Forum Discussion

mhashemi's avatar
4 years ago

Ignoring self-signed certs in Groovy script

I am trying to connect to a REST API running on a server with a self-signed cert. When I run the following code, I get this error: 

Quote

SunCertPathBuilderException: unable to find valid certification path to requested target

 

package DataSources.Groovy
import org.apache.http.HttpEntity
import org.apache.http.NameValuePair
import org.apache.http.client.entity.UrlEncodedFormEntity
import org.apache.http.client.methods.CloseableHttpResponse
import org.apache.http.client.methods.HttpGet
import org.apache.http.client.methods.HttpPost
import org.apache.http.impl.client.BasicCookieStore
import org.apache.http.impl.client.CloseableHttpClient
import org.apache.http.impl.client.HttpClients
import org.apache.http.impl.client.InternalHttpClient
import org.apache.http.message.BasicNameValuePair
import org.apache.http.util.EntityUtils
import java.util.concurrent.ConcurrentHashMap.ForEachEntryTask
import java.util.regex.Matcher
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.parsers.SAXParser
import org.apache.commons.codec.binary.Hex;
import groovy.json.*;
import groovy.util.XmlSlurper;
import groovy.xml.XmlUtil;
String eol = System.getProperty("line.separator");

CloseableHttpClient httpclient = HttpClients.createDefault();

def loginurl = "https://<url>:8445/finesse/api/Users";

httpGet = new HttpGet(loginurl);
httpGet.setHeader("Authorization", "Basic <token>");
response = httpclient.execute(httpGet);

 

I did a little googling and tried the first answer from this StackOverflow post, but that was a no-go. Does the collector support any workaround?

  • Anonymous's avatar
    Anonymous

    The collector wouldn't have any way of working around this. It would have to be built into your script. Unfortunately, you've surpassed by Groovy fluency already.

    This is why I use python (set verify=false and you're done). 

  • Yeah, I normally work in PowerShell (and can work around it with that), but Groovy is less resource intensive. Hopefully someone else knows how make Groovy ignore the cert.

  • def nullTrustManager = [
        checkClientTrusted: { chain, authType ->  },
        checkServerTrusted: { chain, authType ->  },
        getAcceptedIssuers: { null }
    ]
    
    def nullHostnameVerifier = [
        verify: { hostname, session ->
            hostname.startsWith('ignore.this')
        }
    ]
    
        javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL")
        sc.init(null, [nullTrustManager as  javax.net.ssl.X509TrustManager] as  javax.net.ssl.X509TrustManager[], null)
        javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory())
    javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(nullHostnameVerifier as javax.net.ssl.HostnameVerifier)
    
        def doRequest(urlPath, token) {
                def conn = "https://....".toURL().openConnection()
                return conn
        }

    This will do it... my Groovy foo is not strong :D but I have this working using the above