I need to call my endpoints using certificate authentication.
RequestSpecification rs = RestAssured.given().config(RestAssuredConfig.newConfig()
.sslConfig(new SSLConfig().trustStore("/path/to/trustStore","password")
.keyStore("/path/to/keyStore","password"))).relaxedHTTPSValidation();
rs.body(payload).when().post(URL).then().extract().response();
Received exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
I am not able to specify alias name specified in certificate to be used.
Has anyone faced this and how you were able to solve?
Library used: rest-assured:5.1.1
Edit 1:
I tried below code snippet too but it didn't helped:
rs.spec(new RequestSpecBuilder().setAuth(
RestAssured.certificate(TRUSTSTORE_PATH,
PASSWORD,
KEYSTORE_PATH,
PASSWORD, CertificateAuthSettings
.certAuthSettings()
.keyStoreType("pkcs12")
.trustStoreType("pkcs12")))
.relaxedHTTPSValidation().build());
Related
This my first post here so don't hesitate to tell me if I'm doing something wrong.
I'm made a few line of code in Java 11 to get information from a webstore with JSOUP (1.14.2). Since the webstore as multiple page of data I'm using a loop to get all the url I want.
Here's a simplified exemple of what I'm doing :
for (int i = 1; i < 36; i++) {
String url = ("https://www.play-in.com/rachat/hotlist/magic?p=" + i);
try {
doc = Jsoup.connect(url).get();
} catch (Exception e) {
logger.info("Impossible de récuppérer les éléments de la page " + i + " : " + e);
}
// here i'm parsing the HTML to return an array of object
}
When I run the programme I get :
[main] INFO service.MagicBazarReader - Failed to get data from page 2 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[main] INFO service.MagicBazarReader - Failed to get data from page 3 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[main] INFO service.MagicBazarReader - Failed to get data from page 4 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[main] INFO service.MagicBazarReader - Failed to get data from page 5 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[main] INFO service.MagicBazarReader - Failed to get data from page 6 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[...]
[main] INFO ISmellProfits - Number of result after HTML parsing : 24
And so on.
So the first get() is always a sucess and I can manipulate the result but then it seems to have an issued when calling multipe Jsoup.connect().
Since I'm calling an HTTPS url my first thought was a certificate issue and I tried this solution How to connect via HTTPS using Jsoup? but it didn't helped. And if a certificate was really needed I shouldn't be able to have acces to the url the first time, but I might be wrong here since I don't know a lot on this domain.
Second thought was to use parallel stream :
List <String> links = new ArrayList<>();
for (int i = 1; i < 36; i++) {
String url = ("https://www.play-in.com/rachat/hotlist/magic?p=" + i);
links.add(url);
}
links.parallelStream().forEach(link - > {
Document doc = new Document("");
try {
doc = Jsoup.connect(link).get();
// here i'm parsing the HTML to return an array of object
} catch (Exception e) {
logger.info("Impossible de récuppérer les éléments de la page " + link.substring(link.length() - 2) + " : " + e);
}
});
I have better results but it's still not perfect :
[ForkJoinPool.commonPool-worker-17] INFO service.MagicBazarReader - Failed to get data from page 12 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-23] INFO service.MagicBazarReader - Failed to get data from page 30 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-9] INFO service.MagicBazarReader - Failed to get data from page 5 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-27] INFO service.MagicBazarReader - Failed to get data from page 35 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[main] INFO service.MagicBazarReader - Failed to get data from page 22 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-3] INFO service.MagicBazarReader - Failed to get data from page 1 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-7] INFO service.MagicBazarReader - Failed to get data from page 2 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-21] INFO service.MagicBazarReader - Failed to get data from page 17 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-5] INFO service.MagicBazarReader - Failed to get data from page 31 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[...]
[main] INFO ISmellProfits - Number of result after HTML parsing : 286
So I'm getting a lot more results after HTML parsing, but they are not consistent since i have a different number on every run and i'm still getting SSLHandshakeException.
I'm getting out of idea so I'm asking if someone know what is causing the exception to be thrown.
I'm new to using JSOUP so I still don't know it well.
