B4J Question SetSSLFactory Windows-ROOT KeyStore not available

[nesam]

I use Erel's "SetSSLFactory" in the B4A android version and it works great. In the B4J Windows version, there is another name for CA STORE "Windows-ROOT" instead of "AndroidCAStore". It works when I start it from the editor. But after creating the "Build Standalone Package", the error "(NoSuchAlgorithmException) java.security.NoSuchAlgorithmException: Windows-ROOT KeyStore not available" appears. In this part, all existing CA certificates from STORE are loaded.

Private Sub SetSSLFactory (StoreDir As String, StoreFile As String, StorePassword As String)

        Log("SSL start )       
        Dim hc As OkHttpClient = HttpUtils2Service.hc
        Dim builder As JavaObject = hc.As(JavaObject).RunMethod("sharedInit", Array("hc"))
        Dim sslfactoryBuilder As JavaObject
        sslfactoryBuilder = sslfactoryBuilder.InitializeStatic("nl.altindag.sslcontext.SSLFactory").RunMethod("builder", Null)
    
        Dim in As InputStream = File.OpenInput(StoreDir, StoreFile)
        Dim keystore As JavaObject
        keystore.InitializeStatic("java.security.KeyStore")
        Dim password As Object = StorePassword.As(JavaObject).RunMethod("toCharArray", Null) 'ignore
        Dim store As JavaObject = keystore.RunMethodJO("getInstance", Array("pkcs12"))
        store.RunMethod("load", Array(in, password)) 'ignore
        Log("Store end")

        Log("Load (R)CA")   
        Dim ks As JavaObject
        ks.InitializeStatic("java.security.KeyStore")
        Dim ks1 As JavaObject=ks.RunMethodJO("getInstance",Array("Windows-ROOT"))'AndroidCAStore     
        ks1.RunMethod("load",Array( Null))
        Dim aliases As JavaObject = ks1.RunMethod("aliases",Null)
        Do While aliases.RunMethod("hasMoreElements", Null)
            Dim b As String = aliases.RunMethod("nextElement", Null)
            'Log("aliases: "&b)
            Dim sert As JavaObject
            sert.InitializeStatic("java.security.cert.Certificate")
            sert=ks1.RunMethodJO("getCertificate",Array (b))
            store.RunMethod("setCertificateEntry",Array (b,sert))
        Loop
        Log("CA end")
  
        sslfactoryBuilder.RunMethod("withIdentityMaterial", Array(store, password))
        sslfactoryBuilder.RunMethod("withTrustMaterial", Array(store, password))
        'uncomment if need to disable http 2.
        Dim protocol As JavaObject
        protocol = protocol.InitializeStatic("okhttp3.Protocol").RunMethod("valueOf", Array("HTTP_1_1"))
        Dim protocols As List = Array(protocol)
        builder.RunMethod("protocols", Array(protocols))
  
        Dim sslfactory As JavaObject = sslfactoryBuilder.RunMethod("build", Null)
        Dim socketfactory As JavaObject = sslfactory.RunMethodJO("getSslContext", Null).RunMethod("getSocketFactory", Null)
        Dim trustmanager As JavaObject = sslfactory.RunMethodJO("getTrustManager", Null)
        builder.RunMethod("sslSocketFactory", Array(socketfactory, trustmanager.RunMethod("get", Null)))
        builder.RunMethod("hostnameVerifier", Array(sslfactory.RunMethod("getHostnameVerifier", Null)))
        hc.As(JavaObject).SetField("client", builder.RunMethod("build", Null)) 'ignore
        Log ("SSL End")
    
End Sub

 

[Erel]

But after creating the "Build Standalone Package", the error "(NoSuchAlgorithmException) java.security.NoSuchAlgorithmException: Windows-ROOT KeyStore not available" appears. In this part, all existing CA certificates from STORE are loaded.

Please post the full messages from the logs.

