-1

This is a question regarding an exception that is occurring in my code which makes a call to an https server. 

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

It internally uses an instance of CloseableHttpClient to execute the PUT call.

Also, this code is a functional test that would be running on a remote machine as a CI job. I have seen some solutions with the SSL certificate error that mention how we can disable the SSL certificate validation in Java or add the certificate in the local JVM, one of them being here -

'peer not authenticated' SSL certificate error usng DefaultHttpClient

Unfortunately, it doesn't seem to be working as this is a remote machine and we cannot import certificates into that machine. 

String endPoint = "https://" + hostName + ":" + port + "/v1/service/data/put";

endPoint is set in the code that is called from a jar. So, there is no scope that we'd be able to change it either.

If I am running the code that makes a PUT call to the endPoint from a standalone class (through the main method), it seems to be running fine, returning a 200/OK. Currently, the exception occurs if it is being run as a TestNG class from the .xml file.

The code added as a Github gist is here.

Let me know if you need more details.

Community
  • 1
  • 1
Saran
  • 1,253
  • 1
  • 9
  • 10
  • can you add your code so we can see the gist of how you set up the call? – matias elgart Nov 12 '16 at 04:19
  • If you mean Apache components (you don't actually say so) `CloseableHttpClient` is nonconstructible; normally you use the result of `HttpClientBuilder` which can customize the `SSLContext` including the truststore or even `TrustManager`. Although if you do this in code, you are violating at least to some extent the principle of 'test what you release' and in particular may risk making releases that are less secure or even totally insecure. – dave_thompson_085 Nov 12 '16 at 06:16
  • @melgart I have added the code as a link in the post above. It is [here](https://gist.github.com/sarankumarv/b05cba4d86080e84eed693bd6789f25e), as a Github gist. – Saran Nov 12 '16 at 10:15
  • @dave_thompson_085 Yes, it is using an `HttpClientBuilder` object actually. The customization cannot be done I'm afraid because as I had mentioned, the implementation is in a jar which has the .class I am using. You can refer to the code [here](https://gist.github.com/sarankumarv/b05cba4d86080e84eed693bd6789f25e). – Saran Nov 12 '16 at 10:23
  • You said the cert store couldn't be changed and the setting of `endPoint` (the URL) couldn't be changed. You didn't say the connection build couldn't be changed. However, you've found a solution so it doesn't matter. – dave_thompson_085 Nov 16 '16 at 05:31

2 Answers2

0

there's a lot going on there and most of it isn't really related to the problem (the caching, for example or the other boilerplate code to set up the call).

what i usually do in this kind of situation is reduce your problem to a smaller and smaller chunk of code that can still reproduce the problem. for ex, using these HttpClient components, can you make any SSL call? try this code, which requires HttpClient 4.4 and will work on sites that don't have valid certificates:

    CloseableHttpClient client = HttpClients.custom()
      .setSSLContext(sslContext)
      .setSSLHostnameVerifier(new NoopHostnameVerifier())
      .build();
    HttpGet httpGet = new HttpGet(<your https URL here>);
    httpGet.setHeader("Accept", <whatever appropriate for URL above>);

    HttpResponse response = client.execute(httpGet);
    System.out.println(response.getStatusLine().getStatusCode());
matias elgart
  • 1,123
  • 12
  • 18
  • This is internally what is present in the code as well, but, as POST. The certificates are also being disabled in the implementation. – Saran Nov 16 '16 at 04:11
-1

As it was mentioned in the question, the code works fine if it were running in a standalone class, through the main method.

I was able to resolve the issue by placing my code in a static block. It might be related to the certificates being disabled during class load and thus, works fine now.

Saran
  • 1,253
  • 1
  • 9
  • 10
  • It most certainly does not have anything whatsoever to do with 'certificates being disabled during class load'. – user207421 Nov 16 '16 at 05:02