javassl-certificatehttpsurlconnectionunknown-hostsslsocketfactory

UnknownHostException on HttpsURLConnection with SSLSocketFactory


I'm trying to consume an API, but I need to upload a certificate to consume it.

This is what I've been trying to consume the API. In this method I open the connection for the consumption of the API:

public static String consumeAPI() {
  String respAPI = "";
  String param = "some_param";
  String user = "user";
  String pswrd = "pass";
  try {
    SSLSocketFactory ssl = createSSLSocketFactory("path_of_cert");
    URL url = new URL("https://api-dir.com.es:8080/api");
    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
    conn.setSSLSocketFactory(ssl);
    conn.setDoOutput(true);
    conn.setRequestMethod("POST");
    conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    conn.setRequestProperty("Authorization", "Basic " + Base64.getEncoder().encodeToString((user + ":" + pswrd).getBytes(StandardCharsets.UTF_8)));
    conn.setConnectTimeout(APIUtils.TIMEOUT);
    try (OutputStream os = conn.getOutputStream()) {
      os.write(parametros.getBytes(StandardCharsets.UTF_8));
      os.flush();
      if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
        try (BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream(), StandardCharsets.UTF_8))) {
          StringBuilder result = new StringBuilder();
          String auxStr;
          while ((auxStr = br.readLine()) != null) {
            result.append(auxStr);
          }
          respAPI = result.toString();
        }
      }
    }
    return respAPI;
  }
  catch(IOException | ClassCastException | IllegalStateException | IllegalArgumentException e) {
    e.printStackTrace();
    return null;
  }
}

And this is the method that generates the SSLSocketFactory with the certificate loaded:

private static SSLSocketFactory createSSLSocketFactory(String certPath) {
  try {
    try (InputStream in =APIUtils.class.getResourceAsStream(certPath)) {
      Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate( in );
      KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
      keyStore.load(null);
      keyStore.setCertificateEntry("certalias", certificate);
      TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      trustManagerFactory.init(keyStore);
      SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
      sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
      return sslContext.getSocketFactory();
    }
  }
  catch(CertificateException | KeyStoreException | NoSuchAlgorithmException | IOException | KeyManagementException e) {
    e.printStackTrace();
    return null;
  }
}

But it is throwing java.net.UnknownHostException, here is the error trace:

java.net.UnknownHostException: api-dir.com.es
        at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:567)
        at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
        at java.base/java.net.Socket.connect(Socket.java:633)
        at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:304)
        at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:178)
        at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:532)
        at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:637)
        at java.base/sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:266)
        at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:380)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:193)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1242)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1128)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:179)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1430)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1401)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:220)
        at deployment.regional.war//com.ekt.regional.web.api.SomeAPI.consumeAPI(SomeAPI.java:49)

I made sure that the API url is correct and that we have the permissions to access it.

It is worth mentioning that the certificate is a .crt file and is for the development environment.


Solution

  • This is DNS resolution error

    Does the API call requires proxy ? you may have to add http proxy in your call .

    depending on the os you can run on windows

    ping  api-dir.com.es 
    or tracert api-dir.com.es   
    

    or linux

    traceroute api-dir.com.es  
    

    to see if you have connectivity to this service/api

    or try to provide direct IP of api-dir.com.es instead of the name in the URL

    or try to create entry of the IP In your host file

    linux

    /etc/host
    

    windows

    c:\Windows\System32\Drivers\etc\hosts
    

    with entry as

    api-dir.com.es ip address