In our testing environment I see a NullPointerException that is originated from the Java SDK.
Looking deeper, this is triggered by a SSLPeerUnverifiedException that is not handled properly, returning a non initialized result object.
Here's the relevant log:
10:52:55,073 ERROR HttpClient:268 - HttpClient execution failed javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732) at net.authorize.util.HttpClient.executeXML(HttpClient.java:211) at net.authorize.Merchant.executeTransaction(Merchant.java:305) at net.authorize.Merchant.postTransaction(Merchant.java:294) at com.outbrain.paymentgateway.facade.chase.ChasePaymentGatewayFacade.createCustomerProfile(ChasePaymentGatewayFacade.java:81)
Followed by the NullPointerException:
java.lang.NullPointerException at net.authorize.cim.Result.importRefId(Result.java:105) at net.authorize.cim.Result.createResult(Result.java:46) at net.authorize.Merchant.p...
I opened a ticket for this, but customer support have developers on their team...
My questions are:
12-10-2011 10:53 PM
Isn't there anybody who can at least answer parts of this post?
01-07-2012 11:34 PM
Well, it's not one of the commonly-used libraries. Most people seem to be using PHP or C#. So you're not going to get feedback as promptly. Judging by past experience, they'll have someone come by every now and then and pass along bugs / bug fixes people have posted, but it may be some time before they make it into the official code base. You could try sending Michelle a PM and see if she can hurry things along, however:
http://community.developer.authorize.net/t5/user/viewprofilepage/user-id/2
She seems to be the most common mod posting in here.
01-08-2012 12:31 AM
Hi,
Were you able to resolve this issue? I have code that has been stable for months and all of a sudden seeing this error. Comments would be greatly appreciated.
Thanks
02-22-2012 01:15 PM
I'm having the same 'peer not authenticated' error all of a sudden. Please help.
Thanks,
Monique
02-22-2012 02:12 PM
@jgathings, @missbossy
I haven't resolved the issue, and I was told in support to ask for help here.
What I did manage to acheive, is to modify the source code so that at least I won't be getting a NPE, instead I get a failure response, which works better for me. There's no where to place my patches here so I keep a private version...
It kind of saddens me, that there's no where to contribute code here, and that the Java API development looks dead.
I'm seriously considering migrating to another payment gateway provider.
02-22-2012 11:40 PM
Is the 'peer not authenticated' error only a problem in test environments? Or is it also happening in production environments?
02-23-2012 10:22 AM
It appears to only occur in testing environments. As a consultant I don't have access to production credentials, nor do I want them. The solution we used to solve the problem was to modify net.authorize.util.HttpClient. We added an inner class:
class WebClientDevWrapper {
public static DefaultHttpClient wrapClient(DefaultHttpClient base) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
X509HostnameVerifier verifier = new X509HostnameVerifier() {
@Override
public void verify(String string, SSLSocket ssls) throws IOException {
}
@Override
public void verify(String string, X509Certificate xc) throws SSLException {
}
@Override
public void verify(String string, String[] strings, String[] strings1) throws SSLException {
}
@Override
public boolean verify(String string, SSLSession ssls) {
return true;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
ssf.setHostnameVerifier(verifier);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", ssf, 443));
return new DefaultHttpClient(ccm, base.getParams());
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
}
And an additional modification:
if(Environment.SANDBOX.equals(environment) ||
Environment.SANDBOX_TESTMODE.equals(environment)) {
InputStream outstream = (InputStream)httpPost.getEntity().getContent();
String requestData = convertStreamToString(outstream);
httpClient = WebClientDevWrapper.wrapClient(httpClient);
logger.debug("SANDBOX MODES ONLY>> Url-encoded request data: " + requestData);
}
Check this url for a discussion of the technique: http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html.
I hope this post saves someone a lot of stress!
02-23-2012 01:32 PM