I think it could be that JSOUP can only have on connection at a time an the loop is calling the new one before the first one is closed.
Thanks for reading.
[RESOLVED]
So it seems the issue is with the JDK11 and the presence of TLSv1.3 among the protocols enabled by default in the JDK. I tried with JDK 16 and i have no issue anymore.
A link to a post who goes deeper in the explanation : Java 11 and 12 SSL sockets fail on a handshake_failure error with TLSv1.3 enabled
How can I enable SNI extension in new Java 9 client? (Package jdk.incubator.http)
HttpClient client = HttpClient.newHttpClient();
client.send(
HttpRequest
.newBuilder(uri)
.GET()
.build(),
HttpResponse.BodyHandler.asString());
But this request failed because of missing TLS SNI extension
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:159)
at java.base/sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1905)
at java.base/sun.security.ssl.SSLEngineImpl.processInputRecord(SSLEngineImpl.java:1140)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1020)
at java.base/sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:902)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:680)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.unwrapBuffer(AsyncSSLDelegate.java:476)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.handshakeReceiveAndUnWrap(AsyncSSLDelegate.java:395)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.doHandshakeImpl(AsyncSSLDelegate.java:294)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.doHandshakeNow(AsyncSSLDelegate.java:262)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.connect(AsyncSSLDelegate.java:233)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLConnection.connect(AsyncSSLConnection.java:78)
at jdk.incubator.httpclient/jdk.incubator.http.Http2Connection.<init>(Http2Connection.java:263)
at jdk.incubator.httpclient/jdk.incubator.http.Http2ClientImpl.getConnectionFor(Http2ClientImpl.java:108)
at jdk.incubator.httpclient/jdk.incubator.http.ExchangeImpl.get(ExchangeImpl.java:86)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.establishExchange(Exchange.java:272)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.responseImpl0(Exchange.java:283)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.responseImpl(Exchange.java:260)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.response(Exchange.java:136)
at jdk.incubator.httpclient/jdk.incubator.http.MultiExchange.response(MultiExchange.java:154)
at jdk.incubator.httpclient/jdk.incubator.http.HttpClientImpl.send(HttpClientImpl.java:234)
at CheckProj/Main.Main.lambda$main$0(Main.java:42)
at java.base/java.util.concurrent.CompletableFuture$UniAccept.tryFire(CompletableFuture.java:714)
at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506)
at java.base/java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2073)
at jdk.incubator.httpclient/jdk.incubator.http.ResponseProcessors$ByteArrayProcessor.onComplete(ResponseProcessors.java:219)
at jdk.incubator.httpclient/jdk.incubator.http.BlockingPushPublisher.acceptData(BlockingPushPublisher.java:65)
at jdk.incubator.httpclient/jdk.incubator.http.AbstractPushPublisher.consume(AbstractPushPublisher.java:51)
at jdk.incubator.httpclient/jdk.incubator.http.ResponseContent.pushBodyChunked(ResponseContent.java:238)
at jdk.incubator.httpclient/jdk.incubator.http.ResponseContent.pushBody(ResponseContent.java:110)
at jdk.incubator.httpclient/jdk.incubator.http.Http1Response.lambda$readBody$2(Http1Response.java:157)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1161)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:844)
How can I fix it?
Here's a work-around that should not work, but does so far.
I've implemented a subclass of SSLContext which always creates an SSLEngine with the hostname/port set (as well as SSL Parameters to check the host name).
https://gist.github.com/beders/51d3600d7fb57ad7d36a1745749ef641
Use it like this
HttpClient client = HttpClient.newBuilder().sslContext(ctx).sslParameters(ctx.getParametersForSNI()).followRedirects(HttpClient.Redirect.ALWAYS).build();
Let me know if it works
I am trying to connect to WebService client using HttpApiClient. I am specifying
truststore = <path to Java cacerts>
truststore password = <default pass>
keystore = <custom JKS properties with all certs>
keystore password = <default pass>
When I debug the SSL using Java, I dont even see the "Server Hello message" directly the fatal, handshake error like below:
http-bio-8080-exec-9, WRITE: TLSv1 Handshake, length = 122
http-bio-8080-exec-9, READ: TLSv1 Alert, length = 2
http-bio-8080-exec-9
, RECV TLSv1 ALERT:
fatal,
handshake_failure
http-bio-8080-exec-9, called closeSocket()
http-bio-8080-exec-9, handling exception: javax.net.ssl.SSLHandshakeException:
Received fatal alert: handshake_failure
http-bio-8080-exec-9, called close()
http-bio-8080-exec-9, called closeInternal(true)
I cant debug further because there are no clues as to what is wrong. Error message does not describe anything. I have double checked all the certs are present. Any ideas on how can I debug this / what is missing ?
