This my first post here so don't hesitate to tell me if I'm doing something wrong.
I'm made a few line of code in Java 11 to get information from a webstore with JSOUP (1.14.2). Since the webstore as multiple page of data I'm using a loop to get all the url I want.
Here's a simplified exemple of what I'm doing :
for (int i = 1; i < 36; i++) {
String url = ("https://www.play-in.com/rachat/hotlist/magic?p=" + i);
try {
doc = Jsoup.connect(url).get();
} catch (Exception e) {
logger.info("Impossible de récuppérer les éléments de la page " + i + " : " + e);
}
// here i'm parsing the HTML to return an array of object
}
When I run the programme I get :
[main] INFO service.MagicBazarReader - Failed to get data from page 2 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[main] INFO service.MagicBazarReader - Failed to get data from page 3 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[main] INFO service.MagicBazarReader - Failed to get data from page 4 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[main] INFO service.MagicBazarReader - Failed to get data from page 5 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[main] INFO service.MagicBazarReader - Failed to get data from page 6 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[...]
[main] INFO ISmellProfits - Number of result after HTML parsing : 24
And so on.
So the first get() is always a sucess and I can manipulate the result but then it seems to have an issued when calling multipe Jsoup.connect().
Since I'm calling an HTTPS url my first thought was a certificate issue and I tried this solution How to connect via HTTPS using Jsoup? but it didn't helped. And if a certificate was really needed I shouldn't be able to have acces to the url the first time, but I might be wrong here since I don't know a lot on this domain.
Second thought was to use parallel stream :
List <String> links = new ArrayList<>();
for (int i = 1; i < 36; i++) {
String url = ("https://www.play-in.com/rachat/hotlist/magic?p=" + i);
links.add(url);
}
links.parallelStream().forEach(link - > {
Document doc = new Document("");
try {
doc = Jsoup.connect(link).get();
// here i'm parsing the HTML to return an array of object
} catch (Exception e) {
logger.info("Impossible de récuppérer les éléments de la page " + link.substring(link.length() - 2) + " : " + e);
}
});
I have better results but it's still not perfect :
[ForkJoinPool.commonPool-worker-17] INFO service.MagicBazarReader - Failed to get data from page 12 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-23] INFO service.MagicBazarReader - Failed to get data from page 30 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-9] INFO service.MagicBazarReader - Failed to get data from page 5 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-27] INFO service.MagicBazarReader - Failed to get data from page 35 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[main] INFO service.MagicBazarReader - Failed to get data from page 22 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-3] INFO service.MagicBazarReader - Failed to get data from page 1 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-7] INFO service.MagicBazarReader - Failed to get data from page 2 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-21] INFO service.MagicBazarReader - Failed to get data from page 17 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ForkJoinPool.commonPool-worker-5] INFO service.MagicBazarReader - Failed to get data from page 31 : javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[...]
[main] INFO ISmellProfits - Number of result after HTML parsing : 286
So I'm getting a lot more results after HTML parsing, but they are not consistent since i have a different number on every run and i'm still getting SSLHandshakeException.
I'm getting out of idea so I'm asking if someone know what is causing the exception to be thrown.
I'm new to using JSOUP so I still don't know it well.
I think it could be that JSOUP can only have on connection at a time an the loop is calling the new one before the first one is closed.
Thanks for reading.
[RESOLVED]
So it seems the issue is with the JDK11 and the presence of TLSv1.3 among the protocols enabled by default in the JDK. I tried with JDK 16 and i have no issue anymore.
A link to a post who goes deeper in the explanation : Java 11 and 12 SSL sockets fail on a handshake_failure error with TLSv1.3 enabled
Related
I need to call my endpoints using certificate authentication.
RequestSpecification rs = RestAssured.given().config(RestAssuredConfig.newConfig()
.sslConfig(new SSLConfig().trustStore("/path/to/trustStore","password")
.keyStore("/path/to/keyStore","password"))).relaxedHTTPSValidation();
rs.body(payload).when().post(URL).then().extract().response();
Received exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
I am not able to specify alias name specified in certificate to be used.
