It's all about the answers!

Ask a question

[RTC 6.0.2] connecting to RTC using Client API over SSL via Proxy


0
3
Abhishek Kumar (49722) | asked Nov 23 '16, 10:58 p.m.
edited Nov 23 '16, 11:00 p.m.
 Hello All,

We have configured reverse proxy for our CLM environment which has individual client SSL certificate to access the applications(which is working fine for the web client).

now we are writing client programs for some automation in the CCM application using java client api's 

We have realized that we are behind a proxy server and we have set the proxy settings as below. 
ITeamRepository teamRepository = TeamPlatform.getTeamRepositoryService().getTeamRepository(repositoryURI);
teamRepository.setProxy("proxy host name", portNumber, null, null);
teamRepository.registerLoginHandler(new LoginHandler(userId,password));
teamRepository.login(null);
On running the code we are getting an SSL handshake exception:

com.ibm.team.repository.common.transport.TeamServiceException: CRJAZ0099E An HTTP error occurred when this URL was being accessed: server:443. Error details: Received fatal alert: handshake_failure. 

we tried importing the certificate using Standard HTTPS API for java and we were able to ping the ccm application successfully, please find the below code for your reference:
KeyStore clientStore = KeyStore.getInstance("PKCS12");
clientStore.load(new FileInputStream("certificateName.pfx"), "password".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(clientStore, "password".toCharArray());
KeyManager[] kms = kmf.getKeyManagers();
SSLContext sslContext = null;
sslContext = SSLContext.getInstance("SSL");
sslContext.init(kms, new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("hostname", portNumber));
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
URL url = new URL("https://example.com/ccm");
HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection(proxy);
System.out.println(urlConn.getResponseCode());// getting 200 ok response code                                 

We are unable to set this SSL Context into the ITeamRepository Interface. Please Suggest a way for adding this SSL context to the TeamRespository for successful handshake.

Thanks in Advance.
Abhishek Kumar
 




Comments
Manju Gowda commented Nov 29 '16, 12:04 a.m. | edited Nov 29 '16, 1:06 a.m.

Hello,

Did you find a solution to this problem we are also facing the same.

Regards,

Manju S


Annie Steenson commented May 11 '17, 10:52 a.m. | edited May 12 '17, 1:09 a.m.

I am facing this issue as well.

Did anyone find a solution?

Accepted answer


permanent link
Manju Gowda (37110) | answered May 16 '17, 1:25 a.m.
edited May 16 '17, 1:26 a.m.

Set system properties in you code.

        System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
        System.setProperty("javax.net.ssl.trustStoreType", "pfx");
        System.setProperty("javax.net.ssl.keyStore", crtPath);
        System.setProperty("javax.net.ssl.trustStore", "gridserver.keystore");
        System.setProperty("javax.net.debug", "ssl");
        System.setProperty("javax.net.ssl.keyStorePassword", crtPassword);
        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

ITeamRepository teamRepository = TeamPlatform.getTeamRepositoryService().getTeamRepository(repositoryURI);
teamRepository.setProxy("proxy host name", portNumber, null, null);
teamRepository.registerLoginHandler(new LoginHandler(userId,password));
teamRepository.login(null);

Above code worked for me, hope this might help you as well.

Thanks,
Manju S

Abhishek Kumar selected this answer as the correct answer

One other answer



permanent link
Donald Nong (14.5k414) | answered May 12 '17, 1:54 a.m.

If you want to force the RTC client to use a particular SSL protocol, use the "-Dcom.ibm.team.repository.transport.client.protocol" property.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.