to get the Token from AN server.

 

I really appreciate  your help and quick response.