1

I have a cert file and its key. Using these two I am able to call a given service api successfully using postman.

Now I am trying to write a client which should use these two and call the API.Before writing the java code,using openssl created a pfx file using the existing cert file and its corresponding key.After going through few of the examples over internet/stackoverflow:

private static String trustStorePath = "/Library/Java/JavaVirtualMachines/jdk1.8.0_144.jdk/Contents/Home/jre/lib/security/cacerts";
private static final String trustStorePassword = "changeit";
private static final String keyStoreFile = "/pathTocert/mycert.pfx";
private static final String keyStorePassword = "changeit";

public static SSLSocketFactory enableSSL() {
    SSLContext context = null;
    InputStream keyInput = null, truststream = null, certInput = null;

    KeyStore trustks;
    try {

        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyInput =  new FileInputStream(new File(keyStoreFile));


        keyStore.load(keyInput, keyStorePassword.toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());

        trustks = KeyStore.getInstance("JKS");
        File trustcert = new File(trustStorePath);
        truststream = new FileInputStream(trustcert);
        trustks.load(truststream, trustStorePassword.toCharArray());
        truststream.close();

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(trustks);

        context = SSLContext.getInstance("TLS");
        context.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());

        return context.getSocketFactory();

    } catch (KeyStoreException e) {

        e.printStackTrace();
    } catch (IOException e) {

        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {

        e.printStackTrace();
    } catch (CertificateException e) {

        e.printStackTrace();
    } catch (UnrecoverableKeyException e) {

        e.printStackTrace();
    } catch (KeyManagementException e) {

        e.printStackTrace();
    }
    return null;

}

And after doing it in my main method,I am setting SSLSocketFactory and making a https call :

            URL myUrl = new URL(httpsURL);
            SSLSocketFactory sslSocketFactory = enableSSL();
             HttpsURLConnection conn = (HttpsURLConnection)myUrl.openConnection();

            conn.setSSLSocketFactory(sslSocketFactory);

             InputStream is = conn.getInputStream();
             InputStreamReader isr = new InputStreamReader(is);
             BufferedReader br = new BufferedReader(isr);

             String inputLine;

                while ((inputLine = br.readLine()) != null) {
                    System.out.println(inputLine);
                }

                br.close();

I am new to Java security library and I am stuck with

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

I have already tried few of the steps like installing the pfx in cacerts of JDK or changing the code as given on URL

How to connect to a secure website using SSL in Java with a pkcs12 file?

But none has worked so far for me.I will appreciate any help on this.Please write in comment if more info is needed is needed.

Abhinav
  • 1,720
  • 4
  • 21
  • 33
  • Just a note: the cacerts file is loaded by default (you don't have to do it explicitly), unless you want some extra certs to be trusted (is server's certificate qualified? signed by CA and having valid hostname). You could as well use `-Djavax.net.debug=ssl:handshake` to see what certificates are loaded from where (or not) – gusto2 Jan 22 '18 at 12:50

0 Answers0