javax websocket client ssl connection

Question

I have problem with javax.websocket (using Eclipse IDE and Jetty 9 server). I wrote ClientEnpdoint (with all annotation). This code work fine with "ws://" but i have problem when trying use "wss://".

I'm trying do it with SSLContext, but don't know how i can add SSLContextFactory to my session or socket container.

import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.KeyStore;
import java.util.Date;
import java.text.SimpleDateFormat;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.websocket.*;
import javax.websocket.CloseReason.CloseCodes;
import javax.websocket.ClientEndpointConfig;
import javax.websocket.WebSocketContainer;

@ClientEndpoint
public class ScriptSocketJavax extends Thread{

    final static Logger logger = LogManager.getLogger(ScriptSocketJavax.class);

public int checkWork;
private String type;
private String opertr;
private String client;
private Date date = new Date();
private SimpleDateFormat formatForDateNow = new SimpleDateFormat("MM/dd/yyyy");
private Session session;
private URI uri;
WebSocketContainer container;
ClientEndpointConfig endpointConfig;

public ScriptSocketJavax(String opertr, String client, String type) throws Exception{

    this.checkWork = 0;
    this.uri = URI.create("wss://*****"); //ws://****
    this.type = type;
    this.client = client;
    this.opertr = opertr;
    this.container = ContainerProvider.getWebSocketContainer();
    this.container.setDefaultMaxTextMessageBufferSize(1024*1024);
    this.container.setDefaultMaxBinaryMessageBufferSize(1024*1024);

    try {

        String STORETYPE = "JKS";
        String KEYSTORE = "C:\\****";
        String STOREPASSWORD = "123456";
        String KEYPASSWORD = "123456";

        KeyStore ks = KeyStore.getInstance(STORETYPE);
        ks.load(new FileInputStream(KEYSTORE), STOREPASSWORD.toCharArray());
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(ks, KEYPASSWORD.toCharArray());
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(ks);

        SSLContext sslContext = null;
        sslContext = SSLContext.getInstance( "TLS" );
        sslContext.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null );
        sslContext.getSocketFactory();
        SSLSocketFactory factory = sslContext.getSocketFactory();

        this.session = this.container.connectToServer(this, this.uri);  //obj, not class

or how i can make all connection trusted?

StackTrace:

java.io.IOException: Connect failure
at org.eclipse.jetty.websocket.jsr356.ClientContainer.connect(ClientContainer.java:231)
at org.eclipse.jetty.websocket.jsr356.ClientContainer.connectToServer(ClientContainer.java:261)
at com.stepanov.utils.ScriptSocketJavax.<init>(ScriptSocketJavax.java:80)
...
at java.lang.Thread.run(Unknown Source)
Caused by: org.eclipse.jetty.websocket.api.UpgradeException: 0 null
...
at org.eclipse.jetty.websocket.client.WebSocketUpgradeRequest.onComplete(WebSocketUpgradeRequest.java:513)
... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
...
... 15 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 29 more

all connections ? It was asked many times, see this question which contains code around TrustManager : https://stackoverflow.com/q/49454296/7748072 . — Eugène Adell, Apr 03 '18 at 18:01

score 0 · Answer 1 · answered Apr 03 '18 at 17:55

0

First of all that URI's certificate should be trusted by your JAVA. To make it trusted by JAVA you need to add the certificate to java key store.

answered Apr 03 '18 at 17:55

Karnabanu Ashalagari

61
3

yes, i did it. but how i can associate websocket with a certificate? – Mikhail Stepanov Apr 04 '18 at 09:04
It would be better if you could post your full stack trace of the error – Karnabanu Ashalagari Apr 04 '18 at 09:08
Added stack trace. I think this is due to the fact that I put an ordinary websocket to the argument, to which the certificate is not tied in any way – Mikhail Stepanov Apr 04 '18 at 12:40
could you try this option with java -Djavax.net.ssl.trustStore=trustStore – Karnabanu Ashalagari Apr 04 '18 at 12:45

javax websocket client ssl connection

1 Answers1