I have this code snippet which simply lists the buckets. However, I am not able to get this working with https.
This is what I do.
Generate the latest root certificate for my OS (RHEL 5.3).
Do a keytool import to my trust store.
Use the following flags
-Djavax.net.ssl.trustStore=path_to_key_store
-Djavax.net.ssl.trustStorePassword=password_to_key_store
BasicAWSCredentials credentials = new BasicAWSCredentials(username, password);
ClientConfiguration clientConfig = new ClientConfiguration();
clientConfig.setConnectionTimeout(timeout);
AmazonS3 s3 = new AmazonS3Client(credentials, clientConfig);
s3.setEndpoint(url);
for (Bucket bucket: s3.listBuckets()) {
System.out.println("Bucket name::" + bucket.getName());
}
What am I doing wrong? How can I get https to work?
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
main, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
Jan 22, 2015 2:55:40 PM com.amazonaws.http.AmazonHttpClient executeHelper
INFO: Unable to execute HTTP request: peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.connectSocket(SdkTLSSocketFactory.java:118)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:685)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:460)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:295)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3714)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3664)
at com.amazonaws.services.s3.AmazonS3Client.listBuckets(AmazonS3Client.java:685)
at com.amazonaws.services.s3.AmazonS3Client.listBuckets(AmazonS3Client.java:693)
at AmazonS3ClientTester.main(AmazonS3ClientTester.java:23)
When i try to send a push notification to IOS by using 'ApnsService' on java, i got error as below:
com.notnoop.exceptions.NetworkIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.notnoop.apns.internal.Utilities.wrapAndThrowAsRuntimeException(Utilities.java:269)
at com.notnoop.apns.internal.ApnsConnectionImpl.sendMessage(ApnsConnectionImpl.java:257)
at com.notnoop.apns.internal.ApnsConnectionImpl.sendMessage(ApnsConnectionImpl.java:230)
at com.notnoop.apns.internal.ApnsServiceImpl.push(ApnsServiceImpl.java:46)
at com.notnoop.apns.internal.AbstractApnsService.push(AbstractApnsService.java:56)
at com.notnoop.apns.internal.ApnsServiceImpl.push(ApnsServiceImpl.java:36)
at com.notnoop.apns.internal.AbstractApnsService.push(AbstractApnsService.java:45)
at net.penril.notification.Initializer.notificationWorker(Initializer.java:189)
at net.penril.notification.Initializer.Initial(Initializer.java:53)
at net.penril.notification.PushNotificationCron$Job.run(PushNotificationCron.java:12)
at EDU.oswego.cs.dl.util.concurrent.ClockDaemon$RunLoop.run(Unknown Source)
at java.lang.Thread.run(Thread.java:722)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1977)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1093)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.OutputStream.write(OutputStream.java:75)
at com.notnoop.apns.internal.ApnsConnectionImpl.sendMessage(ApnsConnectionImpl.java:240)
... 10 more
Please refer below for my source code on server side:
ApnsService service =
APNS.newService()
.withCert("src/net/notification/certificate.p12", "XXXXXX")
.withSandboxDestination()
.build();
String payload = APNS.newPayload().alertBody(record.getSendMsg()).build();
String token = record.getRegId();
service.push(token, payload);
I would like to ask, the certificate i used suppose to be covert to java keystore format or any solution on it?
This is Certificate issue.
Check your Certificate path is correct or not.
Otherwise your Certificate (certificate.p12) is not valid.