Has anyone faced this and how you were able to solve?
Library used: rest-assured:5.1.1
Edit 1:
I tried below code snippet too but it didn't helped:
rs.spec(new RequestSpecBuilder().setAuth(
RestAssured.certificate(TRUSTSTORE_PATH,
PASSWORD,
KEYSTORE_PATH,
PASSWORD, CertificateAuthSettings
.certAuthSettings()
.keyStoreType("pkcs12")
.trustStoreType("pkcs12")))
.relaxedHTTPSValidation().build());
This question already has an answer here:
Karate DSL: Getting connection timeout error
(1 answer)
Closed 1 year ago.
For some reason I just can't get the quickstart example running. My assumption is that it is related to corporate proxy. Here are my steps:
Create new project using the Maven archetype (as described in the documentation).
Run the tests (without any adjustments first) and getting the following results:
[pool-1-thread-1] ERROR com.intuit.karate - java.net.UnknownHostException: jsonplaceholder.typicode.com, http call failed after 648 milliseconds for url: https://jsonplaceholder.typicode.com/users
[pool-1-thread-2] ERROR com.intuit.karate - java.net.UnknownHostException: jsonplaceholder.typicode.com, http call failed after 564 milliseconds for url: https://jsonplaceholder.typicode.com/users
[pool-1-thread-1] ERROR com.intuit.karate - classpath:examples/users/users.feature:9
When method get
http call failed after 648 milliseconds for url: https://jsonplaceholder.typicode.com/users
classpath:examples/users/users.feature:9
[pool-1-thread-2] ERROR com.intuit.karate - classpath:examples/users/users.feature:36
When method post
http call failed after 564 milliseconds for url: https://jsonplaceholder.typicode.com/users
classpath:examples/users/users.feature:36
---------------------------------------------------------
feature: classpath:examples/users/users.feature
scenarios: 2 | passed: 0 | failed: 2 | time: 1.3194
---------------------------------------------------------
Making the following adjustments to karate-config.js:
function fn() {
// ...
var config = {
// ...
proxy: {uri: 'https://xx.xx.xx.xxx:1234', username: 'my_username', password: 'my_password'},
}
// ...
karate.configure('ssl', true);
karate.configure('proxy', config.proxy);
return config;
}
Run the tests again and getting the following results:
[pool-1-thread-1] ERROR com.intuit.karate - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?, http call failed after 278 milliseconds for url: https://jsonplaceholder.typicode.com/users
[pool-1-thread-2] ERROR com.intuit.karate - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?, http call failed after 100 milliseconds for url: https://jsonplaceholder.typicode.com/users
[pool-1-thread-1] ERROR com.intuit.karate - classpath:examples/users/users.feature:9
When method get
http call failed after 278 milliseconds for url: https://jsonplaceholder.typicode.com/users
classpath:examples/users/users.feature:9
[pool-1-thread-2] ERROR com.intuit.karate - classpath:examples/users/users.feature:36
When method post
http call failed after 100 milliseconds for url: https://jsonplaceholder.typicode.com/users
classpath:examples/users/users.feature:36
---------------------------------------------------------
feature: classpath:examples/users/users.feature
scenarios: 2 | passed: 0 | failed: 2 | time: 0.5533
---------------------------------------------------------
Adding httpclient, as described in this older SO answer. Unfortunately, still the same results as in point 4) above.
Any idea how to fix this?
Merge the certificate from your corporate proxy into the default truststore and provide it to your program.
Your corporate proxy likely uses an selfsigned certificate which is not in the truststore and therefore cannot be used to connect via HTTPS
Try any other example:
Feature: simple requests
Scenario: simple post
* url 'https://httpbin.org'
* param foo = 'bar'
* path 'anything'
* request { foo: 'bar' }
* method post
* match response contains { json: { foo: 'bar' } }
I am trying to read email using Apache Camel over IMAPS.
