I am in first in automated testing. So, I have a task to create automated script for API testing. I need to create https request with self-signed serificate. This certificate gave me our admins with p12 extension and password file. I exported this certificate to .cer extenssion. Than I created the trust store and import this certificate to this store.
C:\Program Files (x86)\Java\jdk1.8.0_25\jre\bin>keytool -import -keystore clienttrust.jks -file marta.cer -storepass storepass
I located the marta.cer and clienttrust.jks near my project. I have writing my code in IntelliJ IDEA 13.1.1 on Java.
Here is code:
public void testSimpleHttpsClient() throws CertificateException, InterruptedException, UnrecoverableKeyException, NoSuchAlgorithmException,
IOException, KeyManagementException, KeyStoreException {
URL url = new URL("https://intstg1-kaakioskpublicapi.ptstaging.ptec/TLE/36171/player/info");
HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
con.setRequestMethod( "GET" );
SSLContext sslContext = SSLContext.getInstance("TLS");
char[] passphrase = "storepass".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(this.getClass().getResourceAsStream("clienttrust.jks"), passphrase);
System.out.println(ks);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
System.out.println(tmf.toString());
HostnameVerifier hostnameVerifier = new HostnameVerifier() {
public boolean verify(String s, SSLSession sslSession) {
return s.equals(sslSession.getPeerHost());
}
};
con.setHostnameVerifier(hostnameVerifier);
sslContext.init(null, tmf.getTrustManagers(), null);
con.setSSLSocketFactory(sslContext.getSocketFactory());
int responseCode = con.getResponseCode();
InputStream inputStream;
if (responseCode == HttpURLConnection.HTTP_OK) {
inputStream = con.getInputStream();
} else {
inputStream = con.getErrorStream();
}
// Process the response
BufferedReader reader;
String line = null;
reader = new BufferedReader( new InputStreamReader( inputStream ) );
while( ( line = reader.readLine() ) != null )
{
System.out.println( line );
}
inputStream.close();
}
So, after this code executes I get the next Exception:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1471) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:936) at sun.security.ssl.Handshaker.process_record(Handshaker.java:871) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1511) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1439) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) at httpConnection.Connection.testSimpleHttpsClient(Connection.java:179) at httpConnection.Connection.main(Connection.java:22) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120) Caused by: sun.security.validator.ValidatorException: No trusted certificate found at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:384) at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:133) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1453) ... 20 more
Guys, please explain to me how to solve this problem.
HostnameVerifieryou're using is insecure. It's only checking the hostname against a reverse lookup (so vulnerable to MITM attacks), not against the certificate. – Bruno