How to Call Server API using certificate in JAVA

0
votes

I have to call server API using certificate , So I Have imported the cer file into keystore and done coding,but still getting error as javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

command for importing the cer file into keystore. keytool -importcert -file D:\KALAIVANI_ALL\kalaivani\NEW_EMANDATE_APGB\servertoservecert\onmagcert.cer -keystore D:\KALAIVANI_ALL\kalaivani\NEW_EMANDATE_APGB\servertoservecert\server_npcikeystore.jks -alias "cedge1"

    appPathCertificate="D:/KALAIVANI_ALL/kalaivani/NEW_EMANDATE_APGB/servertoservecert/server_npcikeystore.jks";
                 
                  System.out.println("appPathCertificate--->"+appPathCertificate);
                  char[] passphrase = "cedge1".toCharArray(); //password
                  KeyStore keystore = KeyStore.getInstance("JKS");
                  keystore.load(new FileInputStream(appPathCertificate), passphrase); //path
 TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                  tmf.init(keystore);


                  SSLContext context = SSLContext.getInstance("TLS");
                  TrustManager[] trustManagers = tmf.getTrustManagers();
                  context.init(null, trustManagers, null);
                  SSLSocketFactory sf = context.getSocketFactory();
                  
             URL url = new URL(common_utility.getEmandateServerResponeURL());
            System.setProperty("javax.net.ssl.keyStore", appPathCertificate);
System.setProperty("javax.net.ssl.keyStorePassword", "cedge1");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");   
                
                String proxyhost=common_utility.getProxyHost();
                String proxyport=common_utility.getProxyPort();
                Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyhost, new Integer(proxyport)));
                HttpsURLConnection  conn = (HttpsURLConnection ) url.openConnection(proxy);
                conn.setSSLSocketFactory(sf);
                
                conn.setDoInput(true);
                conn.setDoOutput(true);
                conn.setRequestMethod("POST");
                conn.setUseCaches (false);
                System.out.println("GETISSUE Request : "+str_jsonparams);
                OutputStream os = conn.getOutputStream();
                os.write(str_jsonparams.getBytes());
                os.flush();
                 System.out.println("Response code :"+conn.getResponseCode());
1
javaserverkeystore
Anyone can help pelasepallavi

1 Answers

0
votes

You're facing the issue with the validation of response from the server during the SSL handshake process. You need to add the intermediates and root certificates in the trust store. Those certificates will be used to validate the server identity. For example, while making the connection, you're receiving the stackexchange server certificate. Then in order to validate the identity, you must have R3 cert (intermediate CA) and DST Root CA X3 (Root CA) in the trust store.

enter image description here

TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keystore);

context.init(null, trustManagers, null);

In your case, as you're initialising TrustManagerFactory with Keystore, so you've to put the intermediates and root certificates in the Keystore. The JDK store cacerts won't be in use here.