[arin-tech-discuss] Question about your RESTful Server, method PUT

Andy Newton andy at arin.net
Thu Apr 28 16:22:54 EDT 2011


Sean,

Our API uses REST and not SOAP. If you wish to use a REST library, I suggest ones such as Apache Jersey or JBoss RESTEasy for Java. If you don't wish to use a REST library, you can always use the java.net.URL class and the built-in Java XML parser.

With regard to your Java Keystore, it looks like you put ARIN's certificate in the keystore. I believe the keystore needs the Root CA certificate from Starfield Technologies, as they are issuer of our certificate and thus the base of the certificate trust model.

Andy Newton,
Chief Engineer, ARIN

On Apr 22, 2011, at 4:41 PM, Zhao, Sean wrote:

> Hello Arin, anyone who can help me.
> 
>  
> 
> First of all, Thanks Tim,
> 
>                 The tips Tim gave me DOES work sometimes. But the behavior was sort of weird. It still gave me “charsetName” error. But ip WAS assigned. No return message but exception. So… I decide to use SOAP instead of axis2, nothing fancy.
> 
>  
> 
>         System.setProperty("javax.net.ssl.trustStore", "ssl/arin.jks");
> 
>         System.setProperty("javax.net.ssl.trustStorePassword", "arinLims");
> 
>         System.setProperty("javax.net.ssl.keyStore", "ssl/arin.jks");
> 
>         System.setProperty("javax.net.ssl.keyStorePassword", "arinLims");
> 
>         System.setProperty("javax.net.ssl.keyStoreType", "jks");
> 
>        
> 
>         String strResponseXml = null;
> 
>         try
> 
>         {
> 
>             URL url = new URL(strUrl);
> 
>             SOAPHttpsURLConnection httpsURLConnection = (SOAPHttpsURLConnection)url.openConnection();
> 
>             httpsURLConnection.setRequestProperty("Content-Type", "text/plain; charset=utf-8");
> 
>             httpsURLConnection.setRequestMethod(strMethod);
> 
>           httpsURLConnection.setDoOutput(true);
> 
>           httpsURLConnection.setDoInput(true);
> 
>        
> 
>             OutputStream outputStream = httpsURLConnection.getOutputStream();
> 
> System.out.println("Sean Zhao ArinUtil.send : outputStream = " + outputStream);
> 
>             InputStream inputStream = httpsURLConnection.getInputStream();
> 
> System.out.println("Sean Zhao ArinUtil.send : inputStream = " + inputStream);
> 
>            
> 
>             OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream);
> 
>             BufferedWriter bufferedWriter = new BufferedWriter(outputStreamWriter);
> 
>            
> 
> System.out.println("Sean Zhao ArinUtil.send : strPayload = " + strPayload);
> 
>             bufferedWriter.write(strPayload + '\n');
> 
>            
> 
>             InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
> 
>             BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
> 
>  
> 
> System.out.println("Sean Zhao ArinUtil.send : going to send xml to Arin");
> 
>             while ((strResponseXml = bufferedReader.readLine()) != null)
> 
>             {
> 
> System.out.println("Sean Zhao ArinUtil.send : strResponseXml = " + strResponseXml);
> 
>             }
> 
>  
> 
>             outputStream.flush();
> 
>             outputStreamWriter.flush();
> 
>             bufferedWriter.flush();
> 
> System.out.println("Sean Zhao ArinUtil.send : flushed all");
> 
>  
> 
>             bufferedWriter.close();
> 
>             outputStreamWriter.close();
> 
>             outputStream.close();
> 
> System.out.println("Sean Zhao ArinUtil.send : closed all writers");
> 
>            
> 
>             bufferedReader.close();
> 
>             inputStreamReader.close();
> 
>             inputStream.close();
> 
> System.out.println("Sean Zhao ArinUtil.send : closed all readers");
> 
>         }
> 
>         catch(IOException ioException)
> 
>         {
> 
> System.out.println("Sean Zhao ArinUtil.send : ioException = " + ioException.getMessage());
> 
>         }
> 
>  
> 
> System.out.println("Sean Zhao ArinUtil.send : strResponseXml(before return) = " + strResponseXml);
> 
>       return strResponseXml;
> 
>  
> 
> But this time I still get errors with more details,
> 
>  
> 
> <Apr 22, 2011 2:14:13 PM MDT> <Warning> <Security> <BEA-090477> <Certificate chain received from www.arin.net - 192.149.252.75 was not trusted causing SSL handshake failure.>
> 
> <Apr 22, 2011 2:14:14 PM MDT> <Warning> <Security> <BEA-090477> <Certificate chain received from www.arin.net - 192.149.252.75 was not trusted causing SSL handshake failure.>
> 
