0

I have written a piece of code which needs to post to an online form on a specified URL. The SSL of the site is a self signing SSL Certificate. I have tried everything but keep getting a file not found exception. When I specify the URL to the Certificate must it point to the exact location of the .crt file?

Please look at the code below and please guide me in the right direction:

public static byte[] doPost(String urlString, HashMap<String, String> postData, String certificateName) throws Exception
{
    byte[] result = null;

    // Load CAs from an InputStream
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    InputStream CAInput = new BufferedInputStream(new FileInputStream(certificateName));
    Certificate certificate;

    certificate = certificateFactory.generateCertificate(CAInput);
    Dev.debug("Certificate: " + ((X509Certificate)certificate).getSubjectDN());
    CAInput.close();

    // Create Keystore containing our trusted certificates
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);
    keyStore.setCertificateEntry("tss_certificate", certificate);

    // Create a TrustManager that trusts the CA in our KeyStore
    String algorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
    tmf.init(keyStore);

    // Create an SSLContext that uses our TrustManager
    SSLContext context = SSLContext.getInstance("TLS");
    context.init(null, tmf.getTrustManagers(), null);

    // Create URL and connection
    // The url string is "keystore.crt"
    URL url = new URL(urlString);
    HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();

    // Set connection properties
    connection.setSSLSocketFactory(context.getSocketFactory());
    connection.setRequestMethod("POST");
    connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    connection.setDoOutput(true);
    connection.setDoInput(true);

    // Create an output stream and write encoded data to the stream
    byte[] output = HttpPost.postEncode(postData).getBytes();
    OutputStream out = new BufferedOutputStream(connection.getOutputStream());
    out.write(output);
    out.flush();

    // Write to input stream
    if (connection.getResponseCode() == HttpURLConnection.HTTP_OK)
    {
        InputStream in = connection.getInputStream();
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        byte[] buffer = new byte[1024];
        int read;
        while ((read = in.read()) > -1) baos.write(buffer, 0, read);
        result = baos.toByteArray();
    }

    connection.disconnect();

    return result;
}

Here is the stacktrace:

06-07 20:16:09.445 2382-4296/techss.fitmentmanager W/System.err: java.io.FileNotFoundException: keystore: open failed: ENOENT (No such file or directory)
06-07 20:16:09.445 2382-4296/techss.fitmentmanager W/System.err:     at libcore.io.IoBridge.open(IoBridge.java:452)
06-07 20:16:09.445 2382-4296/techss.fitmentmanager W/System.err:     at java.io.FileInputStream.<init>(FileInputStream.java:76)
06-07 20:16:09.446 2382-4296/techss.fitmentmanager W/System.err:     at java.io.FileInputStream.<init>(FileInputStream.java:103)
06-07 20:16:09.446 2382-4296/techss.fitmentmanager W/System.err:     at techss.app_lib.HttpPostCert.doPost(HttpPostCert.java:34)
06-07 20:16:09.446 2382-4296/techss.fitmentmanager W/System.err:     at techss.fitmentmanager.jobcard.jobcard_steps.JobCardStepSelectStateStaticAsset$2$override.run(JobCardStepSelectStateStaticAsset.java:104)
06-07 20:16:09.446 2382-4296/techss.fitmentmanager W/System.err:     at techss.fitmentmanager.jobcard.jobcard_steps.JobCardStepSelectStateStaticAsset$2$override.access$dispatch(JobCardStepSelectStateStaticAsset.java)
06-07 20:16:09.446 2382-4296/techss.fitmentmanager W/System.err:     at techss.fitmentmanager.jobcard.jobcard_steps.JobCardStepSelectStateStaticAsset$2.run(JobCardStepSelectStateStaticAsset.java:0)
06-07 20:16:09.449 2382-4296/techss.fitmentmanager W/System.err: Caused by: android.system.ErrnoException: open failed: ENOENT (No such file or directory)
06-07 20:16:09.449 2382-4296/techss.fitmentmanager W/System.err:     at libcore.io.Posix.open(Native Method)
06-07 20:16:09.449 2382-4296/techss.fitmentmanager W/System.err:     at libcore.io.BlockGuardOs.open(BlockGuardOs.java:186)
06-07 20:16:09.449 2382-4296/techss.fitmentmanager W/System.err:     at libcore.io.IoBridge.open(IoBridge.java:438)
06-07 20:16:09.449 2382-4296/techss.fitmentmanager W/System.err:    ... 6 more
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:328)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.internal.http.SocketConnector.connectTls(SocketConnector.java:103)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.Connection.connect(Connection.java:143)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:185)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.internal.http.HttpEngine.nextConnection(HttpEngine.java:341)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:248)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:433)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:384)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:231)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at techss.app_lib.CSVFile.importCsv(CSVFile.java:19)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at techss.fitmentmanager.jobcard.jobcard_steps.JobCardStepSelectStateStaticAsset$1.run(JobCardStepSelectStateStaticAsset.java:72)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:219)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:115)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:556)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:    ... 14 more
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:    ... 20 more
Owen Nel
  • 367
  • 3
  • 9
  • 21

1 Answers1

0

You are receiving SSL exceptions, so I think that you are trying to download your cert from an untrusted host (or self signed). If you want to do that you have two options: -Trust all certificates (this is not recommended because you are exposed to attackers). -Trust your self signed certificate only. If you want to trust all certs, here is a way to do that (not recommended). If you want to accept only your certificate then you can download it manually and install or if you want to do it by code, then you this answer might help you.

Community
  • 1
  • 1
josemgu91
  • 719
  • 4
  • 8
  • Thank you for the quick reply but I am doing exactly what the 2nd example says. I am creating a keystore but it is throwing a `FileNotFoundException` on the keystore file I am trying to access. I have a keystore file on my server and I am trying to access the certs in that file but the file is not found that was part of the question. Must the path be to that file location or will it be picked up by the server? I do not wish to take step 1 to guard from attacks that is specifically why there are certificates. – Owen Nel Jun 07 '16 at 21:54
  • Are you trying to pick the cert file from a thrusted server? (Does the server has a valid cert?) – josemgu91 Jun 07 '16 at 22:18
  • Yes I am trying to pick the cert from a server. The server has a valid self signed cert within a KeyStore file. – Owen Nel Jun 08 '16 at 08:42
  • But the server from which you are downloading the certificate file has a valid certificate? – josemgu91 Jun 08 '16 at 13:29
  • Yes it does, I fixed it by opening an http port on the server. Not the way I wanted to do it but yeah – Owen Nel Jun 09 '16 at 15:41