IntelliJ IDEA and Proxyman

[yauheniprakapenka]

Does anyone know how to make friends IntelliJ IDEA 2020 and Proxyman 2.3.0?

When the proxy is enabled, when I execute a network request, an error occurs

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
at khttp.responses.GenericResponse$Companion$defaultEndInitializers$1.invoke(GenericResponse.kt:90)
at khttp.responses.GenericResponse$Companion$defaultEndInitializers$1.invoke(GenericResponse.kt:32)
at khttp.responses.GenericResponse$connection$2.invoke(GenericResponse.kt:164)
at khttp.responses.GenericResponse$connection$2.invoke(GenericResponse.kt:30)
at khttp.responses.GenericResponse.openRedirectingConnection$khttp(GenericResponse.kt:124)
at khttp.responses.GenericResponse.getConnection(GenericResponse.kt:163)
at khttp.responses.GenericResponse.getRaw(GenericResponse.kt:207)
at khttp.responses.GenericResponse.getContent(GenericResponse.kt:216)
at khttp.responses.GenericResponse.init$khttp(GenericResponse.kt:377)
at khttp.KHttp.request(KHttp.kt:61)
at khttp.KHttp.post(KHttp.kt:50)
at khttp.KHttp.post$default(KHttp.kt:49)
at api.ApiProfileRegistrationStart.api_profile_registration_start(ApiProfileRegistrationStart.kt:11)
at apiScript.ApiScriptAuthorizeToProfile.api_script_authorize_to_profile(ApiScriptAuthorizeToProfile.kt:21)
at tests.TransStroyBank.bankDefaultTimeout3Minutes_32_186(TransStroyBank.kt:84)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:33)
at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:230)
at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:58)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 49 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

[NghiaTranUIT]

@yauheniprakapenka Look like the Networking library doesn't accept the Proxyman certificate, so you get a ton of SSL Error.

If you don't mind, please help me answer the following questions that help me to investigate:

• What is programming language? It looks like Kotlin, but I'm not sure 😄
• What is the Network library that you're using?
• Are you developing the Android app? and it will run an Android Emulator to run a test?

[yauheniprakapenka]

1. Its Kotlin
2. Khttp library
3. This is not an android project, these are requests without UI

Can I send a project in a private message for testing you?

[NghiaTranUIT]

You can go to Gitter and send me a private message 📩 .

Or just email via nghia@proxyman.io

[yauheniprakapenka]

Sent by email nghia@proxyman.io

[NghiaTranUIT]

Sorry, can you double-check again? I couldn't find any email from nghia@proxyman.io or support@proxyman.io

[yauheniprakapenka]

sent to support@proxyman.io

[NghiaTranUIT]

Received in the Spam email 😅. I'm investigating on it now 👍

[NghiaTranUIT]

Turn out that Java has its own cacert and it doesn't install by Proxyman by default.

The following steps will fix it

1. Open Proxyman -> Certificate Menu -> Export Proxyman Certificate -> Save to Desktop
2. Add to cacert store

sudo keytool -importcert -file ~/Desktop/proxyman-ca.pem -alias ProxymanCertificate -keystore $(/usr/libexec/java_home)/lib/security/cacerts -storepass changeit

and type yes to install the certificate
3. Then trying again, it should work

Notes

• cacert location is different on platform or JDK version. If the above scripting is invalid (KeyStore not found), please look at the reference to find the correct cacert path.
• I will support this feature to install automatically in the next release 👍

Reference

• https://stackoverflow.com/questions/11617210/how-to-properly-import-a-selfsigned-certificate-into-java-keystore-that-is-avail
• Alternative Scripts: https://github.com/ssbarnea/keytool-trust

[yauheniprakapenka]

Thank you for a lot! You are a brilliant developer.

Your command doesn't work for me. But on your example of your command, I found a working one for me:

sudo keytool -importcert -file ~/Desktop/proxyman-ca.pem -alias ProxymanCertificate -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/security/cacerts -storepass changeit

[NghiaTranUIT]

Hey @yauheniprakapenka , if you don't mind, please help me check out this build: https://proxyman.s3.us-east-2.amazonaws.com/beta/Proxyman_2.3.0_Install_Certificate_Java.dmg

• Support Install Certificates to Java VMs automatically

[yauheniprakapenka]

Good day!

I want to share another way to solve this problem, if the script from the Proxyman does not help.

When you receive an error

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

1.For example, you are sending a request through Intellij IDEA using the okhttp library

2.This request displays an error in the console

3.Go to Proxyman - Certificate - Install certificate on Java VMs - Run Script

4. The terminal will open automatically. Pay attention to the version

5.We check in Intellij IDEA what is selected. I had it like that. Does not work.

6.Change to the version indicated in the terminal

7.Submit the request again. It works.

[NghiaTranUIT]

It's awesome. Thank you for the detailed solution. I will link it to Proxyman Doc 😄 🙌 🍺

[azarouski]

keytool -import -trustcacerts -alias mdecert -file {path/To/certificate.pem} -keystore cacerts

worked in my case on MacBook

[foxtrotdev]

I had some problems with installing the certificates by Proxyman on my MacOs but I had to link JAVA_HOME with current JAVA version. Here are my steps:

1. check JAVA version: java --version

java 14.0.2 2020-07-14
Java(TM) SE Runtime Environment (build 14.0.2+12-46)
Java HotSpot(TM) 64-Bit Server VM (build 14.0.2+12-46, mixed mode, sharing)

2. find out path to current JAVA version and copy it: /usr/libexec/java_home -V

Matching Java Virtual Machines (3):
    14.0.2 (x86_64) "Oracle Corporation" - "Java SE 14.0.2" /Library/Java/JavaVirtualMachines/jdk-14.0.2.jdk/Contents/Home
    11.0.12.1 (x86_64) "Amazon.com Inc." - "Amazon Corretto 11" /Users/XXXX/Library/Java/JavaVirtualMachines/corretto-11.0.12/Contents/Home
    1.8.0_265 (x86_64) "AdoptOpenJDK" - "AdoptOpenJDK 8" /Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home

3. export JAVA_PATH to current JAVA version (I had version 14)

export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-14.0.2.jdk/Contents/Home         

Run the generated script by Proxyman again (arrows up to return the latest command from history).
My command was

bash /Applications/Proxyman.app/Contents/Frameworks/ProxymanCore.framework/Resources/install-certificates-java.sh -p 127.0.0.1:9090

P.S. Everything has been done it in the same terminal window as it was created by Proxyman

[xiaomamayi]

Despite having installed Certificates to Java VMs automatically, Proxyman cannot capture my HTTP requests in Java.

My environment:

Proxyman: 4.8.1
jdk: 1.8.0_291
The jdk version used by my java project is consistent with JAVA_HOME.

How can I solve this problem? @NghiaTranUIT

[NghiaTranUIT]

@xiaomamayi what do you mean about:

Proxyman cannot capture my HTTP requests in Java.

1. Do you get SSL Error from your Java app?
2. Or Proxyman could not capture any traffic from your Java app?