Skip to content

Instantly share code, notes, and snippets.

@andymc12

andymc12/TestSSLwithStores.java

Last active May 10, 2019 20:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save andymc12/25e7a4e445a1bc7e284717b3c1bf6f9a to your computer and use it in GitHub Desktop.
Save andymc12/25e7a4e445a1bc7e284717b3c1bf6f9a to your computer and use it in GitHub Desktop.
Download ZIP
When running this against the HttpServer in the MP Rest Client 1.3 TCK, I get the following exception:
Raw
TestSSLwithStores.java
import java.io.*;
import java.net.*;
import java.security.*;
import javax.net.ssl.*;
public class TestSSLwithStores {
private static String TEST_URL = "https://localhost:8948";
private static String SSL_DIR = "/path/to/microprofile-rest-client/tck/src/main/resources/ssl/";
public static void main(String[] args) throws Throwable {
InputStream keyStream = new FileInputStream(SSL_DIR + "client.keystore");
InputStream trustStream = new FileInputStream(SSL_DIR + "client.truststore");
char[] password = "password".toCharArray();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(keyStream, password);
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(trustStream, password);
KeyManagerFactory keyFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, password);
KeyManager[] keyManagers = keyFactory.getKeyManagers();
TrustManagerFactory trustFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
TrustManager[] trustManagers = trustFactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManagers, trustManagers, null);
SSLContext.setDefault(sslContext);
URL url = new URL(TEST_URL);
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.connect();
System.out.println(connection.getResponseCode());
}
}
@andymc12
Copy link
Author

andymc12 commented May 9, 2019
edited

I built the TestSSLWithStores class using guidance from: https://stackoverflow.com/questions/8339200/how-can-i-use-certificate-authentication-with-httpsurlconnection

Here is the exception I see when running this agains the HttpsServer in the MP Rest Client 1.3 TCK:

Exception in thread "main" javax.net.ssl.SSLException: readHandshakeRecord
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1072)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
	at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:163)
	at TestSSLwithStores.main(TestSSLwithStores.java:38)
Caused by: java.net.SocketException: Broken pipe (Write failed)
	at java.base/java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:110)
	at java.base/java.net.SocketOutputStream.write(SocketOutputStream.java:150)
	at java.base/sun.security.ssl.SSLSocketOutputRecord.flush(SSLSocketOutputRecord.java:251)
	at java.base/sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:89)
	at java.base/sun.security.ssl.Finished$T13FinishedProducer.onProduceFinished(Finished.java:664)
	at java.base/sun.security.ssl.Finished$T13FinishedProducer.produce(Finished.java:643)
	at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
	at java.base/sun.security.ssl.Finished$T13FinishedConsumer.onConsumeFinished(Finished.java:969)
	at java.base/sun.security.ssl.Finished$T13FinishedConsumer.consume(Finished.java:848)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
	... 5 more

When I test this with Apache CXF, I see these tests fail with essentially the same stack trace:

[INFO] Results:
[INFO] 
[ERROR] Failures: 
[ERROR]   SslContextTest>Arquillian.run:138->shouldSucceedMutualSslWithValidSslContext:65 » Processing
[ERROR]   SslMutualTest>Arquillian.run:138->shouldWorkWithClientSignature:121 » Processing
[ERROR]   SslMutualTest>Arquillian.run:138->shouldWorkWithClientSignatureCDI:143 » Processing
[ERROR]   SslMutualTest>Arquillian.run:138->shouldWorkWithClientSignatureFromClasspathCDI:148 » Processing

Note that the line number may be off somewhat, as I added the following code to the tests to allow me time to try running the standalone test case above:

System.out.println("ANDY: try it now: https://localhost:8948/");
        try {
            Thread.sleep(60000);
        }
        catch (Throwable t) {
            t.printStackTrace();
        }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment