Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fuel fails to validate server certificates even after the CA is imported into the truststore

See original GitHub issue

Bug Report

Description

I am writing a client for a web site that supports one-sided SSL (TLS).

That is, the site does not require that my client presents a certificate to authenticate itself, but it does provide a certificate to enable my client to authenticate the site.

This requires that the certificate presented by the server is signed by a certificate that has been imported into a trust store on the client machine.

Documentation that I have read claims that Java client libraries look for the trust store at $JAVA_HOME/jre/lib/security/cacerts.

This does not seem to working with the Fuel library.

To Reproduce

Create a SSL web site with a self signed certificate.
Import the certificate into the JAVA default truststore like so: keytool -trustcacerts -keystore "$JAVA_HOME/jre/lib/security/cacerts" -storepass changeit -importcert -file "server.crt" and verify that keytool reports that the certificate was successfully imported.
Reboot the machine to make sure that the JVM is restarted and picks up the change.
Create a client using the Fuel kotlin library and make a call to the site over SSL (https)
The call fails with an exception: PKIX path building failed ... unable to find valid certification path to requested target
The following code for the client attempts to explicitly load the truststore into a FuelManager instance, but using that instance still results in the same error:

private fun createFuelManager(): FuelManager {
   return FuelManager().apply {
     val ks: KeyStore = KeyStore.getInstance("JKS")
     ks.load(FileInputStream(<path to truststore.jks>), "changeit".toCharArray())

     // sets the keystore field of the new FuelManager

     keystore = ks 
  }
}

Expected behavior

The call over https should return with code 200

Environment

OS: Windows 10 and Ubuntu
IDE: Intellij
Fuel version: 2.3.0
Kotlin version: 1.4

Additional context

A reasonable solution for my problem would be to allow external configuration or configuration through code to configure the location of the truststore that the library will look in for validating server certificates.

Issue Analytics

State:
Created 3 years ago
Comments:8 (2 by maintainers)

Top GitHub Comments

1reaction

kittinunfcommented, Dec 8, 2020

Good idea. Alrighty, then I will open a PR and ask for your review if you don’t mind. Thanks!

1reaction

tomholubcommented, Dec 4, 2020

Very roughly - refactored to remove custom stuff but not re-tested. You pass it path to the trust store file.

    fun getKeyStore(filePath: String, pass: CharArray): KeyStore {
            val file = File(filePath)
            if (!file.exists()) throw FileNotFoundException(filePath)
            val keyStore = KeyStore.getInstance("PKCS12")
            keyStore.load(FileInputStream(file), pass)
            return keyStore
    }