{"id":14672,"date":"2024-11-25T14:14:37","date_gmt":"2024-11-25T14:14:37","guid":{"rendered":"https:\/\/blog.bachi.net\/?p=14672"},"modified":"2024-11-25T17:28:19","modified_gmt":"2024-11-25T17:28:19","slug":"java-simple-http-server","status":"publish","type":"post","link":"https:\/\/blog.bachi.net\/?p=14672","title":{"rendered":"Java Simple HTTP Server"},"content":{"rendered":"<h3>Without SSL\/TLS<\/h3>\n<p><a href=\"https:\/\/github.com\/rjlfinn\/java-http-server\">github.com\/rjlfinn\/java-http-server<\/a><\/p>\n<h3>With SSL\/TLS<\/h3>\n<p><a href=\"https:\/\/stackoverflow.com\/questions\/2308479\/simple-java-https-server\">Simple Java HTTPS server<\/a><br \/>\n<a href=\"https:\/\/www.cafeaulait.org\/books\/jnp4\/\">Java Network Programming, 4th Edition<\/a><br \/>\n<a href=\"https:\/\/www.baeldung.com\/java-ssl-handshake-failures\">SSL Handshake Failures<\/a><\/p>\n<p><a href=\"https:\/\/stackoverflow.com\/questions\/76255670\/do-javax-net-ssl-vm-arguments-need-to-be-migrated-to-jakarta-net-ssl\">Do javax.net.ssl.* VM arguments need to be migrated to jakarta.net.ssl.*?<\/a><br \/>\n<a href=\"https:\/\/stackoverflow.com\/questions\/41765507\/how-does-javas-keymanagerfactory-init-work-with-multiple-keys\">How does Javas KeyManagerFactory.init work with multiple keys<\/a><br \/>\n<a href=\"https:\/\/stackoverflow.com\/questions\/10073202\/what-is-sunx509-used-for-and-can-it-work-with-parties-using-ibmx509\">What is SunX509 used for and can it work with parties using IbmX509?<\/a><br \/>\n<a href=\"https:\/\/security.stackexchange.com\/questions\/83372\/what-is-the-difference-of-trustmanager-pkix-and-sunx509\">What is the difference of TrustManager PKIX and SunX509?<\/a><\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\norg.springframework.web.client.ResourceAccessException: I\/O error on POST request for &quot;https:\/\/localhost:8585\/testOne&quot;: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\r\n<\/pre>\n<ul>\n<li>because of self-signed cert???<\/li>\n<\/ul>\n<p><a href=\"https:\/\/stackoverflow.com\/questions\/21076179\/pkix-path-building-failed-and-unable-to-find-valid-certification-path-to-requ\">&#8220;PKIX path building failed&#8221; and &#8220;unable to find valid certification path to requested target&#8221;<\/a><br \/>\n<a href=\"https:\/\/stackoverflow.com\/questions\/2893819\/accept-servers-self-signed-ssl-certificate-in-java-client\">Accept server&#8217;s self-signed ssl certificate in Java client<\/a><br \/>\n<a href=\"https:\/\/stackoverflow.com\/questions\/5954459\/keytools-storepass-vs-keypass-why-2-passwords\">Keytool&#8217;s -storepass vs. -keypass &#8212; Why 2 passwords?<\/a><\/p>\n<p><a href=\"https:\/\/www.baeldung.com\/java-ssl\">Introduction to SSL in Java<\/a><\/p>\n<blockquote><p>In case we get the error \u201cjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target while establishing the SSL connection\u201d, it indicates that we don\u2019t have the public certificate of the server which we\u2019re trying to connect in the Java truststore.<\/p><\/blockquote>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ find \/c\/Program\\ Files\/choco\/openjdk-jdk-17 -name &quot;*cacert*&quot;\r\n\/c\/Program Files\/choco\/openjdk-jdk-17\/lib\/security\/cacerts\r\n\r\n$ keytool -list -v -keystore  \/c\/Program\\ Files\/choco\/openjdk-jdk-17\/lib\/security\/cacerts\r\nEnter keystore password:\r\nKeystore type: JKS\r\nKeystore provider: SUN\r\n\r\nYour keystore contains 111 entries\r\n&#x5B;...]