> <Apr 22, 2011 2:14:14 PM MDT> <Warning> <Security> <BEA-090477> <Certificate chain received from www.arin.net - 192.149.252.75 was not trusted causing SSL handshake failure.>
> 
> Sean Zhao ArinUtil.send : ioException = [Security:090477]Certificate chain received from www.arin.net - 192.149.252.75 was not trusted causing SSL handshake failure.
> 
>  
> 
> I guess it is either my api key is bad, or my jks file is bad.
> 
> I use keytool to view my jsk key, It looks like this,
> 
> keytool -list -v -keystore arin.jks
> 
> Enter keystore password:
> 
>  
> 
> Keystore type: JKS
> 
> Keystore provider: SUN
> 
>  
> 
> Your keystore contains 1 entry
> 
>  
> 
> Alias name: www.arin.net-1
> 
> Creation date: Apr 12, 2011
> 
> Entry type: trustedCertEntry
> 
>  
> 
> Owner: CN=www.arin.net, OU=Intel(R) Client Setup Certificate, O=American Registry for Internet Numbers Ltd., L=Chantilly, ST=VA, C=US
> 
> Issuer: SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
> 
> Serial number: 3eda469e277a2
> 
> Valid from: Wed Oct 07 15:22:25 MDT 2009 until: Thu Nov 01 12:39:34 MDT 2012
> 
> Certificate fingerprints:
> 
>          MD5:  3E:22:6E:76:7A:3F:5C:04:BB:07:0D:C1:07:1D:77:A7
> 
>          SHA1: AF:C6:21:17:56:BB:D6:BB:27:C5:B2:95:BD:4D:32:B2:08:D4:6B:53
> 
>          Signature algorithm name: SHA1withRSA
> 
>          Version: 3
> 
>  
> 
> Extensions:
> 
>  
> 
> #1: ObjectId: 2.5.29.15 Criticality=true
> 
> KeyUsage [
> 
>   DigitalSignature
> 
>   Key_Encipherment
> 
> ]
> 
>  
> 
> #2: ObjectId: 2.5.29.19 Criticality=true
> 
> BasicConstraints:[
> 
>   CA:false
> 
>   PathLen:2147483647
> 
> ]
> 
>  
> 
> #3: ObjectId: 2.5.29.14 Criticality=false
> 
> SubjectKeyIdentifier [
> 
> KeyIdentifier [
> 
> 0000: 7E AA 33 74 CD 7D C9 DC   B4 08 6A D2 C1 24 E2 70  ..3t......j..$.p
> 
> 0010: 65 8F F3 B8                                        e...
> 
> ]
> 
> ]
> 
>  
> 
> #4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> 
> AuthorityInfoAccess [
> 
>   [
> 
>    accessMethod: 1.3.6.1.5.5.7.48.1
> 
>    accessLocation: URIName: http://ocsp.starfieldtech.com/,
> 
>    accessMethod: 1.3.6.1.5.5.7.48.2
> 
>    accessLocation: URIName: http://certificates.starfieldtech.com/repository/sf_intermediate.crt]
> 
> ]
> 
>  
> 
> #5: ObjectId: 2.5.29.31 Criticality=false
> 
> CRLDistributionPoints [
> 
>   [DistributionPoint:
> 
>      [URIName: http://crl.starfieldtech.com/sfs2-0.crl]
> 
> ]]
> 
>  
> 
> #6: ObjectId: 2.5.29.32 Criticality=false
> 
> CertificatePolicies [
> 
>   [CertificatePolicyId: [2.16.840.1.114414.1.7.23.2]
> 
> [PolicyQualifierInfo: [
> 
>   qualifierID: 1.3.6.1.5.5.7.2.1
> 
>   qualifier: 0000: 16 31 68 74 74 70 3A 2F   2F 63 65 72 74 69 66 69  .1http://certifi
> 
> 0010: 63 61 74 65 73 2E 73 74   61 72 66 69 65 6C 64 74  cates.starfieldt
> 
> 0020: 65 63 68 2E 63 6F 6D 2F   72 65 70 6F 73 69 74 6F  ech.com/reposito
> 
> 0030: 72 79 2F                                           ry/
> 
>  
> 
> ]]  ]
> 
> ]
> 
>  
> 
> #7: ObjectId: 2.5.29.37 Criticality=false
> 
> ExtendedKeyUsages [
> 
>   serverAuth
> 
>   clientAuth
> 
> ]
> 
>  
> 
> #8: ObjectId: 2.5.29.35 Criticality=false
> 
> AuthorityKeyIdentifier [
> 
> KeyIdentifier [
> 
> 0000: 49 4B 52 27 D1 1B BC F2   A1 21 6A 62 7B 51 42 7A  IKR'.....!jb.QBz
> 
> 0010: 8A D7 D5 56                                        ...V
> 
> ]
> 
>  
> 
> ]
> 
>  
> 
> #9: ObjectId: 2.5.29.17 Criticality=false
> 
> SubjectAlternativeName [
> 
>   DNSName: www.arin.net
> 
>   DNSName: arin.net
> 
> ]
> 
>  
> 
> Anything bad?
> 
> What I did is
> 
> 1.       I downloaded InstallCert.java from Internet
> 
> 2.       Run it
> 
> 3.       And export the file InstallCert created into a cert file with keytool
> 
> 4.       And import the cert file into my new jks file with keytool.
> 
>  
> 
> Anything wrong I did ?
> 
>  
> 
> Thanks a lot for the help,
> 
>  
> 
> Sean Zhao
> 
> 
> This communication is the property of Qwest and may contain confidential or
> privileged information. Unauthorized use of this communication is strictly
> prohibited and may be unlawful. If you have received this communication
> in error, please immediately notify the sender by reply e-mail and destroy
> all copies of the communication and any attachments.
> _______________________________________________
> arin-tech-discuss mailing list
> arin-tech-discuss at arin.net
> http://lists.arin.net/mailman/listinfo/arin-tech-discuss




More information about the arin-tech-discuss mailing list