From this source: RESTAssured - use .pfx certificate for https call
I created below.
#Test
void testPfxKey() {
// Source: https://stackoverflow.com/questions/42235588/restassured-use-pfx-certificate-for-https-call
FileInputStream instream1=null;
KeyStore keyStore=null;
org.apache.http.conn.ssl.SSLSocketFactory lSchemeSocketFactory=null;
try {
instream1 = new FileInputStream(new File("C:/Path/To/pfxfile.pfx"));
keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(instream1, "pfxfilepwd".toCharArray());
X509HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
lSchemeSocketFactory = new org.apache.http.conn.ssl.SSLSocketFactory(keyStore, "pfxfilepwd");
lSchemeSocketFactory.setHostnameVerifier(hostnameVerifier);
} catch (Exception e) {
e.printStackTrace();
}
RestAssured.config = RestAssured.config().sslConfig(new SSLConfig().with().sslSocketFactory(lSchemeSocketFactory).and().allowAllHostnames().relaxedHTTPSValidation());
RestAssured.given().
contentType("application/json").
headers(
"Subscription-Key", "key-value",
"Accept-Encoding", "gzip,deflate"
);
Response response = RestAssured.get("https://endpoint.net/resource/path");
System.out.println(response.getStatusCode());
}
response.getStatusCode() always returns 401. I am expecting a 200. I have checked keyfile path, password and also the enpoint. All seem to be OK. When I run use ReadyAPI then I get a response. Please advice how to resolve this issue. Thanks you all!
I found this issue! I need to send headers with each request. Also .relaxedHTTPSValidation() should NOT be used in this case. We are in fact providing certificates that should be authenticated! Below code works:
#Test
void testPfxKey() {
FileInputStream instream1 = null;
KeyStore keyStore = null;
org.apache.http.conn.ssl.SSLSocketFactory lSchemeSocketFactory = null;
try {
instream1 = new FileInputStream(new File("C:/Path/To/pfxfile.pfx"));
keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(instream1, "pfxfilepwd".toCharArray());
X509HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
lSchemeSocketFactory = new org.apache.http.conn.ssl.SSLSocketFactory(keyStore, "pfxfilepwd");
lSchemeSocketFactory.setHostnameVerifier(hostnameVerifier);
} catch (Exception e) {
e.printStackTrace();
}
RestAssured.config = RestAssured.config().sslConfig(new SSLConfig().with().sslSocketFactory(lSchemeSocketFactory).and().allowAllHostnames());
System.out.println(
RestAssured.given().
contentType("application/json").
headers(
"Subscription-Key", "key-value",
"Accept-Encoding", "gzip,deflate"
)
.get("https://endpoint.net/resource/path")
.getStatusCode()
);
}
Related
I have tried to establish https connection. I have loaded trustStore and password through following code:
HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
String path = "/path to trust store";
String password = "password of trust store";
KeyStore keyStore = KeyStore.getInstance("p12");
InputStream inputStream = new FileInputStream(path);
keyStore.load(inputStream,password.toCharArray());
httpClientBuilder.setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom().loadTrustMaterial((TrustStrategy) keyStore).build()));
CloseableHttpClient httpClient = httpClientBuilder.build();
HttpGet request = new HttpGet(this.backendUrl + url);
request.addHeader("Accept", "application/json");
String responseString = null;
try {
HttpResponse response = httpClient.execute(request);
if (logger.isDebugEnabled()) {
logger.debug("Request successful for " + url);
}
responseString = EntityUtils.toString(response.getEntity(), "UTF-8");
} catch (IllegalStateException e) {
logger.error("The response is empty ");
} catch (NullPointerException e) {
logger.error("Bad request to the URL");
} catch (IOException e) {
logger.error("mke");
}
I got an error in browser as:
The character encoding of the plain text document was not declared.
The document will render with garbled text in some browser configurations
if the document contains characters from outside the US-ASCII range.
The character encoding of the file needs to be declared in the
transfer protocol or file needs to use a byte order
mark as an encoding signature.
