1

I am using old tech stack for maven webapp because of architecture: Java - 1.6, httpClient - 4.2.3. (DefaultHttpClient) I am trying redirect from speed-link to another site within signed form. Process includes two part: firstly I am sending https post request for getting JWT token, Secondly I am sending https get request with the specific token. But when I click the redirect link which gets token, I am getting javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated error.

DefaultHttpClient httpClient = new DefaultHttpClient();
try {
  HttpPost postRequest = new HttpPost(endpointAddress);
  StringEntity input = new StringEntity(jo.toString(), "UTF-8");
  input.setContentType("application/json");
  postRequest.setEntity(input);

  HttpResponse response = httpClient.execute(postRequest);
  HttpEntity httpEntity = response.getEntity();
  String responseString = EntityUtils.toString(httpEntity);
  JSONObject resultObj = new JSONObject(responseString);
  String tokenId = resultObj.getString("token");
}catch(Exception e) {
  e.printStackTrace();
}finally {
  httpClient.getConnectionManager().shutdown();
}

I found a solution from similar asked questions, but it did not worked in my case.

private DefaultHttpClient getDefaultHttpClient(DefaultHttpClient httpClient) throws NoSuchAlgorithmException, KeyManagementException {
        
        SSLContext sslContext = null;
        sslContext = SSLContext.getInstance("SSL");

        // set up a TrustManager that trusts everything
        sslContext.init(null, new TrustManager[] { new X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
                System.out.println("getAcceptedIssuers =============");
                return null;
            }

            public void checkClientTrusted(X509Certificate[] certs, String authType) {
                System.out.println("checkClientTrusted =============");
            }

            public void checkServerTrusted(X509Certificate[] certs, String authType) {
                System.out.println("checkServerTrusted =============");
            }
        } }, new SecureRandom());

        final SSLSocketFactory theSslSocketFactory = new SSLSocketFactory(sslContext);

        final Scheme theHttpsScheme = new Scheme("https", theSslSocketFactory, 443);
        httpClient.getConnectionManager().getSchemeRegistry().register(theHttpsScheme);
        
        return httpClient;
    }
Elgün Şükürov
  • 11
  • 1
  • 2
  • Does this answer your question? [Is there a java setting for disabling certificate validation?](https://stackoverflow.com/questions/4663147/is-there-a-java-setting-for-disabling-certificate-validation) – Valerij Dobler Oct 26 '22 at 07:47
  • 1
    Not actually, error, java version and HttpClient differ. – Elgün Şükürov Oct 26 '22 at 07:51
  • 2
    If the server has an TLS certificate that works in your web browser then most likely this is caused by the outdated Java version or to be precise the outdated `cacerts` file of the used JRE. One possible solution would be to update this file from a recent Java 8 version or specify a custom truststore that contains the root and intermediate CA files you require for that project https://stackoverflow.com/questions/5871279/ssl-and-cert-keystore – Robert Oct 26 '22 at 08:25
  • Shouldn't be the update to Java 8 be [quiet easy](https://www.oracle.com/java/technologies/javase/8-compatibility-guide.html)? – Valerij Dobler Oct 26 '22 at 09:33

0 Answers0