Downloading a file over https over java

Question

Hi, Here is a code that I copied from the web

/**
 * A simple example that uses HttpClient to perform a GET using Basic
 * Authentication. Can be run standalone without parameters.
 *
 * You need to have JSSE on your classpath for JDK prior to 1.4
 *
 * @author Michael Becke
 */
public class BasicAuthenticationExample {

    /**
     * Constructor for BasicAuthenticatonExample.
     */
    public BasicAuthenticationExample() {
        super();
    }

    public static void main(String[] args) throws Exception {
        HttpClient client = new HttpClient();

       client.getState().setCredentials(
                new AuthScope("login.website.com", 443),
                new UsernamePasswordCredentials("login id", "password")
                );

        GetMethod get = new GetMethod(
                "https://url to the file");

        get.setDoAuthentication( true );

        try {
            // execute the GET
            int status = client.executeMethod( get );

            // print the status and response
            System.out.println(status + "\n" + 
                    get.getResponseBodyAsString());

        } finally {
            // release any connection resources used by the method
            get.releaseConnection();
        }
    }
}

now because of the line

            int status = client.executeMethod( get );

I get the following error

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at BasicAuthenticationExample.main(BasicAuthenticationExample.java:38)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 24 more

Now the reason for this error is of course that the certificate sent by my server is not already in my list of trusted certificates. My question is how to get the certificate into the trusted list.

Thanks Pranabesh

Answer 1

You can use keytool import.

Answer 2

This page seems to answer your question: Adding Certificates to your Java Keystore

It references Andres Sterbenz's InstallCert & explanation blog post.

You might not want to actually add the certificate in your trusted store, if it's only for testing. So you can also disable certificate validation.

Answer 3

You will need a keystore that contains the certificate to trust. You can use Java's keytool command to do that. There are a few ways to do this:

• Add it to the default Java keystore (.keystore in your home directory or user directory on Windows)
• Set the system property javax.net.ssl.trustStore to the location of an alternate keystore (something like java -Djavax.net.ssl.trustStore=/path/to/keystore)
• Build your own SSLSocketFactory implementation that can load a keystore any way you want (this is definitely the most complicated)

A keystore is just a file that contains keys and/or certificates that can be used for various things, in this case a certificate that your application will need to trust. Keytool can be used as follows:

keytool -importcert -file /path/to/certificate/file -keystore /path/to/keystore

For other command-line options, just run

keytool -help