\r\n\r\n$ pwd\r\n\/c\/gitRepositories\/SimpleWebServer\/src\/main\/resources\r\n\r\n$ keytool -list -v -keystore keystore.jks -storepass pass_for_self_signed_cert\r\nKeystore type: PKCS12\r\nKeystore provider: SUN\r\n\r\nYour keystore contains 1 entry\r\n\r\nAlias name: selfsigned\r\nCreation date: Nov 25, 2024\r\nEntry type: PrivateKeyEntry\r\nCertificate chain length: 1\r\nCertificate&#x5B;1]:\r\nOwner: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT\r\nIssuer: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT\r\nSerial number: f771d2346ba5c42b\r\nValid from: Mon Nov 25 15:31:14 CET 2024 until: Sun Feb 23 15:31:14 CET 2025\r\nCertificate fingerprints:\r\n         SHA1: DA:6D:B0:C4:F4:6E:65:45:AB:3E:AC:C3:9B:AD:25:30:B6:AD:21:CF\r\n         SHA256: 81:94:78:29:23:13:1B:73:B3:D2:5A:B1:5B:24:77:85:34:F1:FD:BA:92:F6:34:12:DC:4F:88:50:7F:1B:3A:51\r\nSignature algorithm name: SHA256withRSA\r\nSubject Public Key Algorithm: 2048-bit RSA key\r\nVersion: 3\r\n\r\nExtensions:\r\n\r\n#1: ObjectId: 2.5.29.14 Criticality=false\r\nSubjectKeyIdentifier &#x5B;\r\nKeyIdentifier &#x5B;\r\n0000: 4D 9B 90 29 EB 60 D7 7F   21 28 46 B2 FA 8E 58 5C  M..).`..!(F...X\\\r\n0010: D9 23 F1 98                                        .#..\r\n]\r\n]\r\n\r\n\r\n\r\n*******************************************\r\n*******************************************\r\n\r\n$ keytool -import -v -trustcacerts -alias localhost-2 -file localhost.crt -keystore \/c\/Program\\ Files\/choco\/openjdk-jdk-17\/lib\/security\/cacerts -storepass changeit -keypass changeit\r\nOwner: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT\r\nIssuer: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT\r\nSerial number: f771d2346ba5c42b\r\nValid from: Mon Nov 25 15:31:14 CET 2024 until: Sun Feb 23 15:31:14 CET 2025\r\nCertificate fingerprints:\r\n         SHA1: DA:6D:B0:C4:F4:6E:65:45:AB:3E:AC:C3:9B:AD:25:30:B6:AD:21:CF\r\n         SHA256: 81:94:78:29:23:13:1B:73:B3:D2:5A:B1:5B:24:77:85:34:F1:FD:BA:92:F6:34:12:DC:4F:88:50:7F:1B:3A:51\r\nSignature algorithm name: SHA256withRSA\r\nSubject Public Key Algorithm: 2048-bit RSA key\r\nVersion: 3\r\n\r\nExtensions:\r\n\r\n#1: ObjectId: 2.5.29.14 Criticality=false\r\nSubjectKeyIdentifier &#x5B;\r\nKeyIdentifier &#x5B;\r\n0000: 4D 9B 90 29 EB 60 D7 7F   21 28 46 B2 FA 8E 58 5C  M..).`..!(F...X\\\r\n0010: D9 23 F1 98                                        .#..\r\n]\r\n]\r\n\r\nTrust this certificate? &#x5B;no]:  yes\r\nCertificate was added to keystore\r\n&#x5B;Storing C:\/Program Files\/choco\/openjdk-jdk-17\/lib\/security\/cacerts]\r\nkeytool error: java.io.FileNotFoundException: C:\\Program Files\\choco\\openjdk-jdk-17\\lib\\security\\cacerts (Access is denied)\r\njava.io.FileNotFoundException: C:\\Program Files\\choco\\openjdk-jdk-17\\lib\\security\\cacerts (Access is denied)\r\n        at java.base\/java.io.FileOutputStream.open0(Native Method)\r\n        at java.base\/java.io.FileOutputStream.open(FileOutputStream.java:293)\r\n        at java.base\/java.io.FileOutputStream.&lt;init&gt;(FileOutputStream.java:235)\r\n        at java.base\/java.io.FileOutputStream.&lt;init&gt;(FileOutputStream.java:123)\r\n        at java.base\/sun.security.tools.keytool.Main.doCommands(Main.java:1375)\r\n        at java.base\/sun.security.tools.keytool.Main.run(Main.java:423)\r\n        at java.base\/sun.security.tools.keytool.Main.main(Main.java:416)\r\n\r\n\r\n(admin)\r\n$ keytool -import -v -trustcacerts -alias localhost-2 -file localhost.crt -keystore \/c\/Program\\ Files\/choco\/openjdk-jdk-17\/lib\/security\/cacerts -storepass changeit -keypass changeit\r\nOwner: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT\r\nIssuer: CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT\r\nSerial number: