Search code examples
javasslrallyapache-httpclient-4.xsslhandshakeexception

SSLHandshakeException with Rally rest api

The query function in the api is failing with the following exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

To counter this exception, I manually downloaded the certificate and imported it to cacerts and everything works as excepted. But the validity duration of this certificate has been set to a few days making this solution nonviable.

For the test purpose, I have created a trust strategy to allow all certificates but I do not find a way to integrate it with Rest Api. I'm using HttpClient 4.4.

How do I get past this issue? Thanks.

Solution

  • You wrote that you want to find a way to allow all certificates, and use HttpClient with Rally Rest Toolkit for Java. Here is how you can access HttpClient from restApi:

    HttpClient client = restApi.getClient();

    Here is an example that trusts all certs, e.g. self-signed certs:

    public class ConnnectionTestWithHTTPClient {

    public static void main(String[] args) throws URISyntaxException, IOException {


        String host = "https://rally1.rallydev.com";
        String apiKey = "_abc123";
        String applicationName = "Connnection Test With HTTPClient";
        RallyRestApi restApi = new RallyRestApi(new URI(host),apiKey);
        restApi.setApplicationName(applicationName); 
        //restApi.setProxy(new URI("http://myproxy.mycompany.com"), "MyProxyUsername", "MyProxyPassword");  //YOUR PROXY SETTINGS HERE
        HttpClient client = restApi.getClient();
        try {
            SSLSocketFactory sf = new SSLSocketFactory(new TrustStrategy() {
                public boolean isTrusted(X509Certificate[] certificate, String authType)
                    throws CertificateException {
                    //trust all certs
                    return true;
                }
            }, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            client.getConnectionManager().getSchemeRegistry().register(new Scheme("https", 443, sf));

            String workspaceRef = "/workspace/12345"; 
            GetRequest getRequest = new GetRequest(workspaceRef);
            GetResponse getResponse = restApi.get(getRequest);
            System.out.println(getResponse.getObject());
        } catch (Exception e) {
            System.out.println(e);
        } finally {
            restApi.close();
        }   
    } 
}