springssl-certificateresttemplateweblogic-10.xjava-5

Default SSL context init failed: SunX509 KeyManagerFactory not available


I have an exception when I try to do a post call using restTemplate from my local app hosted on weblogic 10 to an authentication service

I've tried many things like using TLSv1.2 with java 5 (using BouncyCastle provider) by :

  1. Adding the option -DUseSunHttpHandler=true
  2. Installing the required certifications
  3. Adding bcprov-jdk15on-1.60.jar to the jdk
  4. And this to the java.security :
security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.3=sun.security.rsa.SunRsaSign

At the end I have this exception :

org.springframework.web.client.ResourceAccessException: I/O error: Default SSL context init failed: SunX509 KeyManagerFactory not available; nested exception is java.net.SocketException: Default SSL context init failed: SunX509 KeyManagerFactory not available
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:453)
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:401)
    at org.springframework.web.client.RestTemplate.postForEntity(RestTemplate.java:302)
...
Caused by: java.net.SocketException: Default SSL context init failed: SunX509 KeyManagerFactory not available
    at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:163)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:372)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
    at org.springframework.http.client.SimpleClientHttpRequest.executeInternal(SimpleClientHttpRequest.java:58)
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:52)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:438)
    ... 22 more

Solution

  • I've found the missed parts of my configuration to success my post calls :

    In addition of using TLSv1.2 above, I had to have this in the java.security file of the JDK :

    security.provider.1=sun.security.provider.Sun
    security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
    security.provider.3=sun.security.rsa.SunRsaSign
    security.provider.4=com.sun.net.ssl.internal.ssl.Provider
    security.provider.5=com.sun.crypto.provider.SunJCE
    security.provider.6=sun.security.jgss.SunProvider
    security.provider.7=com.sun.security.sasl.Provider
    

    And then got this error when tested my code :

    Caused by: java.lang.ArrayIndexOutOfBoundsException: 64

    To fix this I've added the https.cipherSuites param as below :

    System.setProperty("https.cipherSuites", "SSL_RSA_WITH_3DES_EDE_CBC_SHA");
    

    You can either put this when starting the app : -Dhttps.cipherSuites="SSL_RSA_WITH_3DES_EDE_CBC_SHA"

    PS: Pay attention! https.cipherSuites is supported in HttpsURLConnection (in case youy use RestTemplate)

    Then it just worked :D