0

I have a piece of code that sends a payload to a https endpoint(or should). I also have a CA chain in .pem format and this how in code I try and add that use it to do the POST.

HttpClient client = new HttpClient();
                Gson gson = new GsonBuilder().setPrettyPrinting().create();
                String jsonString = gson.toJson(parentData);
                Properties systemProps = System.getProperties();
                systemProps.put( "javax.net.ssl.trustStore", "/Users/kaulk/Downloads/djca-2048.pem");
                systemProps.put("javax.net.ssl.trustStorePassword", "changeit");
                System.setProperty("javax.net.ssl.keyStoreType","pkcs12");
                System.setProperties(systemProps);              
                PostMethod method = new PostMethod("https://beta.fcm.fint.xxx.net/notify/BuildNotification");
                StringRequestEntity requestEntity = new StringRequestEntity(
                                jsonString,
                                "application/json",
                                "UTF-8");
                method.setRequestEntity(requestEntity);
                int statusCode = client.executeMethod(method);

but it fails with the error:

Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl) at java.security.Provider$Service.newInstance(Provider.java:1245) at sun.security.jca.GetInstance.getInstance(GetInstance.java:220) at sun.security.jca.GetInstance.getInstance(GetInstance.java:147) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68) at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102) ... 22 more Caused by: java.io.IOException: Invalid keystore format

Any reasons why ?

Scooby
  • 3,371
  • 8
  • 44
  • 84

2 Answers2

1

As per the documentation on SSL properties

javax.net.ssl.trustStoreType - (Optional) For Java keystore file format, this property has the value jks (or JKS). You do not normally specify this property, because its default value is already jks.

Try setting javax.net.ssl.trustStoreType

The exception you are getting is often thrown due to underlying errors.

These settings will also help you get more info to troubleshoot -Djavax.net.debug=ssl, or at least -Djavax.net.debug=ssl,keymanager

The storeType should be based on the certificate file imported Useful post - Java Exception on SSLSocket creation

Community
  • 1
  • 1
Paul John
  • 1,626
  • 1
  • 13
  • 15
  • what should the trustStoreType be ? pkcs12 or jks? – Scooby Jun 09 '15 at 12:53
  • it should jks which is default - http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization – Paul John Jun 09 '15 at 12:54
  • But it should vary depending on your certificate file format - https://docs.oracle.com/cd/E29585_01/PlatformServices.61x/security/src/tsec_ssl_jsp_pkcs12.html – Paul John Jun 09 '15 at 12:56
  • Im doing a .pem file so not sure if it should be either jkcs or psck12. – Scooby Jun 09 '15 at 13:02
  • you coudl try importing this into the keystore - http://stackoverflow.com/questions/2138940/import-pem-into-java-key-store – Paul John Jun 09 '15 at 13:04
1

You have to import the CA certificates into a keystore first, then pass the keystore in "javax.net.ssl.trustStore". Importing certificates into a keystore: https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html#keytool_option_importcert.

Also, the way you're setting system properties is inconsistent - System.setProperties(systemProps) seems to override the property you set in the line above it.

vempo
  • 3,093
  • 1
  • 14
  • 16