[Quickfixj-users] Dealing with errors when connecting through SSL

[Diana S. <dia...@gm...>]

Hi, I am looking for some help on how to catch exceptions occurring when
SSL connections fail.

I am creating a desktop application that will connect to a server and send
FIX messages to it.

I am starting from scratch, so this application is roughly the same as the
Banzai application provided in the quickfix/j sources. The application
successfully connects with a simple, TCP connection.

Now I am trying to set up a secure connection (SocketUseSSL=Y and
NeedClientAuth=Y). For a simple, fixed setup, everything works fine.
But I want the desktop application to allow users to use their own keyStore
and trustStore files, which can be set up through a GUI.
The GUI needs to inform the user whether the connection to the server is
successful or not, through a message/log screen. I want to capture all the
events and errors related to establishing the connection via sockets and
display it to the users.
But I cannot catch and handle the exceptions thrown when establishing the
SSL connection (E.g: invalid keystore password). This is because the
connection is established by a different thread, which, if it throws an
exception, is not throwing it in the current application thread.

To reproduce the issue you can run Banzai and either set an empty
truststore or a truststore that does not trust the server we are trying to
connect.

Basically the code:
try {
logon(initiator);
} catch (RuntimeError | ConfigError | IOException e) {
throw new RuntimeException("Failed to connect." + e.getMessage());
}

does not catch anything.

The errors are the following:
  Caused by: java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors
parameter must be non-empty
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target


I would appreciate it if you had any ideas/thoughts on how this could be
managed.

Thank you.