f771d2346ba5c42b\r\nValid from: Mon Nov 25 15:31:14 CET 2024 until: Sun Feb 23 15:31:14 CET 2025\r\nCertificate fingerprints:\r\n         SHA1: DA:6D:B0:C4:F4:6E:65:45:AB:3E:AC:C3:9B:AD:25:30:B6:AD:21:CF\r\n         SHA256: 81:94:78:29:23:13:1B:73:B3:D2:5A:B1:5B:24:77:85:34:F1:FD:BA:92:F6:34:12:DC:4F:88:50:7F:1B:3A:51\r\nSignature algorithm name: SHA256withRSA\r\nSubject Public Key Algorithm: 2048-bit RSA key\r\nVersion: 3\r\n\r\nExtensions:\r\n\r\n#1: ObjectId: 2.5.29.14 Criticality=false\r\nSubjectKeyIdentifier &#x5B;\r\nKeyIdentifier &#x5B;\r\n0000: 4D 9B 90 29 EB 60 D7 7F   21 28 46 B2 FA 8E 58 5C  M..).`..!(F...X\\\r\n0010: D9 23 F1 98                                        .#..\r\n]\r\n]\r\n\r\nTrust this certificate? &#x5B;no]:  yes\r\nCertificate was added to keystore\r\n&#x5B;Storing C:\/Program Files\/choco\/openjdk-jdk-17\/lib\/security\/cacerts]\r\n\r\n\r\n<\/pre>\n<p><a href=\"https:\/\/stackoverflow.com\/questions\/33637330\/reading-from-an-ssl-input-stream-java\">Reading from an SSL input stream (Java)<\/a><\/p>\n<p><a href=\"https:\/\/stackoverflow.com\/questions\/26320624\/how-to-tell-if-java-sslsocket-has-data-available\">How to tell if Java SSLSocket has data available?<\/a><\/p>\n<blockquote><p>There is no way to do this. Your streams cannot tell you the length of the data without first decrypting it. available() will always return 0 for SSLSocket.<\/p><\/blockquote>\n<p><a href=\"https:\/\/stackoverflow.com\/questions\/39782711\/sslsocket-read-only-once-from-inputstream-why\">sslsocket read only once from inputstream,why?<\/a><\/p>\n<p><a href=\"https:\/\/forums.oracle.com\/ords\/apexds\/post\/getting-an-inputstream-from-an-sslsocket-1679\">Getting an InputStream from an SSLSocket<\/a><\/p>\n<blockquote><p>available() doesn&#8217;t do what you think it does; don&#8217;t rely on it. For SSLSockets, available() is even less reliable. From the JSSE Ref Guide:<\/p>\n<p>&#8220;Implementation Note: Due to the complexity of the SSL and TLS protocols, it is difficult to predict whether incoming bytes on a connection are handshake or application data, and how that data might affect the current connection state (even causing the process to block). In the Sun JSSE implementation, the available() method on the object obtained by SSLSocket.getInputStream() returns a count of the number of application data bytes successfully decrypted from the SSL connection but not yet read by the application.&#8221;<\/p>\n<p>My experience is that this generally maps to &#8220;0&#8221;.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Without SSL\/TLS github.com\/rjlfinn\/java-http-server With SSL\/TLS Simple Java HTTPS server Java Network Programming, 4th Edition SSL Handshake Failures Do javax.net.ssl.* VM arguments need to be migrated to jakarta.net.ssl.*? How does Javas KeyManagerFactory.init work with multiple keys What is SunX509 used for and can it work with parties using IbmX509? What is the difference of TrustManager PKIX [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14672","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/14672","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14672"}],"version-history":[{"count":12,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/14672\/revisions"}],"predecessor-version":[{"id":14674,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/14672\/revisions\/14674"}],"wp:attachment":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14672"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14672"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14672"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}