javasslrallyapache-httpclient-4.xsslhandshakeexception

SSLHandshakeException with Rally rest api


The query function in the api is failing with the following exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

To counter this exception, I manually downloaded the certificate and imported it to cacerts and everything works as excepted. But the validity duration of this certificate has been set to a few days making this solution nonviable.

For the test purpose, I have created a trust strategy to allow all certificates but I do not find a way to integrate it with Rest Api. I'm using HttpClient 4.4.

How do I get past this issue? Thanks.


Solution

  • You wrote that you want to find a way to allow all certificates, and use HttpClient with Rally Rest Toolkit for Java. Here is how you can access HttpClient from restApi:

    HttpClient client = restApi.getClient();
    

    Here is an example that trusts all certs, e.g. self-signed certs:

    public class ConnnectionTestWithHTTPClient {
    
        public static void main(String[] args) throws URISyntaxException, IOException {
    
    
            String host = "https://rally1.rallydev.com";
            String apiKey = "_abc123";
            String applicationName = "Connnection Test With HTTPClient";
            RallyRestApi restApi = new RallyRestApi(new URI(host),apiKey);
            restApi.setApplicationName(applicationName); 
            //restApi.setProxy(new URI("http://myproxy.mycompany.com"), "MyProxyUsername", "MyProxyPassword");  //YOUR PROXY SETTINGS HERE
            HttpClient client = restApi.getClient();
            try {
                SSLSocketFactory sf = new SSLSocketFactory(new TrustStrategy() {
                    public boolean isTrusted(X509Certificate[] certificate, String authType)
                        throws CertificateException {
                        //trust all certs
                        return true;
                    }
                }, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
                client.getConnectionManager().getSchemeRegistry().register(new Scheme("https", 443, sf));
    
                String workspaceRef = "/workspace/12345"; 
                GetRequest getRequest = new GetRequest(workspaceRef);
                GetResponse getResponse = restApi.get(getRequest);
                System.out.println(getResponse.getObject());
            } catch (Exception e) {
                System.out.println(e);
            } finally {
                restApi.close();
            }   
        } 
    }