https post request using httpClient and cert.em

1.1k views Asked by At

I have a piece of code that sends a payload to a https endpoint(or should). I also have a CA chain in .pem format and this how in code I try and add that use it to do the POST.

HttpClient client = new HttpClient();
                Gson gson = new GsonBuilder().setPrettyPrinting().create();
                String jsonString = gson.toJson(parentData);
                Properties systemProps = System.getProperties();
                systemProps.put( "javax.net.ssl.trustStore", "/Users/kaulk/Downloads/djca-2048.pem");
                systemProps.put("javax.net.ssl.trustStorePassword", "changeit");
                System.setProperty("javax.net.ssl.keyStoreType","pkcs12");
                System.setProperties(systemProps);              
                PostMethod method = new PostMethod("https://beta.fcm.fint.xxx.net/notify/BuildNotification");
                StringRequestEntity requestEntity = new StringRequestEntity(
                                jsonString,
                                "application/json",
                                "UTF-8");
                method.setRequestEntity(requestEntity);
                int statusCode = client.executeMethod(method);

but it fails with the error:

Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl) at java.security.Provider$Service.newInstance(Provider.java:1245) at sun.security.jca.GetInstance.getInstance(GetInstance.java:220) at sun.security.jca.GetInstance.getInstance(GetInstance.java:147) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68) at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102) ... 22 more Caused by: java.io.IOException: Invalid keystore format

Any reasons why ?

2

There are 2 answers

5
Paul John On BEST ANSWER

As per the documentation on SSL properties

javax.net.ssl.trustStoreType - (Optional) For Java keystore file format, this property has the value jks (or JKS). You do not normally specify this property, because its default value is already jks.

Try setting javax.net.ssl.trustStoreType

The exception you are getting is often thrown due to underlying errors.

These settings will also help you get more info to troubleshoot -Djavax.net.debug=ssl, or at least -Djavax.net.debug=ssl,keymanager

The storeType should be based on the certificate file imported Useful post - Java Exception on SSLSocket creation

0
vempo On

You have to import the CA certificates into a keystore first, then pass the keystore in "javax.net.ssl.trustStore". Importing certificates into a keystore: https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html#keytool_option_importcert.

Also, the way you're setting system properties is inconsistent - System.setProperties(systemProps) seems to override the property you set in the line above it.