Scenario, I'm dealing with a Webserver that it is a mess (no I do not control this part, I have to play the game, this was coded by one of the biggest software vendors in the world)
By default, the webserver has 2 SSL services, each one of those might have a totally different SSL Certificate
Certificate A
Signature Algorithm: sha1WithRSAEncryption
RSA Key Strength: 1024
Subject: *.dummy.nodomain
Issuer: *.dummy.nodomain
Certificate B
Signature Algorithm: sha1WithRSAEncryption
RSA Key Strength: 2048
Subject: vhcalnplcs_NPL_01
Issuer: root_NPL
Following the examples of this page
public List<String> doPostWithSSL(String direction, String dataToSend, String contentType, boolean OverrideSecurityVerifications) {
try {
URL url = new URL(direction);
List<String> webcontent = new ArrayList();
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("Host", getHostByUrl(direction));
conn = new UserAgentsLibrary().getRandomUserAgent(conn);
if (contentType != null) {
conn.setRequestProperty("Content-Type", contentType);
} else {
conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
}
conn.setDoOutput(true);
if (OverrideSecurityVerifications) {
try {
TrustManager[] trustAllCerts;
trustAllCerts = new TrustManager[]{new X509TrustManager() {
#Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
#Override
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
}
#Override
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
}
}};
// We want to override the SSL verifications
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, trustAllCerts, null);
SSLSocketFactory factory = ctx.getSocketFactory();
conn.setDefaultSSLSocketFactory(ctx.getSocketFactory());
HostnameVerifier allHostsValid = (String hostname1, SSLSession session) -> true;
conn.setDefaultHostnameVerifier(allHostsValid);
conn.setSSLSocketFactory(factory);
} catch (KeyManagementException kex) {
System.out.println("[+] Error bypassing SSL Security " + kex.getMessage());
} catch (NoSuchAlgorithmException nsex) {
System.out.println("[+] Error forgeting TLS " + nsex.getMessage());
}
}
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write(dataToSend);
wr.flush();
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String line;
while ((line = rd.readLine()) != null) { //todo+=line+"\n";
webcontent.add(line);
}
wr.close();
rd.close();
return webcontent;
} catch (MalformedURLException mex) {
System.out.println("[+] Error: I received a malformed URL");
return null;
} catch (SSLHandshakeException sslex) {
System.out.println("[+] Error: SSL Handshake Error!" + sslex.getMessage());
return null;
} catch (IOException ioex) {
System.out.println("[+] Error: Input/Output Error!" + ioex.getMessage());
return null;
}
}
I was able to make my program work with certificate B (no issue here) but I cannot make it to work with certificate A (I suspect that the * is causing me trouble)
Things to consider
This is a sample code, do not look for irrelevant details ;)
Yes, I know that this code is vulnerable to MITM attacks and the user is being warned
No, I do not want to add the certificates to my keystore!
I'm using pure J2EE code, I do not wish to use anything that it is not standard
I would like to find a solution that will work for Windows, Mac and Linux
Someone had to have this issue in the past, could you lend me a hand?
I was too tired yesterday.
Replaced conn.setDefaultHostnameVerifier(allHostsValid);
by conn.setHostnameVerifier(allHostsValid);
And now even the cert with the wildcard works!
We are getting SSL peer unverified error while fetching the access token from Lifelog api. I am able to get the authcode, but when i am trying to get access token, it is giving me SSL peer error. It works fine with few device, but most of the device it is giving SSL error.
private void getAccessToken(final String authCode)
{
final String finalUrl = String.format("https://platform.lifelog.sonymobile.com/oauth/2/token?client_id=%s&client_secret=%s&code=%s",CLIENT_ID,CLIENT_SECRET,authCode);
Thread networkThread = new Thread(new Runnable() {
public void run() {
try {
HttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost(finalUrl);
// Add your data
ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(4);
nameValuePairs.add(new BasicNameValuePair("client_id", CLIENT_ID));
nameValuePairs.add(new BasicNameValuePair("client_secret", CLIENT_SECRET));
nameValuePairs.add(new BasicNameValuePair("grant_type", "authorization_code"));
nameValuePairs.add(new BasicNameValuePair("code", authCode));
AbstractHttpEntity ent=new UrlEncodedFormEntity(nameValuePairs, HTTP.UTF_8);
ent.setContentType("application/x-www-form-urlencoded; charset=UTF-8");
post.setEntity(ent);
// Execute HTTP Post Request
HttpResponse response =null;
try {
response = client.execute(post);
Log.d("Response:" , response.toString());
} catch (IOException e) {
e.printStackTrace();
}
String dataObject = response.toString();
JSONObject obj;
if(dataObject != null) {
obj = null;
try {
String json_string = EntityUtils.toString(response.getEntity());
// displayToast(json_string);
obj = new JSONObject(json_string);
SharedPreferences prefs =getSharedPreferences("Myprefs", Context.MODE_PRIVATE);
prefs.edit().putString("Access_token", obj.getString("access_token"));
// prefs.edit().putString(AUTH_REFRESH_TOKEN, obj.getString(AUTH_REFRESH_TOKEN));
} catch (JSONException e) {
e.printStackTrace();
}
}
} catch (IOException e) {
// TODO Auto-generated catch block
}
}
});
networkThread.start(); }
The problem may be with your use of HttpClient. It looks like Google has removed support for this call in Android 6.0.
