Turn off ssl certificate validation for JiraRestClient

Tags: , , , ,



I’m trying to connect to my Jira via the atlassian rest api java framework:

JiraRestClientFactory factory = new AsynchronousJiraRestClientFactory();
JiraRestClient client = factory.createWithBasicHttpAuthentication(uri, userName, password);

But this causes a errors:

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I think this happens because I use a self-signed certificate for my Jira. Is there a way to turn of certificate validation for the JiraRestClientFactory at least for development purposes?

Answer

Thanks for the replies! The solution I ended up with is based on Karol Dowbeckis answer:

    JiraRestClientFactory factory = new AsynchronousJiraRestClientFactory();
    HttpClientOptions options = new HttpClientOptions();
    options.setTrustSelfSignedCertificates(true);
    DefaultHttpClientFactory defaultHttpClientFactory = new DefaultHttpClientFactory(new NoOpEventPublisher(),
            new RestClientApplicationProperties(JIRA_URI), new ThreadLocalContextManager() {
        @Override
        public Object getThreadLocalContext() {
            return null;
        }
        
        @Override
        public void setThreadLocalContext(Object context) {
        }
        
        @Override
        public void clearThreadLocalContext() {
        }
    });
    HttpClient httpClient = defaultHttpClientFactory.create(options);

    AtlassianHttpClientDecorator atlassianHttpClientDecorator = new AtlassianHttpClientDecorator(httpClient, new BasicHttpAuthenticationHandler(userName, password)) {
        @Override
        public void destroy() throws Exception {
            defaultHttpClientFactory.dispose(httpClient);
        }
    };
    JiraRestClient client = factory.create(JIRA_URI, atlassianHttpClientDecorator);

I had to add my own simple implementations of NoOpEventPublisher and RestClientApplicationProperties because the atlassian classes are private.

Additional information for this code sample

  • this example is using the jira rest client version 4.0.0
  • NoOpEventPublisher is just an implementation of com.atlassian.event.api.EventPublisher with empty method bodies.
  • RestClientApplicationProperties implements com.atlassian.sal.api.ApplicationProperties returning my jira url in getBaseUrl and “4.0.0” in getVersion


Source: stackoverflow