Thursday, July 26, 2012

HttpClient and HTTPS

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

http://javaskeleton.blogspot.ch/2010/07/avoiding-peer-not-authenticated-with.html (too complicated, and the code doesn't give the imports.... grrrrr....)

http://www.koders.com/java/fid22A749424D86D13C8E8530A62ADC9689E7DC6F67.aspx

org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory "can be used to creats SSL Sockets that accept self-signed certificates"

it's in commons-ssl.jar or not-yet-commons-ssl jar http://juliusdavies.ca/commons-ssl/download.html


I try the

Protocol easyHttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
Protocol.registerProtocol("https", easyHttps);

where Protocol is http://hc.apache.org/httpclient-3.x/apidocs/org/apache/commons/httpclient/protocol/Protocol.html and it's part of commons-httpclient-3.1.jar

This gives a full working example:
https://discursive.atlassian.net/wiki/display/CJCOOK/Accepting+a+Self-Signed+Certificate

and the imports are:

import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.security.GeneralSecurityException;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.FileEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;


I do this:

DefaultHttpClient httpclient = new DefaultHttpClient();
HttpClient httpclientWrapped = wrapClient(httpclient);

where

public static HttpClient wrapClient(HttpClient base) {
 try {
  SSLContext ctx = SSLContext.getInstance("TLS");
  X509TrustManager tm = new X509TrustManager() {

   @Override
   public void checkClientTrusted(
     java.security.cert.X509Certificate[] arg0, String arg1)
     throws java.security.cert.CertificateException {
    // TODO Auto-generated method stub
    
   }

   @Override
   public void checkServerTrusted(
     java.security.cert.X509Certificate[] arg0, String arg1)
     throws java.security.cert.CertificateException {
    // TODO Auto-generated method stub
    
   }

   @Override
   public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    // TODO Auto-generated method stub
    return null;
   }

  };
  
  ctx.init(null, new TrustManager[]{tm}, null);
  SSLSocketFactory ssf = new SSLSocketFactory(ctx);
  ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
  ClientConnectionManager ccm = base.getConnectionManager();
  SchemeRegistry sr = ccm.getSchemeRegistry();
  sr.register(new Scheme("https", ssf, 443));
  return new DefaultHttpClient(ccm, base.getParams());
 } catch (Exception ex) {
  return null;
 }
} 



(change 443 for your own port)


but I still get
Connection reset at java.net.SocketInputStream.read

No comments: