1

Basically, I need to access a "secure" (outdated certificate) server through an http GET request with basic authentication in the header and print (for now) the XML I get from it. I have the code running on C#, as such:

var request = HttpWebRequest.CreateHttp(new Uri(BaseUri, apiUrl));
        request.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
        if (accept != null)
            request.Accept = accept;
        request.ServerCertificateValidationCallback = (s, crt, chain, ssl) => true;
        AddAuthHeaderBasicFromCredentials(request, ApiCredentials);
        try
        {
            var response = request.GetResponse();
            return response.GetResponseStream();
        }
        catch (WebException)
        {
            return null;
        }

As far as my java code goes, this is what I have:

public class Main {
static {
    //for localhost testing only
    javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
    new javax.net.ssl.HostnameVerifier(){

        public boolean verify(String hostname,
                javax.net.ssl.SSLSession sslSession) {    
                return true;
        }
    });
}   

public static void main(String[] args) {

    try {
        String webPage = "https://blabla.com";
        String name = "user";
        String password = "pass";

        String authString = name + ":" + password;
        System.out.println("auth string: " + authString);
        byte[] authEncBytes = Base64.encodeBase64(authString.getBytes());
        String authStringEnc = new String(authEncBytes);
        System.out.println("Base64 encoded auth string: " + authStringEnc);

        URL url = new URL(webPage);
        HttpURLConnection HttpurlConnection = (HttpURLConnection) url.openConnection();
        HttpurlConnection.setRequestMethod("GET");
        HttpurlConnection.setRequestProperty("Authorization", "Basic " + authStringEnc);
        InputStream is = HttpurlConnection.getInputStream();
        InputStreamReader isr = new InputStreamReader(is);

        int numCharsRead;
        char[] charArray = new char[1024];
        StringBuffer sb = new StringBuffer();
        while ((numCharsRead = isr.read(charArray)) > 0) {
            sb.append(charArray, 0, numCharsRead);
        }
        String result = sb.toString();

        System.out.println("*** BEGIN ***");
        System.out.println(result);
        System.out.println("*** END ***");
    } catch (MalformedURLException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
}

}

It works fine on any website that doesn't require authentication but whenever I try to access the website I'm aiming for I get an error saying:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
    PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
    unable to find valid certification path to requested target

The static block at the start of the class was my attempt to bypass the problems I'm having with the certificate. I'm aware it isn't a recommended approach but this is merely for a test and I need it to run.

Thanks in advance, I'll gladly give any information you might need.

jww
  • 97,681
  • 90
  • 411
  • 885
crusher
  • 11
  • 1
  • Possible duplicate of [PKIX path building failed: unable to find valid certification path to requested target](http://stackoverflow.com/questions/4062307/pkix-path-building-failed-unable-to-find-valid-certification-path-to-requested). You haven't included any custom truststore that's why java falls back on the default one which does not accept self-signed certificates. Either add the certificate manually or define a truststore as explained in the link above (although the thread has no accepted solution) – Roman Vottner Aug 12 '14 at 17:28
  • If Apache's HttpClient is acceptable for you eventually [this link here](http://stackoverflow.com/questions/19679320/basic-authentication-using-http-commons-client/19679722#19679722) might be helpful. – Roman Vottner Aug 12 '14 at 17:31
  • possible duplicate of [Trusting all certificates using HttpClient over HTTPS](http://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https) - I'm pretty sure if you look at the first answer at that question, you will get what you want. – Warren Dew Aug 14 '14 at 01:48

0 Answers0