EDIT: The server is using a self-signed certificate. I have configured a keystore and have verified it working over JavaMail.
I have followed the information contained here and here to configure Apache Camel to use the keystore with the self signed certificate.
Here is my test code:
#Test
public void test() throws Exception {
System.setProperty("javax.net.debug", "all");
DefaultCamelContext camelContext;
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("src/test/resources/config/ssl/keystore");
ksp.setPassword("password");
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(ksp);
SSLContextParameters scp = new SSLContextParameters();
scp.setTrustManagers(tmp);
SimpleRegistry registry = new SimpleRegistry();
registry.put("sslContextParameters", scp);
camelContext = new DefaultCamelContext(registry);
RouteBuilder route = new RouteBuilder() {
#Override
public void configure() throws Exception {
from(startEndpoint()).to("log:mail");
}
};
try {
camelContext.addRoutes(route);
} catch (Exception e) {
throw new RuntimeException(e);
}
camelContext.start();
Thread.sleep(60 * 1000);
}
private String startEndpoint() {
return "imaps://myserver.mydomain?username=myuser&password=mypassword&sslContextParameters=#sslContextParameters";
}
If fails with the following error:
Camel (camel-1) thread #0 - imaps://myserver.mydomain, SEND TLSv1 ALERT: fatal,
description = certificate_unknown
Camel (camel-1) thread #0 - imaps://myserver.mydomain, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
Camel (camel-1) thread #0 - imaps://myserver.mydomain, called closeSocket()
Camel (camel-1) thread #0 - imaps://myserver.mydomain, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
May 27, 2014 2:23:17 PM com.liferay.portal.kernel.log.Jdk14LogImpl warn
WARNING: Consumer Consumer[imaps://myserver.mydomain?password=xxxxxx&sslContextParameters=%23sslContextParameters&username=myuser] failed polling endpoint: Endpoint[imaps://myserver.mydomain?password=xxxxxx&sslContextParameters=%23sslContextParameters&username=myuser]. Will try again at next poll. Caused by: [javax.mail.MessagingException - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:670)
<snipped>
I have tried adding mail.imaps.ssl.trust parameter to the URI.
I can see that the certificate is not known, but I don't understand why. I have also tried using the standard javax.net.ssl.trustStore parameters which doesn't work either.
What am I doing wrong?
I have tried adding mail.imaps.ssl.trust parameter to the URI.
Setting the mail.imaps.ssl.trust via Camel didn't work for me, too. I was using Java Mail 1.4.2 and had to find out that mail.imaps.ssl.trust support had been added in 1.4.3 (Changelog).
It looks like your server certificates may be "self-signed", please check out this document for solution.
When i try to send a push notification to IOS by using 'ApnsService' on java, i got error as below:
com.notnoop.exceptions.NetworkIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.notnoop.apns.internal.Utilities.wrapAndThrowAsRuntimeException(Utilities.java:269)
at com.notnoop.apns.internal.ApnsConnectionImpl.sendMessage(ApnsConnectionImpl.java:257)
at com.notnoop.apns.internal.ApnsConnectionImpl.sendMessage(ApnsConnectionImpl.java:230)
at com.notnoop.apns.internal.ApnsServiceImpl.push(ApnsServiceImpl.java:46)
at com.notnoop.apns.internal.AbstractApnsService.push(AbstractApnsService.java:56)
at com.notnoop.apns.internal.ApnsServiceImpl.push(ApnsServiceImpl.java:36)
at com.notnoop.apns.internal.AbstractApnsService.push(AbstractApnsService.java:45)
at net.penril.notification.Initializer.notificationWorker(Initializer.java:189)
at net.penril.notification.Initializer.Initial(Initializer.java:53)
at net.penril.notification.PushNotificationCron$Job.run(PushNotificationCron.java:12)
at EDU.oswego.cs.dl.util.concurrent.ClockDaemon$RunLoop.run(Unknown Source)
at java.lang.Thread.run(Thread.java:722)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1977)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1093)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.OutputStream.write(OutputStream.java:75)
at com.notnoop.apns.internal.ApnsConnectionImpl.sendMessage(ApnsConnectionImpl.java:240)
... 10 more
Please refer below for my source code on server side:
ApnsService service =
APNS.newService()
.withCert("src/net/notification/certificate.p12", "XXXXXX")
.withSandboxDestination()
.build();
String payload = APNS.newPayload().alertBody(record.getSendMsg()).build();
String token = record.getRegId();
service.push(token, payload);
I would like to ask, the certificate i used suppose to be covert to java keystore format or any solution on it?
