Unable to call HTTPS API using Promise WS API of play framework 2.2.3

[Vijay Patil]

Hi,

I am trying to call HTTP REST service using simple play client (Promise API) but I am getting SSLHandShakeException. Placing error trace at the end.

1. I have one application say Demo which is deployed in tomcat 8. This tomcat is SSL enabled by updating server.xml and providing proper keystore path and password.

2. I have created a client using play framework 2.2.3 which is used to call REST API of a application (Demo) which is deployed in tomcat of same machine say in localhost.

3. I have created proper certificates as well and imported that too in cacerts of Java. Here is the URL which I used to generate certificates. http://shreyaskothari.blogspot.in/

4. I tried same program using java HTTPURLConnection API in play controller (Application.java), its working properly.But when I am using Promise and WS APIs of play framework its giving exception.

I read most of the documents provided for configuring SSL for play framework but most of them for higher version of play framework like 2.3+ 

Below is code used to call REST API Hello of Demo application:

<Java code>

Promise<WS.Response> promise1 = WS.url("https://localhost:8443/Demo/Hello").setContentType("text/xml; charset=UTF-8").get();

Response res = promise1.get(60000);

StringWriter writer = new StringWriter();

response = writer.toString();

writer = null;

</Java code>

I have tried several things to solve this issue like below

1. Used below properties in application.conf file

play.server.protocol = https

play.server.http.port = 9000

play.server.https.port = 9443

play.server.https.keyStore = "client keystore path"

play.server.https.keyStorePassword = password

2. Did all the steps provided in below URL.

URL: https://www.playframework.com/documentation/1.1.1/releasenotes-1.1#https

3. Used below properties in application.conf file

play.ws.ssl {

keyManager = {

  stores = [

    { type = "JKS", path = "client keystore path", password = "password" }

  ]

}

}

4. Tried with setting https related properties in System before API call. Below is the code used to set properties in System.

String certificatesTrustStorePath = "C:\\Program Files\\Java\\jre7\\lib\\security\\cacerts";

System.setProperty("javax.net.ssl.trustStore",certificatesTrustStorePath);

System.setProperty("javax.net.ssl.keyStore","client keystore path");

System.setProperty("javax.net.ssl.keyStorePassword", "password"); 

System.setProperty("javax.net.ssl.keyStoreType", "JCEKS");

5. Also tried different ways provided in google like setting java options and other properties but none of the solution worked for me.

Does anybody have any idea on this? Am I missing something? Please let me know if anyone has any idea about this or any similar issue.

Thanks in advance.

Software Details:

Play: Version 2.2.3

Java: JDK1.8

Tomcat: Version 8

Exception Trace:

java.net.ConnectException: General SSLEngine problem to https://localhost:8443/Demo/Hello

        at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:103)

        at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427)

        at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:413)

        at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:380)

        at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1417)

        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1293)

        at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:913)

        at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)

        at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:310)

        at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)

        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

        at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109)

        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312)

        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90)

        at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

        at java.lang.Thread.run(Unknown Source)

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

        at sun.security.ssl.Handshaker.checkThrown(Unknown Source)

        at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)

        at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source)

        at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)

        at javax.net.ssl.SSLEngine.unwrap(Unknown Source)

        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1225)

        at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:913)

        at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)

        at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:310)

        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

        at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109)

        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312)

        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90)

        at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

        ... 3 more

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

        at sun.security.ssl.Alerts.getSSLException(Unknown Source)

        at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

        at sun.security.ssl.Handshaker.processLoop(Unknown Source)

        at sun.security.ssl.Handshaker$1.run(Unknown Source)

        at sun.security.ssl.Handshaker$1.run(Unknown Source)

        at java.security.AccessController.doPrivileged(Native Method)

        at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)

        at org.jboss.netty.handler.ssl.SslHandler$4.run(SslHandler.java:1365)

        at org.jboss.netty.handler.ssl.ImmediateExecutor.execute(ImmediateExecutor.java:31)

        at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1362)

        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1249)

        ... 13 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

        at sun.security.validator.Validator.validate(Unknown Source)

        at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)

        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

        ... 24 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)

        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)

        at java.security.cert.CertPathBuilder.build(Unknown Source)

        ... 30 more

[Igmar Palsenberg]

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Tomdat doesn't provide the CA intermediate certificates. Either fix tomcat, or WSClient to disable some if it's security checks : https://www.playframework.com/documentation/2.5.x/LooseSSL

Igmar 

[Vijay Patil]

Thanks for reply. I have tried with looseSSL configuration (I used property name used for play framework 2.2) but same issue is coming. The link you shared is for play framework 2.5.

Do you have any link related with play framework 2.2.3?

[Igmar Palsenberg]

Op maandag 1 mei 2017 14:17:59 UTC+2 schreef Vijay Patil:

Thanks for reply. I have tried with looseSSL configuration (I used property name used for play framework 2.2) but same issue is coming. The link you shared is for play framework 2.5.

Do you have any link related with play framework 2.2.3?

It's probably 

ws.acceptAnyCertificate=true

 

Igmar

[Vijay Patil]

Yes. In play framework 2.2.3 property name is ws.acceptAnyCertificate.

But after using this property in application.conf I am getting same SSLHandShakeException.