Open david-sackstein opened 3 years ago
I have also posted a question on stack overflow on this matter: https://stackoverflow.com/questions/64807755/how-can-i-configure-the-path-to-a-truststore-when-using-the-fuel-kotlin-library
I did successfully configure my own truststore, in Kotlin on OpenJVM 11, this way:
FuelManager.instance.keystore = trustStore
After that, running Fuel.post(...)
indeed uses this truststore and stops failing.
Thank you! Would you mind also sharing the code that sets up the custom truststore? Thanks again
Le ven. 4 déc. 2020 à 10:27, Tom J notifications@github.com a écrit :
I did successfully configure my own truststore, in Kotlin on OpenJVM 11, this way:
FuelManager.instance.keystore = trustStore
After that, running Fuel.post(...) indeed uses this truststore and stops failing.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/kittinunf/fuel/issues/782#issuecomment-738641234, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADRZGYA724HX7KAYDPBCWZ3STCMOXANCNFSM4TVFZPAA .
Very roughly - refactored to remove custom stuff but not re-tested. You pass it path to the trust store file.
fun getKeyStore(filePath: String, pass: CharArray): KeyStore {
val file = File(filePath)
if (!file.exists()) throw FileNotFoundException(filePath)
val keyStore = KeyStore.getInstance("PKCS12")
keyStore.load(FileInputStream(file), pass)
return keyStore
}
Do you think we need an action from the library's (Fuel) side then?
I'd say this could be documented somewhere, it's a common usecase in larger deployments to use custom certs.
On Sat, 5 Dec 2020, 13:57 Kittinun Vantasin, notifications@github.com wrote:
Do you think we need an action from the library's (Fuel) side then?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/kittinunf/fuel/issues/782#issuecomment-739247695, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQDZEPSZLBNH4PBLHYVAOTSTIU4RANCNFSM4TVFZPAA .
Good idea. Alrighty, then I will open a PR and ask for your review if you don't mind. Thanks!
Is this now documented somewhere? I am having the same issue with:
val fuel = FuelManager().also {
val keyStore = KeyStore.getInstance(KeyStore.getDefaultType())
keyStore.load(this::class.java.classLoader.getResourceAsStream(keyStoreCertificate), keystorePassword.toCharArray())
it.keystore = keyStore
}
I don't want to use:
FuelManager.instance.keystore = trustStore
as that would influence other fuel calls.
EDIT1: I tried the FuelManager.instance.keystore
and it does not work for me either.
EDIT2: I needed to pass password to the SocketFactory with:
…
val sslContext = SSLContext.getInstance("TLS")
val keyMngFactory = KeyManagerFactory.getInstance("SunX509")
keyMngFactory.init(keyStore, keystorePassword.toCharArray())
sslContext.init(keyMngFactory.keyManagers, null, null)
it.socketFactory = sslContext.socketFactory
Bug Report
Description
I am writing a client for a web site that supports one-sided SSL (TLS).
That is, the site does not require that my client presents a certificate to authenticate itself, but it does provide a certificate to enable my client to authenticate the site.
This requires that the certificate presented by the server is signed by a certificate that has been imported into a trust store on the client machine.
Documentation that I have read claims that Java client libraries look for the trust store at $JAVA_HOME/jre/lib/security/cacerts.
This does not seem to working with the Fuel library.
To Reproduce
keytool -trustcacerts -keystore "$JAVA_HOME/jre/lib/security/cacerts" -storepass changeit -importcert -file "server.crt"
and verify that keytool reports that the certificate was successfully imported.PKIX path building failed ... unable to find valid certification path to requested target
Expected behavior
The call over https should return with code 200
Environment
Additional context
A reasonable solution for my problem would be to allow external configuration or configuration through code to configure the location of the truststore that the library will look in for validating server certificates.