asked on
This method that I wrote seems to throw an error at "con.getResponseCode()" whenever the server certificates are not configured correctly
To configure them I call this method before the one above:
The problem that I am having is that if the second method is not called before the first, then the certificates are not in place and I get this error:
Of course when I call the methods in the right order that error is not there.
My question is can anyone help me write a check that can be done on maybe the HttpsURLConnection con object from the first code that can help me verify that the relevant certificates are properly recognized? Of course, the aim is to find a a more graceful way to exit when there is an error.
A sample test that was written is as follows:
private static String sendGetHttps(String url)
{
BufferedReader in = null;
try{
logger.info("Connecting to url: " + url);
URL obj = new URL(url);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
logger.info("Response Code after connecting to url: " + responseCode);
in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
logger.info("Response String: " + response.toString());
return response.toString();
}catch(Exception e ){
throw new PMRException(e.getMessage(),e);
}
finally
{
if(in!= null)
{
try
{
in.close();
}
catch(Exception e)
{
}
}
}
}
To configure them I call this method before the one above:
public static void getSSLCertificate(String keyStoreLocation, String keyStorePassword, String jksPassword) {
final char[] JKS_PASSWORD = jksPassword.toCharArray();
final char[] KEY_PASSWORD = keyStorePassword.toCharArray();
try {
// Get the JKS contents
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(new File(keyStoreLocation)), JKS_PASSWORD);
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, KEY_PASSWORD);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
// Creates a socket factory for HttpsURLConnection using JKS contents
final SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new java.security.SecureRandom());
final SSLSocketFactory socketFactory = sc.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);
} catch (IOException exc) {
throw new RuntimeException(exc);
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}
}
The problem that I am having is that if the second method is not called before the first, then the certificates are not in place and I get this error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
Of course when I call the methods in the right order that error is not there.
My question is can anyone help me write a check that can be done on maybe the HttpsURLConnection con object from the first code that can help me verify that the relevant certificates are properly recognized? Of course, the aim is to find a a more graceful way to exit when there is an error.
A sample test that was written is as follows:
public class ProgramTest {
public static void main(String[] args){
try {
NetUtils.getSSLCertificate("c:/Users/kingw/.keystore", "changeit", "changeit");
NetUtils.sendGet("https://testing.dev.cfed.local/api/auth/" + "c076utf5-2aaa-4b58-92d3-981dyhfefvgyyh" + "/" + "22");
}catch(Exception e){
e.printStackTrace();
}
}
}
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 8 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.