I am trying to convert the following curl call to a Java call
curl --verbose --cert bobauth.crt --key bobauth.key https://test1.mobileticket.se/api/v1/auth/andreas
A call to Curl works as I expect, but when I try to make the same call in java, I get error messages. However, this is exactly how I tried to do this; I do not know if this is the best approach.
The bobauth certificate was created using the following command. This is the same bobauth that is used in the curl call.
openssl req -new -x509 -sha256 -days 1000 \
-newkey rsa:2048 -nodes -keyout bobauth.key \
-subj "/CN=anders@clonecorps.com" -out bobauth.crt
Then I create a java key store with the following code.
openssl pkcs12 -export -name myservercert -in bobauth.crt -inkey bobauth.key -out keystore.p12
keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert
This is the Java code that I put together that does not work fully.
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
java.io.FileInputStream fis = null;
try {
fis = new java.io.FileInputStream("mykeystore.jks");
keyStore.load(fis, "password".toCharArray());
} finally {
if (fis != null) {
fis.close();
}
}
SSLContext sslcontext = SSLContexts.custom()
.loadKeyMaterial(keyStore, "password".toCharArray())
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
CloseableHttpClient client = HttpClients.custom()
.setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
.setSSLSocketFactory(sslsf)
.build();
HttpGet httpGet = new HttpGet("https://test1.mobileticket.se/api/v1/auth/andreas");
CloseableHttpResponse response = client.execute(httpGet);
String responseString = new BasicResponseHandler().handleResponse(response);
//Close and return
client.close();
}
catch(IOException e){
log.info("IOException: " + e.getMessage());
}catch(Exception e){
log.info("Exception: " + e.getMessage());
}
When I run this code, I get the following error message
IOException: sun.security.validator.ValidatorException: PKIX : sun.security.provider.certpath.SunCertPathBuilderException:
, -, , , , .
API, bobauth.crt, .
, . openssl s_client -connect test1.mobileticket.se/api/v1/auth/andreas:443 -showcerts
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let Encrypt, CN = Let Encrypt Authority X3
verify return:1
depth=0 CN = test1.mobileticket.se
verify return:1
---
Certificate chain
0 s:/CN=test1.mobileticket.se
i:/C=US/O=Let Encrypt/CN=Let Encrypt Authority X3
-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----
1 s:/C=US/O=Let Encrypt/CN=Let Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=test1.mobileticket.se
issuer=/C=US/O=Let Encrypt/CN=Let Encrypt Authority X3
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 3060 bytes and written 475 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: B08AD5731BAA93949683F40D6BD0189C346AF455D84985932E891768B63E94C1
Session-ID-ctx:
Master-Key: 7C3EBFA054F4B5C351D3F6579777BF479405529B67AC3590C76B630D39598C118D4439267B06333574C77320108A4CCB
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1501852200
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
closed