cancel
Showing results for 
Search instead for 
Did you mean: 

NullPointerException in Java SDK

In our testing environment I see a NullPointerException that is originated from the Java SDK.

Looking deeper, this is triggered by a SSLPeerUnverifiedException that is not handled properly, returning a non initialized result object.

Here's the relevant log:

10:52:55,073 ERROR HttpClient:268 - HttpClient execution failed
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
    at net.authorize.util.HttpClient.executeXML(HttpClient.java:211)
    at net.authorize.Merchant.executeTransaction(Merchant.java:305)
    at net.authorize.Merchant.postTransaction(Merchant.java:294)
    at com.outbrain.paymentgateway.facade.chase.ChasePaymentGatewayFacade.createCustomerProfile(ChasePaymentGatewayFacade.java:81)

 
Followed by the NullPointerException:

java.lang.NullPointerException
    at net.authorize.cim.Result.importRefId(Result.java:105)
    at net.authorize.cim.Result.createResult(Result.java:46)
    at net.authorize.Merchant.p...

 I opened a ticket for this, but customer support have developers on their team...

 

My questions are:

  1. How come I get this exception? The tests normally pass, and about 1-3 times a day there's a random failure like this, in 1 or 2 of my tests - all using the same Merchant instance.
  2. Is anyone developing the Java SDK at all, or is this just a community library? I attempted to suggest a patch to another bug I found, but got no update on this, and the latest version doesn't contain my fix.
  3. Is there a way to contribute code fixes, or do I have to maintain a private version in my code base?
eran
Contributor
7 REPLIES 7

Isn't there anybody who can at least answer parts of this post?

eran
Contributor

Well, it's not one of the commonly-used libraries. Most people seem to be using PHP or C#. So you're not going to get feedback as promptly. Judging by past experience, they'll have someone come by every now and then and pass along bugs / bug fixes people have posted, but it may be some time before they make it into the official code base. You could try sending Michelle a PM and see if she can hurry things along, however:

http://community.developer.authorize.net/t5/user/viewprofilepage/user-id/2

 

She seems to be the most common mod posting in here.

Hi,

 

Were you able to resolve this issue?  I have code that has been stable for months and all of a sudden seeing this error.  Comments would be greatly appreciated.

 

Thanks

I'm having the same 'peer not authenticated' error all of a sudden. Please help.

 

Thanks,

Monique

@jgathings,  @missbossy

I haven't  resolved the issue, and I was told in support to ask for help here.

 

What I did manage to acheive, is to modify the source code so that at least I won't be getting a NPE, instead I get a failure response, which works better for me. There's no where to place my patches here so I keep a private version...

 

It kind of saddens me, that there's no where to contribute code here, and that the Java API development looks dead.

I'm seriously considering migrating to another payment gateway provider.

Is the  'peer not authenticated' error only a problem in test environments? Or is it also happening in production environments?

It appears to only occur in testing environments.  As a consultant I don't have access to production credentials, nor do I want them.  The solution we used to solve the problem was to modify net.authorize.util.HttpClient.  We added an inner class:

 

class WebClientDevWrapper {

    public static DefaultHttpClient wrapClient(DefaultHttpClient base) {
        try {
            SSLContext ctx = SSLContext.getInstance("TLS");
            X509TrustManager tm = new X509TrustManager() {

                public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
                }

                public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
                }

                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };
            X509HostnameVerifier verifier = new X509HostnameVerifier() {

                @Override
                public void verify(String string, SSLSocket ssls) throws IOException {
                }

                @Override
                public void verify(String string, X509Certificate xc) throws SSLException {
                }

                @Override
                public void verify(String string, String[] strings, String[] strings1) throws SSLException {
                }

                @Override
                public boolean verify(String string, SSLSession ssls) {
                    return true;
                }
            };
            ctx.init(null, new TrustManager[]{tm}, null);
            SSLSocketFactory ssf = new SSLSocketFactory(ctx);
            ssf.setHostnameVerifier(verifier);
            ClientConnectionManager ccm = base.getConnectionManager();
            SchemeRegistry sr = ccm.getSchemeRegistry();
            sr.register(new Scheme("https", ssf, 443));
            return new DefaultHttpClient(ccm, base.getParams());
        } catch (Exception ex) {
            ex.printStackTrace();
            return null;
        }
    }
}

 

And an additional modification:

 

                if(Environment.SANDBOX.equals(environment) ||
                        Environment.SANDBOX_TESTMODE.equals(environment)) {
                    InputStream outstream = (InputStream)httpPost.getEntity().getContent();
                    String requestData = convertStreamToString(outstream);
                    httpClient = WebClientDevWrapper.wrapClient(httpClient);
                    logger.debug("SANDBOX MODES ONLY>> Url-encoded request data: " + requestData);
                }

 

Check this url for a discussion of the technique: http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html.

 

I hope this post saves someone a lot of stress!