This is Certificate issue.
Check your Certificate path is correct or not.
Otherwise your Certificate (certificate.p12) is not valid.
I am using an Apache CXF client, running in a Windows Java 1.6.0_29-b11 VM to connect to an IBM mainframe (I believe it is zSeries), and invoking a SOAP Web Service running there. The connection is done through SSL/TLS, and most of the time works fine.
However, from time to time I have SSL Exceptions with a bad record MAC message. Here is the output of the program using with the javax.net.debug property.
2011-11-16 12:32:37,731 INFO LoggingOutInterceptor: Outbound Message
---------------------------
ID: 29
Address: https://1.2.3.4/access/servlet/blabla.atk123
Encoding: UTF-8
Content-Type: text/xml
Headers: {Accept=[*/*], SOAPAction=["Blablaaction/ATK123.Execute"]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ATK123.Execute xmlns="Blabla"><Usrid>WA</Usrid><Usrpwd>54321</Usrpwd><Ultautid>9999</Ultautid></ATK123.Execute></soap:Body></soap:Envelope>
--------------------------------------
pool-1-thread-1, setSoTimeout(30000) called
pool-1-thread-1, WRITE: TLSv1 Application Data, length = 321
pool-1-thread-1, WRITE: TLSv1 Application Data, length = 262
pool-1-thread-1, READ: TLSv1 Application Data, length = 483
pool-1-thread-1, READ: TLSv1 Application Data, length = 16148
pool-1-thread-1, READ: TLSv1 Application Data, length = 282
%% Invalidated: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
pool-1-thread-1, SEND TLSv1 ALERT: fatal, description = bad_record_mac
pool-1-thread-1, WRITE: TLSv1 Alert, length = 22
pool-1-thread-1, called closeSocket()
pool-1-thread-1, handling exception: javax.net.ssl.SSLException: bad record MAC
2011-11-16 12:32:38,511 WARN PhaseInterceptorChain: Interceptor for {Blabla}ATK123#{Blabla}Execute has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: bad record MAC
at org.apache.cxf.interceptor.LoggingInInterceptor.logging(LoggingInInterceptor.java:144)
at org.apache.cxf.interceptor.LoggingInInterceptor.handleMessage(LoggingInInterceptor.java:73)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:797)
.... (more stuff)
Unfortunately, I don't have possibilities to modify or debug the endpoint at the server.
What could be causing this?
How can I isolate and fix this behavior?
If you are getting a lot of bad packets due to some fault in your network it can happen that a bad packet will at random survive the 32-bit TCP checksum. About 1 in 4 billion bad packets will slip by TCP. Once this packet is delivered to SSL it will generate a bad record MAC for sure, because the SSL Mac is 96 bits in size.
If this is the cause, the only solution is improve the network.
Note that, in general, this is a very unlikely cause of a bad record MAC. Even a network with faulty hardware that generates bad packets is unlikely to generate them with correct IP and TCP metadata such that the packets are actually passed to the socket corresponding to the TLS connection.
This isn't related to Java, it is an SSL/TLS failure:
20 Bad record MAC fatal Possibly a bad SSL implementation, or payload
has been tampered with e.g. FTP firewall rule
on FTPS server.
It probably has something to do with the SSL implementation and the amount of data that is being sent being too big, I doubt it is random.