Try to add this:

#PackagerProperty: IncludedModules = jdk.crypto.ec

 

[nesam]

Thanks Erel. That's already in my code. I also tried with "#PackagerProperty: VMArgs = --add-opens java.base / sun.security.ssl = b4j "but it doesn't work. Since I start run_debug.bat it's the only error message I get. When I try to log in to the server an error occurs:

okhttp3.internal.http2.StreamResetException: stream was reset: HTTP_1_1_REQUIRED
        at b4j/okhttp3.internal.http2.Http2Stream.takeHeaders(Unknown Source)
        at b4j/okhttp3.internal.http2.Http2Codec.readResponseHeaders(Unknown Source)
        at b4j/okhttp3.internal.http.CallServerInterceptor.intercept(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.connection.ConnectInterceptor.intercept(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.cache.CacheInterceptor.intercept(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.http.BridgeInterceptor.intercept(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.RealCall.getResponseWithInterceptorChain(Unknown Source)
        at b4j/okhttp3.RealCall.execute(Unknown Source)
        at b4j/anywheresoftware.b4h.okhttp.OkHttpClientWrapper.executeWithTimeout(Unknown Source)
        at b4j/anywheresoftware.b4h.okhttp.OkHttpClientWrapper.access$0(Unknown Source)
        at b4j/anywheresoftware.b4h.okhttp.OkHttpClientWrapper$ExecuteHelper.run(Unknown Source)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
        at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.base/java.lang.Thread.run(Unknown Source)
ResponseError. Reason: okhttp3.internal.http2.StreamResetException: stream was reset: HTTP_1_1_REQUIRED, Response:
ERROR

When testing the connection I get an error:

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
        at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at b4j/okhttp3.internal.connection.RealConnection.connectTls(Unknown Source)
        at b4j/okhttp3.internal.connection.RealConnection.establishProtocol(Unknown Source)
        at b4j/okhttp3.internal.connection.RealConnection.connect(Unknown Source)
        at b4j/okhttp3.internal.connection.StreamAllocation.findConnection(Unknown Source)
        at b4j/okhttp3.internal.connection.StreamAllocation.findHealthyConnection(Unknown Source)
        at b4j/okhttp3.internal.connection.StreamAllocation.newStream(Unknown Source)
        at b4j/okhttp3.internal.connection.ConnectInterceptor.intercept(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.cache.CacheInterceptor.intercept(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.http.BridgeInterceptor.intercept(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.internal.http.RealInterceptorChain.proceed(Unknown Source)
        at b4j/okhttp3.RealCall.getResponseWithInterceptorChain(Unknown Source)
        at b4j/okhttp3.RealCall.execute(Unknown Source)
        at b4j/anywheresoftware.b4h.okhttp.OkHttpClientWrapper.executeWithTimeout(Unknown Source)
        at b4j/anywheresoftware.b4h.okhttp.OkHttpClientWrapper.access$0(Unknown Source)
        at b4j/anywheresoftware.b4h.okhttp.OkHttpClientWrapper$ExecuteHelper.run(Unknown Source)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
        at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at java.base/sun.security.validator.Validator.validate(Unknown Source)
        at java.base/sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        ... 38 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
        at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
        at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 44 more
ResponseError. Reason: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, Response:
nema interneta
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Should I load the RCA certificate directly from the file if it doesn't come from KeyStore?

Please post the full messages from the logs.

Try to add this:

#PackagerProperty: IncludedModules = jdk.crypto.ec

 

[Erel]

If you can reproduce it in a small project, based on: https://www.b4x.com/android/forum/t...ith-okhttputils2-sslcontext-kickstart.132549/ then I can test it.

Otherwise, distribute it as a Java 8 jar and rely on Java 8 being installed on the user computer.

 

[Erel]

Solution:

#PackagerProperty: IncludedModules = jdk.crypto.ec, jdk.crypto.mscapi

 

[nesam]

Thank you, thank you, thank you very much.