1

We have a requirement where we need to call the XML-RPC API of Confluence server to push some data. Our Confluence server is protected by two way SSL authentication (mutual auth). After some searching on internet i got some info on writing an xml-rpc client with SSL properties and then making the API call. But the code is failing with below SSLHandshake error. 

*** ServerHelloDone

[read] MD5 and SHA1 hashes: len = 4 0000: 0E 00 00 00 .... Warning: no suitable certificate found - continuing without client authentication *** Certificate chain

*** ECDHClientKeyExchange

main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure main, called close() main, called closeInternal(true) main, called close() main, called closeInternal(true) JavaClient: org.apache.xmlrpc.XmlRpcException: Failed to create input stream: Received fatal alert: handshake_failure

Below is my source code :

import org.apache.xmlrpc.client.XmlRpcClientConfigImpl;

import org.apache.xmlrpc.client.XmlRpcClient;

import java.net.URL; import java.util.Vector;

/** * XmlRpc Client with SSL * * */ public class XMLRPC_SSL_Client {

public static void main(String[] args) {
    try {
        XmlRpcClientConfigImpl clientConfig = new XmlRpcClientConfigImpl();
        clientConfig.setServerURL(new URL("https://stg.api.collaborate.testing.com/confluence/rpc/xmlrpc"));

        XmlRpcClient xmlRpcClient = new XmlRpcClient();
        xmlRpcClient.setConfig(clientConfig);

        Vector<String> params = new Vector<String>();

        params.add("confadmin1");
        params.add("confadmin1");

        System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");

        //Trust srever's certificate
        System.setProperty("javax.net.ssl.trustStore", "/Users/aswain/security/truststore/staging_api_collaborate.jks");
        System.setProperty("javax.net.ssl.trustStorePassword", "test112233");

        //Send client's certificate
        System.setProperty("javax.net.ssl.keyStore", "/Users/aswain/security/certs/devuser_client_cert.jks");
        System.setProperty("javax.net.ssl.keyStorePassword", "test112233");

        System.out.println(System.getProperties());

        System.out.println("Invoking remote method confluence2.login via xml-rpc");

        Object result = xmlRpcClient.execute("confluence2.login", params);

        String loginToken = (String) result;
        System.out.println("loginToken : " + loginToken);
    } catch (Exception exception) {
        System.err.println("JavaClient: " + exception);
    }

}

}

The password & path to view the *.jks files are correct. Please help in resolving this issue.

Ayaskant
  • 459
  • 1
  • 5
  • 11
  • 1
    If you add -Djavax.net.debug=ssl to your client program it will probably tell you more about what is happening. – Nikolaj Hansen Apr 18 '18 at 12:14
  • @NikolajHansen - I have done that already and pasted the "no suitable certificate found - continuing without client authentication" message from that log above. – Ayaskant Apr 18 '18 at 18:25
  • Sorry didn't see that. Read this. Exactly the same error. So probably your server trusts tore does not have the public key of the client? https://stackoverflow.com/a/39096286/1700716 – Nikolaj Hansen Apr 19 '18 at 19:19
  • https://stackoverflow.com/a/39096286/1700716 – Nikolaj Hansen Apr 19 '18 at 19:19

0 Answers0