2

I am trying to run a local groovy scipt for testing which works fine on prod server but on local I am getting SSL error as :

Caught: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java_net_URLConnection$getOutputStream$1.call(Unknown Source)
    at url.processRequest(url.groovy:8)
    at url$processRequest.callCurrent(Unknown Source)
    at url.run(url.groovy:17)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    ... 7 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    ... 7 more

What workaround can I do to remove SSL verification in local groovy script?The line whihc gives error:

def post = new URL("https://abc.deg.com").openConnection();
Improve this question

1 Answer 1

Reset to default
1

You can cast the connection to a HttpsUrlConnection and inject an unsafe trustmanager which does not validate anything. In that way you will remove all SSL verifications. I do not recommend this as it is unsafe, but here is the snippet which you can use:

UnsafeTrustManager

import javax.net.ssl.HttpsURLConnection
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLEngine
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.TrustManager
import javax.net.ssl.X509ExtendedTrustManager
import java.security.cert.CertificateException
import java.security.cert.X509Certificate

class UnsafeTrustManager extends X509ExtendedTrustManager {

    @Override
    void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {}

    @Override
    void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {}

    @Override
    void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {}

    @Override
    void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {}

    @Override
    void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {}

    @Override
    void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {}

    @Override
    X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0]
    }

}

Usage

def sslContext = SSLContext.getInstance("TLS")
sslContext.init(null, new TrustManager[]{new UnsafeTrustManager()}, null)
def sslSocketFactory = sslContext.getSocketFactory()

def post = (HttpsURLConnection) new URL("https://abc.deg.com").openConnection()
post.setSSLSocketFactory(sslSocketFactory)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.