0

I am quite a beginner in Java Spring world and I don't how to deal with my situation. I have to work with some API over HTTPS which have certificates issued by non-trusted CA. I have a code for this:

RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.add("Content-Type", "application/json;charset=UTF-8");
headers.add("Accept", "*/*");
ResponseEntity<byte[]> responseEntity = restTemplate.getForEntity(url, byte[].class, headers);

Of course because certificates is not trusted I used to get Java error:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

So I disabled certificate validation with code:

public class SSLCertificateValidation {
public static void disable() {
        try {
            SSLContext sslc = SSLContext.getInstance("TLS");
            TrustManager[] trustManagerArray = { new NullX509TrustManager() };
            sslc.init(null, trustManagerArray, null);
            HttpsURLConnection.setDefaultSSLSocketFactory(sslc.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(new NullHostnameVerifier());
        }    
        catch(Exception e) {
            e.printStackTrace();
        }
    }

    private static class NullX509TrustManager implements X509TrustManager {
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            System.out.println();
        }
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            System.out.println();
        }
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    private static class NullHostnameVerifier implements HostnameVerifier {
        public boolean verify(String hostname, SSLSession session) {
            return true;
        }
    }
}

Now my app works with this APIs, but on the other hand I am working with some AWS services from this app. And now I get AWS error:

c.a.h.AmazonHttpClient - Unable to execute HTTP request: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Is there any way to disable certificate validation just for particular URLs? I don't know what should I do now.

PS I know about installing the certificate to the Java cacerts. But unfortunately, it doesn't fit for my situation.

halfer
  • 19,824
  • 17
  • 99
  • 186
user3742622
  • 1,037
  • 3
  • 22
  • 40

1 Answers1

-2

Instead of disabling the SSL check, try installing the certificate to the java cacerts, this way the (I assume self-signed cert) is treated as a trusted certificate.

Best way to get the certificate would be for the owner of the service to provide it for you, other wise you should be able to export the certificate file pretty easily from a browser.

I won't go into too much detail on installing the certificate, because there are some really good answers on this question How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?

Community
  • 1
  • 1
kgengler
  • 122
  • 9
  • I know about installing the certificate to the java cacerts. But unfortunately, It isn't good for my situation. I am looking for the answer for the question that I asked. – user3742622 Jan 24 '16 at 18:17