RTC Login with Java API when RTC Server uses SSL Certificates
Hello,
I have to login into our RTC server via java API,
I've been working first in a Sandbox RTC where login was successfull, but when I tried to move to the production RTC the login fails because that RTC uses ssl certificates to access.
So my question is how should be the code to login when RTC access has ssl certicates?
Following is part of the code I currently have (it is groovy) where first I check if URL is recheable and then performs the connection.
Thanks a lot for the help:
def loginRTC(repositoryUri, user, passwd, mon = null){
println "\tChecking if specified address '" + repositoryUri + "' with provided user '" + user + "' and password '" + passwd + "' is reachable...."
def resType = urlIsReachable(repositoryUri, 5000, user, passwd)
println "\tResult Type is: " + resType.getClass()
if(!(resType instanceof HttpURLConnection)){
println "\tSpecified address is unreachable. It might be because that server is not up or specified credentials are incorrect or doesn't have sufficent permissons."
return -1
}else{
println "\tSpecified address is reachable."
}
try {
TeamPlatform.startup();
ITeamRepository repository = TeamPlatform.getTeamRepositoryService().getTeamRepository(repositoryUri)
repository.registerLoginHandler(new ILoginHandler2() {
@Override
public ILoginInfo2 challenge(ITeamRepository arg0) {
return new UsernameAndPasswordLoginInfo(user, passwd)
}
});
repository.login(mon)
return repository
}
catch (Exception e) {
println "\tError message is: " + e.getCause() + ", String: " + e.getCause().toString()
return -1
}
}
def urlIsReachable(Uri, timeout = 0, username = "", password = ""){
def authString = (username + ":" + password).getBytes().encodeBase64().toString()
def conn = Uri.toURL().openConnection()
conn.setRequestProperty( "Authorization", "Basic ${authString}" )
println "\tSetting timeout to: " + timeout
conn.setConnectTimeout(timeout)
println "\tNow the timeout is: " + conn.getConnectTimeout()
try{
//def objData = urlConnect.getContent()
println "\tresponse Code is: " + conn.responseCode
if(conn.responseCode == 200) {
println "\tConnection was successful...."
return conn
}else if(conn.responseCode == 401) {
println "\tConnection was unauthorized...."
return "UNAUTHORIZED"
}else {
println "\tConnection result was other...."
return "OTHER"
}
} catch (Exception e) {
println "\tError message is: " + e.getMessage()
return "UNREACHABLE"
}
}
One answer
I could find a solution that works for my case:
My script is a groovy script which is run by an application under tomcat. This script tries to connect into RTC but the RTC server has self SSL Certicates.
So first I got the certificate from the Firefox Mozila and then I used the keytool (Java tool) to import that certificate into a custom certificate database named for example 'certificateDatabaseRtcTomcat.jks'.
The command I run is:
keytool -import -trustcacerts -alias <any alias> -file <path to the certificate> -keystore certificateDatabaseRtcTomcat.jks
It is something like that:
export CATALINA_OPTS="-Djavax.net.ssl.trustStore=/path/to/certificateDatabaseRtcTomcat.jks"
Of course, then restart the Tomcat.
Regards.
PS: Also as Joseph Mao mentioned in the prior comment, maybe the certificate could be imported directly to the Java database certificate <JAVA_HOME>/lib/security/cacerts instead of a custom database certificate as I did, with that maybe it would not be necessary to specify the path in the CATALINA_OPTS of tomcat, since <JAVA_HOME>/lib/security/cacerts is the default one.
Comments
Joseph Mao
JAZZ DEVELOPER Oct 09 '13, 9:14 p.m.Did you add SSL certificate into your <JAVA_HOME>/lib/security/cacerts file?
Tiago Fernandez
Oct 10 '13, 8:45 p.m.Thanks a lot for the comment.
I could figure out a solution similar but adding the certificate in another path.
I will detail the explanation in the following response.
Thank you very much.