You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Vicky <vi...@gmail.com> on 2014/03/12 10:41:52 UTC

Apache Http Client 4.0.1 SSL Proxy

Hi Folks,

I am using Apache Http client 4.0.1 for communicating with the server. I
already have a secure/non secure client code that works just fine.

Recently the new addition being to add proxy to this code, so i added the
following piece of code to do that (currently non secure proxy),

 HttpHost proxy = new HttpHost("localhost", 5555);

 httpClient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);

This has worked fine with a non secure request. However i am having trouble
with a secure (https) request with the same code.

Get the below exception (it tries a few time before failing),

Mar 12, 2014 11:14:27 AM
org.apache.http.impl.client.DefaultRequestDirector tryConnect

INFO: I/O exception (org.apache.http.NoHttpResponseException) caught
when connecting to the target host: The target server failed to
respond

Mar 12, 2014 11:14:27 AM
org.apache.http.impl.client.DefaultRequestDirector tryConnect

INFO: Retrying connect

org.apache.http.NoHttpResponseException: The target server failed to respond

    at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:95)

    at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:62)

    at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:254)

    at org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:289)

    at org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:252)

    at org.apache.http.impl.conn.ManagedClientConnectionImpl.receiveResponseHeader(ManagedClientConnectionImpl.java:191)

    at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:300)

    at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:127)

    at org.apache.http.impl.client.DefaultRequestDirector.createTunnelToTarget(DefaultRequestDirector.java:899)

    at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:818)

    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:644)

    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)

    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)

    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)

    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)

    at com.poc.test.SSLTest.main(SSLTest.java:88)

Tried following things,

   1. For https requests, i added both "http" as well as "https" to the
   schema registry, using the same SSLFactory as the one used for "https".
   2. Changed the proxy to, HttpHost proxy = new HttpHost("localhost",
   5555, "https");

However in both cases it failed with,

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

    at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)

    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)

    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)

    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)

    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)

    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)

    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)

    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)

    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)

    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)

    at com.poc.test.SSLTest.main(SSLTest.java:89)

Note - I am running a non secure proxy on my localhost via tcpmon.

*EDIT*: Here is the code i am using for the SSL with proxy communication,

DefaultHttpClient httpClient = new DefaultHttpClient();



try {

    SSLContext ctx = SSLContext.getInstance("TLSv1.1");

    TrustManager[] trustManagers = getTrustManagers("jks", new
FileInputStream(new File("C:\\SSLKeyStore.ks")), "changeit");

    ctx.init(null, trustManagers, new SecureRandom());



    HttpGet httpget = new
HttpGet("https://localhost:8844/Channels/HTTP/getData");

    System.out.println("executing request" + httpget.getRequestLine());



    SSLSocketFactory factory = new SSLSocketFactory(ctx);

    factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);



    ClientConnectionManager manager = httpClient.getConnectionManager();

    manager.getSchemeRegistry().register(new Scheme("https", 443, factory));

    manager.getSchemeRegistry().register(new Scheme("http", 80,
PlainSocketFactory.getSocketFactory()));



    HttpHost proxy = new HttpHost("localhost", 5555, "http");

    httpClient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);



    HttpResponse response = httpClient.execute(httpget);

    HttpEntity entity = response.getEntity();



    System.out.println("----------------------------------------");

    System.out.println(response.getStatusLine());

    if (entity != null) {

        System.out.println("Response content length: " +
entity.getContentLength());

    }

    EntityUtils.consume(entity);

} catch (Exception exception) {

    exception.printStackTrace();

} finally {

    httpClient.getConnectionManager().shutdown();

}

Any ideas of what is happening, what am i missing with respect to https and
proxy.

Thanks,
Vicky