Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

RTC Login with Java API when RTC Server uses SSL Certificates

Hello,

I have to login into our RTC server via java API,
I've been working first in a Sandbox RTC where login was successfull, but when I tried to move to the production RTC the login fails because that RTC uses ssl certificates to access.

So my question is how should be the code to login when RTC access has ssl certicates?

Following is part of the code I currently have (it is groovy) where first I check if URL is recheable and then performs the connection.
Thanks a lot for the help:

def loginRTC(repositoryUri, user, passwd, mon = null){

 println "\tChecking if specified address '" + repositoryUri + "' with provided user '" + user + "' and password '" + passwd + "' is reachable...."
 
 def resType = urlIsReachable(repositoryUri, 5000, user, passwd)
 println "\tResult Type is: " + resType.getClass()
 
 if(!(resType instanceof HttpURLConnection)){
  println "\tSpecified address is unreachable. It might be because that server is not up or specified credentials are incorrect or doesn't have sufficent permissons."
  return -1
 }else{
  println "\tSpecified address is reachable."
 }
 
 try {
  TeamPlatform.startup();
 
  ITeamRepository repository = TeamPlatform.getTeamRepositoryService().getTeamRepository(repositoryUri)
  repository.registerLoginHandler(new ILoginHandler2() {
   @Override
   public ILoginInfo2 challenge(ITeamRepository arg0) {
    return new UsernameAndPasswordLoginInfo(user, passwd)
   }
  });
  repository.login(mon)
  
  return repository
 }
 catch (Exception e) {
     println "\tError message is: " + e.getCause() + ", String: " + e.getCause().toString()
  return -1
 }
}

def urlIsReachable(Uri, timeout = 0, username = "", password = ""){
 def authString = (username + ":" + password).getBytes().encodeBase64().toString()

 def conn = Uri.toURL().openConnection()
 conn.setRequestProperty( "Authorization", "Basic ${authString}" )
 
 println "\tSetting timeout to: " + timeout
 conn.setConnectTimeout(timeout)
 println "\tNow the timeout is: " + conn.getConnectTimeout()
 
 try{
  //def objData = urlConnect.getContent()
  println "\tresponse Code is: " + conn.responseCode
  if(conn.responseCode == 200) {
   println "\tConnection was successful...."
   return conn
  }else if(conn.responseCode == 401) {
   println "\tConnection was unauthorized...."
   return "UNAUTHORIZED"
  }else {
   println "\tConnection result was other...."
   return "OTHER"
  }
  
 } catch (Exception e) {             
        println "\tError message is: " + e.getMessage()
        return "UNREACHABLE"
    }
}

1 vote

Comments

Did you add SSL certificate into your <JAVA_HOME>/lib/security/cacerts file? 

Thanks a lot for the comment.
I could figure out a solution similar but adding the certificate in another path.
I will detail the explanation in the following response.

Thank you very much.



One answer

Permanent link

I could find a solution that works for my case:

My script is a groovy script which is run by an application under tomcat. This script tries to connect into RTC but the RTC server has self SSL Certicates.
So first I got the certificate from the Firefox Mozila and then I used the keytool (Java tool) to import that certificate into a custom certificate database named for example 'certificateDatabaseRtcTomcat.jks'.
The command I run is:
keytool -import -trustcacerts -alias <any alias> -file <path to the certificate> -keystore certificateDatabaseRtcTomcat.jks

After that, I added the value -Djavax.net.ssl.trustStore=/path/to/certificateDatabaseRtcTomcat.jks as part of the CATALINA_OPTS in the tomcat/bin/catalina.sh
It is something like that:
export CATALINA_OPTS="-Djavax.net.ssl.trustStore=/path/to/certificateDatabaseRtcTomcat.jks"
Of course, then restart the Tomcat.

After this, my application when run the groovy script, it can connect successfully to the RTC Server with SSL Certificate.

Regards.

PS: Also as Joseph Mao mentioned in the prior comment, maybe the certificate could be imported directly to the Java database certificate <JAVA_HOME>/lib/security/cacerts instead of a custom database certificate as I did, with that maybe it would not be necessary to specify the path in the CATALINA_OPTS of tomcat, since <JAVA_HOME>/lib/security/cacerts is the default one.

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 10,941
× 478
× 411
× 171

Question asked: Oct 09 '13, 5:31 p.m.

Question was seen: 9,048 times

Last updated: Oct 10 '13, 9:30 p.m.

Confirmation Cancel Confirm