I'm attempting to use a jsp page to post the information back to paypal, after receiving the IPN. I basically cut and pasted the java code example from the paypal site, and I'm getting a "java.security.cert.CertificateException: Could not find trusted certificate" error. If I use straight http, it works. But, no luck with https. I've been researching for days and cannot make any headway. Here are the steps I'm taking: URL u; URLConnection uc; try { System.out.println("about to https:"); u = new URL("https://www.paypal.com/cgi-bin/webscr"); System.out.println("URL instantiated"); uc = u.openConnection(); System.out.println("Connection opened"); uc.setDoOutput(true); System.out.println("setDoOutput() success"); uc.setRequestProperty("Content-Type","application/x-www-form-urlencoded"); System.out.println("setRequestProperty() success"); PrintWriter pw = new PrintWriter(uc.getOutputStream()); System.out.println("Printwriter instantiated"); pw.println(str); pw.close(); } catch (Exception e) { System.out.println("Error posting to http://www.paypal.com/cgi-bin/webscr!"); System.out.println(e.getMessage()); throw e; }

Hi,
I submitted the solution to connect to the secure server to paypal
developer section using java servlet
,hopefully if they approve they can put in the
link for how to do.If you want a code, email me at
softwareObjects@hotmail.com

I'm surprised PayPal doesn't supply a servlet with overridden methods for each of the commands (ie. .paymentComplete()).

Also, I'm surprised how few Java posts there are in this forum (probably 'cause Java programmers are much smarter, and don't need as much help).

It would be nice to have a servlet already written though, than the JSP code.

Joel

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">Originally posted by paypal_pb
[br]We're in progress of updating our sample code to provide more guidance as well as implement new features like multi-currency.

Dev Net: https://www.paypal.com/pdn
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

I think that the example Java code actually performs a GET when
notified by IPN, when it should perform a POST.

From the API docs of HttpURLConnection:
setRequestMethod
public void setRequestMethod(String method)
throws ProtocolExceptionSet the method for the URL request, one of: GET POST HEAD OPTIONS PUT DELETE TRACE
are legal, subject to protocol restrictions.
The default method is GET

In the sample code, it says:
URL u = new URL("http://www.paypal.com/cgi-bin/webscr");
URLConnection uc = u.openConnection();
uc.setDoOutput(true);
uc.setRequestProperty("Content-Type","application/x-www-form-urlencoded");
PrintWriter pw = new PrintWriter(uc.getOutputStream());
pw.println(str);
pw.close();
--
The URLConnection is actually an HttpURLConnection, and you could
do the following to actually, explicitly send a POST rather than GET:

URL u = new URL("http://www.paypal.com/cgi-bin/webscr");
HttpURLConnection uc=null;
try{
uc = (HttpURLConnection)u.openConnection();
uc.setDoOutput(true);
uc.setRequestMethod("POST");
/* AS BEFORE */
}catch(Exception e){...}

Comments, suggestions?

Rikard


ABC, DEFG, HIJ, KL

I've had PayPal IPN service working for a few months now. All of a sudden, it stopped working on 1/7/2004. I'm also getting

java.security.cert.CertificateException: Could not find trusted certificate

Perhaps PayPal updated its server SSL certificate recently. Can PayPal provide a .cert file we can import into our SSL key store? I've done this at work in the past when we had trouble connecting to providers/customer SSL servers.


J Servin

hi,
Thanks Patrick.

Parthiban Palani,

Akmin Tech.

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">
I'm not sure this is the problem. There's another post I found on this site where the guy posted this link... http://sunsolve.sun.com/....pl?doc=fsalert%2F57436
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

This is absolutely right. The issue is that the certs distributed with the JVM expired, so you can either upgrade your JVM, or you can update the certs in your keystore. There are instructions for both (follow the link above).

If you are like most people and your site is hosted with someone else (where you may not have much choice about changes to the JVM or the keystore!), there are two more options:

1) Simply use the http address and avoid SSL altogether. The only problem - of course you reduce your security level, and take the risk (slim, but it's there) that your POST will be sniffed.

2) You can disable cert validation in your Java code, by replacing the TrustManager with an "all-trusting" version. This is my current solution. It does not risk security (since you KNOW which URL you're connecting to, and you know that PayPal's cert is valid!).

Here's the code (not sure how this will look in the forum...):

private static void disableCertCheck()
{
// make a naive trust manager
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers(){
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
}
};

// install it
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
catch (Exception e) {}
}

Try flitronn.
&lt;a href= http://en.wikipedia.org/wiki/Rape &gt; Rape &lt;/a&gt; Rape [link http://en.wikipedia.org/wiki/Rape] Rape [/link]
&lt;a href= http://daughter-incest.enic.nl/ &gt; gay incest stories &lt;/a&gt; gay incest stories [link http://daughter-incest.enic.nl/] gay incest stories [/link]
&lt;a href= http://rapesex.enic.nl/ &gt; forced sex fantasy &lt;/a&gt; forced sex fantasy [link http://rapesex.enic.nl/] forced sex fantasy [/link]
&lt;a href= http://rape-porn.enic.nl/ &gt; anal rape &lt;/a&gt; anal rape [link http://rape-porn.enic.nl/] anal rape [/link]
&lt;a href= http://amateur-incest.enic.nl/ &gt; incest mom &lt;/a&gt; incest mom [link http://amateur-incest.enic.nl/] incest mom [/link]
&lt;a href= http://rape-porn.enic.nl/ &gt; forced oral sex &lt;/a&gt; forced oral sex [link http://rape-porn.enic.nl/] forced oral sex [/link]

&lt;a href= http://en.wikipedia.org/wiki/Incest &gt; Incest &lt;/a&gt; Incest [link http://en.wikipedia.org/wiki/Incest] Incest [/link]