http://developer.android.com/about/versions/marshmallow/android-6.0-changes.html#behavior-apache-http-client
You should be able to use HttpsURLConnection instead of Httpclient to access the Lifelog Web Service.
I'm using google-oauth-client, I was able to use on Android 5.x with this initialization for
import com.google.api.client.http.HttpTransport;
private void initializeSocketFactory() {
if (Build.VERSION.SDK_INT >= 23) {
HTTP_TRANSPORT = new NetHttpTransport();
} else {
//Android 5 and bellow needs this SSL Socket factory initialization
try {
SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(null, null, null);
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
NetHttpTransport.Builder netTransportBuilder = new NetHttpTransport.Builder();
netTransportBuilder.setSslSocketFactory(socketFactory);
HTTP_TRANSPORT = netTransportBuilder.build();
} catch (NoSuchAlgorithmException | KeyManagementException e) {
Log.e(LOG_TAG, "Problem instantiating cipher for ssl socket", e);
}
}
}
You use HTTP_TRANSPORT to instantiate:
import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
Can someone explain to me whether following code is correct to download a certificate ties to a specific person in java? I am getting an exception as "unknown protocol: ldaps".
public void downloadCert() {
String urlStr="ldaps://aServerSomeWhere:636/cn=doe%20john,ou=personnel,o=comany123,c=us?caCertificate;binary";
URL url = null;
try {
url = new URL(urlStr);
URLConnection con = url.openConnection();
InputStream is = con.getInputStream();
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)certFactory.generateCertificate(is);
System.out.println("getVersion: " + cert.getVersion());
} catch (Exception e) {
System.out.println(e.getMessage());
}
}
No it isn't correct. There is no handler for the LDAPS: protocol in the URL/URLConnection system.
You can use JNDI to get the caCertificate attribute of that user, via DirContext.getAttributes().
How do you set the socket buffer size in Apache HttpClient version 4.3.3?
HttpClient client = new DefaultHttpClient();
client.getParams().setParameter(CoreConnectionPNames.SOCKET_BUFFER_SIZE, 128 * 1024);
HttpPost post = new HttpPost(url);
String res = null;
try
{
post.addHeader("Connection", "Keep-Alive");
post.addHeader("Content-Name", selectedFile.getName());
post.setEntity(new ByteArrayEntity(fileBytes));
HttpResponse response = client.execute(post);
res = EntityUtils.toString(response.getEntity());
}
catch (Exception e)
{
e.printStackTrace();
}
You create a custom ConnectionConfig object with your desired buffer size and pass it as a parameter when creating your HttpClient object. For example:
ConnectionConfig connConfig = ConnectionConfig.custom()
.setBufferSize(DESIRED_BUFFER_SIZE)
.build();
try (CloseableHttpClient client = HttpClients.custom()
.setDefaultConnectionConfig(connConfig)
.build()) {
HttpGet get = new HttpGet("http://google.com");
try (CloseableHttpResponse response = client.execute(get)) {
// Do something with the response
} catch (IOException e) {
System.err.println("Error transferring file: " + e.getLocalizedMessage());
}
} catch (IOException e) {
System.err.println("Error connecting to server: " + e.getLocalizedMessage());
}
There are lots of other configurable options available, checkout the API for the full list.