Without SSL/TLS
github.com/rjlfinn/java-http-server
With SSL/TLS
Simple Java HTTPS server
Java Network Programming, 4th Edition
SSL Handshake Failures
Do javax.net.ssl.* VM arguments need to be migrated to jakarta.net.ssl.*?
How does Javas KeyManagerFactory.init work with multiple keys
What is SunX509 used for and can it work with parties using IbmX509?
What is the difference of TrustManager PKIX and SunX509?
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://localhost:8585/testOne": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- because of self-signed cert???
“PKIX path building failed” and “unable to find valid certification path to requested target”
Accept server’s self-signed ssl certificate in Java client
Keytool’s -storepass vs. -keypass — Why 2 passwords?
In case we get the error “javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target while establishing the SSL connection”, it indicates that we don’t have the public certificate of the server which we’re trying to connect in the Java truststore.
$ find /c/Program\ Files/choco/openjdk-jdk-17 -name "*cacert*" /c/Program Files/choco/openjdk-jdk-17/lib/security/cacerts $ keytool -list -v -keystore /c/Program\ Files/choco/openjdk-jdk-17/lib/security/cacerts Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 111 entries [...] $ pwd /c/gitRepositories/SimpleWebServer/src/main/resources $ keytool -list -v -keystore keystore.jks -storepass pass_for_self_signed_cert Keystore type: PKCS12 Keystore provider: SUN Your keystore contains 1 entry Alias name: selfsigned Creation date: Nov 25, 2024 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT Issuer: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT Serial number: f771d2346ba5c42b Valid from: Mon Nov 25 15:31:14 CET 2024 until: Sun Feb 23 15:31:14 CET 2025 Certificate fingerprints: SHA1: DA:6D:B0:C4:F4:6E:65:45:AB:3E:AC:C3:9B:AD:25:30:B6:AD:21:CF SHA256: 81:94:78:29:23:13:1B:73:B3:D2:5A:B1:5B:24:77:85:34:F1:FD:BA:92:F6:34:12:DC:4F:88:50:7F:1B:3A:51 Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 4D 9B 90 29 EB 60 D7 7F 21 28 46 B2 FA 8E 58 5C M..).`..!(F...X\ 0010: D9 23 F1 98 .#.. ] ] ******************************************* ******************************************* $ keytool -import -v -trustcacerts -alias localhost-2 -file localhost.crt -keystore /c/Program\ Files/choco/openjdk-jdk-17/lib/security/cacerts -storepass changeit -keypass changeit Owner: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT Issuer: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT Serial number: f771d2346ba5c42b Valid from: Mon Nov 25 15:31:14 CET 2024 until: Sun Feb 23 15:31:14 CET 2025 Certificate fingerprints: SHA1: DA:6D:B0:C4:F4:6E:65:45:AB:3E:AC:C3:9B:AD:25:30:B6:AD:21:CF SHA256: 81:94:78:29:23:13:1B:73:B3:D2:5A:B1:5B:24:77:85:34:F1:FD:BA:92:F6:34:12:DC:4F:88:50:7F:1B:3A:51 Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 4D 9B 90 29 EB 60 D7 7F 21 28 46 B2 FA 8E 58 5C M..).`..!(F...X\ 0010: D9 23 F1 98 .#.. ] ] Trust this certificate? [no]: yes Certificate was added to keystore [Storing C:/Program Files/choco/openjdk-jdk-17/lib/security/cacerts] keytool error: java.io.FileNotFoundException: C:\Program Files\choco\openjdk-jdk-17\lib\security\cacerts (Access is denied) java.io.FileNotFoundException: C:\Program Files\choco\openjdk-jdk-17\lib\security\cacerts (Access is denied) at java.base/java.io.FileOutputStream.open0(Native Method) at java.base/java.io.FileOutputStream.open(FileOutputStream.java:293) at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:235) at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:123) at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1375) at java.base/sun.security.tools.keytool.Main.run(Main.java:423) at java.base/sun.security.tools.keytool.Main.main(Main.java:416) (admin) $ keytool -import -v -trustcacerts -alias localhost-2 -file localhost.crt -keystore /c/Program\ Files/choco/openjdk-jdk-17/lib/security/cacerts -storepass changeit -keypass changeit Owner: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT Issuer: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT Serial number: f771d2346ba5c42b Valid from: Mon Nov 25 15:31:14 CET 2024 until: Sun Feb 23 15:31:14 CET 2025 Certificate fingerprints: SHA1: DA:6D:B0:C4:F4:6E:65:45:AB:3E:AC:C3:9B:AD:25:30:B6:AD:21:CF SHA256: 81:94:78:29:23:13:1B:73:B3:D2:5A:B1:5B:24:77:85:34:F1:FD:BA:92:F6:34:12:DC:4F:88:50:7F:1B:3A:51 Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 4D 9B 90 29 EB 60 D7 7F 21 28 46 B2 FA 8E 58 5C M..).`..!(F...X\ 0010: D9 23 F1 98 .#.. ] ] Trust this certificate? [no]: yes Certificate was added to keystore [Storing C:/Program Files/choco/openjdk-jdk-17/lib/security/cacerts]
Reading from an SSL input stream (Java)
How to tell if Java SSLSocket has data available?
There is no way to do this. Your streams cannot tell you the length of the data without first decrypting it. available() will always return 0 for SSLSocket.
sslsocket read only once from inputstream,why?
Getting an InputStream from an SSLSocket
available() doesn’t do what you think it does; don’t rely on it. For SSLSockets, available() is even less reliable. From the JSSE Ref Guide:
“Implementation Note: Due to the complexity of the SSL and TLS protocols, it is difficult to predict whether incoming bytes on a connection are handshake or application data, and how that data might affect the current connection state (even causing the process to block). In the Sun JSSE implementation, the available() method on the object obtained by SSLSocket.getInputStream() returns a count of the number of application data bytes successfully decrypted from the SSL connection but not yet read by the application.”
My experience is that this generally maps to “0”.