Ignoring self-signed certs in Groovy script

Question

I am trying to connect to a REST API running on a server with a self-signed cert. When I run the following code, I get this error:&nbsp;

Quote

SunCertPathBuilderException: unable to find valid certification path to requested target

&nbsp;

package DataSources.Groovy
import org.apache.http.HttpEntity
import org.apache.http.NameValuePair
import org.apache.http.client.entity.UrlEncodedFormEntity
import org.apache.http.client.methods.CloseableHttpResponse
import org.apache.http.client.methods.HttpGet
import org.apache.http.client.methods.HttpPost
import org.apache.http.impl.client.BasicCookieStore
import org.apache.http.impl.client.CloseableHttpClient
import org.apache.http.impl.client.HttpClients
import org.apache.http.impl.client.InternalHttpClient
import org.apache.http.message.BasicNameValuePair
import org.apache.http.util.EntityUtils
import java.util.concurrent.ConcurrentHashMap.ForEachEntryTask
import java.util.regex.Matcher
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.parsers.SAXParser
import org.apache.commons.codec.binary.Hex;
import groovy.json.*;
import groovy.util.XmlSlurper;
import groovy.xml.XmlUtil;
String eol = System.getProperty("line.separator");

CloseableHttpClient httpclient = HttpClients.createDefault();

def loginurl = "https://&lt;url&gt;:8445/finesse/api/Users";

httpGet = new HttpGet(loginurl);
httpGet.setHeader("Authorization", "Basic &lt;token&gt;");
response = httpclient.execute(httpGet);

&nbsp;

I did a little googling and tried the first answer from this StackOverflow post, but that was a no-go. Does the collector support any workaround?

anonymous · Answer

The collector wouldn't have any way of working around this. It would have to be built into your script. Unfortunately, you've surpassed by Groovy fluency already.

This is why I use python (set verify=false and you're done).&nbsp;

mhashemi · Answer

Yeah, I normally work in PowerShell (and can work around it with that), but Groovy is less resource intensive. Hopefully someone else knows how make Groovy ignore the cert.

michael_baker · Answer

def nullTrustManager = [
    checkClientTrusted: { chain, authType -&gt;  },
    checkServerTrusted: { chain, authType -&gt;  },
    getAcceptedIssuers: { null }
]

def nullHostnameVerifier = [
    verify: { hostname, session -&gt;
        hostname.startsWith('ignore.this')
    }
]

javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL")
    sc.init(null, [nullTrustManager as  javax.net.ssl.X509TrustManager] as  javax.net.ssl.X509TrustManager[], null)
    javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory())
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(nullHostnameVerifier as javax.net.ssl.HostnameVerifier)

def doRequest(urlPath, token) {
            def conn = "https://....".toURL().openConnection()
            return conn
    }

This will do it... my Groovy foo is not strong &nbsp;but I have this working using the above

Forum Discussion

Ignoring self-signed certs in Groovy script

3 Replies

Related Content

API Groovy HttpPatch?

Testing groovy script on local ubuntu machine

Test Groovy script on a device

string filters in the API (groovy)

Groovy script failing for alinux server

Recent Discussions

Correctly adding one-time SDT via API?

REST API 503 errors

Training

Nice little hint! with LM Config

Info and Overview resource tabs