1

I am attempting to upload a file to web service that is running over SSL using HttpBuilder. I'm doing this from a Gradle build file but I don't believe it really matters. The web service is part of a Grails app, but again, don't think that matters.

My grails app is running over SSL locally using a cert generated by grails when you tell it to run over https. My code that works locally is as follows:

def http = new groovyx.net.http.HTTPBuilder( 'https://localhost:8443/' )

//=== SSL UNSECURE CERTIFICATE ===
def sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, [ new X509TrustManager() {
  public X509Certificate[] getAcceptedIssuers() {null }
  public void checkClientTrusted(X509Certificate[] certs, String authType) { }
  public void checkServerTrusted(X509Certificate[] certs, String authType) { }
} ] as TrustManager[], new SecureRandom())
def sf = new SSLSocketFactory(sslContext)
def httpsScheme = new Scheme("https", sf, 8443)
http.client.connectionManager.schemeRegistry.register( httpsScheme )

http.request( groovyx.net.http.Method.POST, groovyx.net.http.ContentType.JSON ) { req ->
    uri.path = '/a/admin/runtime/upload'
    uri.query = [ username: "username", password: "password", version: version]
    requestContentType = 'multipart/form-data'
    org.apache.http.entity.mime.MultipartEntity entity = new org.apache.http.entity.mime.MultipartEntity()
    def file = new File("file.zip")
    entity.addPart("runtimeFile", new org.apache.http.entity.mime.content.ByteArrayBody(file.getBytes(), 'file.zip'))
    req.entity = entity
}

All that garbage at the top is some code I found that allows HttpBuilder to work with self signed certs. And this is actually working locally. HttpBuilder docs say that most of the time, SSL should "just work". So my code for doing this over SSL with a legit purchased certification is as follows:

def http = new groovyx.net.http.HTTPBuilder( 'https://www.realserver.com/' )

http.request( groovyx.net.http.Method.POST, groovyx.net.http.ContentType.JSON ) { req ->
    uri.path = '/a/admin/runtime/upload'
    uri.query = [ username: "username", password: "password" ]
    requestContentType = 'multipart/form-data'
    org.apache.http.entity.mime.MultipartEntity entity = new org.apache.http.entity.mime.MultipartEntity()
    def file = new File("file.zip")
    entity.addPart("runtimeFile", new org.apache.http.entity.mime.content.ByteArrayBody(file.getBytes(), 'file.zip'))
    req.entity = entity
}

When I run this I get the following error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Any tips or suggestions would be much appreciated.

Gregg
  • 34,973
  • 19
  • 109
  • 214

1 Answers1

0

This is probably because the service is using self-signed certificate for HTTPS. To interact with it correctly, you should import it to the cacerts file of your JRE using keytool. An example command looks like this:

keytool -import -alias serviceCertificate -file ServiceSelfSignedCertificate.cer -keystore {path/to/jre/lib/security/cacerts}
Alexander Tokarev
  • 2,743
  • 2
  • 20
  • 21