You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Michael Clovis <mc...@mindbridge.com> on 2005/07/28 23:52:30 UTC
SSL with Certificate
I am maintaining an application that is using HTTPClient 2.0.2 and one clas=
s extends HttpClient in particular ( one reason for not upgrading to 3x). N=
eed to support SSL and have started to test code using self-signed certs. M=
ade sure through Apache the servlet the application accesses can not be acc=
essed other than through SSL and wire info reads that the header informatio=
n can be seen yet when method is sent to servlet get a 401. Furthermore doi=
ng tcpdumps reveal app never ran on port 443 but port 80. Am using simple p=
aradigm (as in example code) of :
StrictSSLProtocolSocketFactory sf =3D new StrictSSLProtocolSocketFactory()=
;
=20
Protocol stricthttps =3D new Protocol( "https", sf, 443);
Protocol.registerProtocol("https",stricthttps);
// du is client instance du.getHostConfiguration().setHost(this.hostname.ge=
tText().trim(),443,stricthttps)
Finally here is the "wire" output:
0 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - Java =
version: 1.4.2_02
20 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - Java=
vendor: Sun Microsystems Inc.
20 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - Java=
class path: D:\J2EE1.4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\l=
ib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.jar;D:\J2EE1.4SDK\jdk\jre\lib\plu=
gin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:\J2EE1.4SDK\jdk\jre\lib\rt=
.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext=
\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.4SDK\jdk\jre\=
lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.jar;D:=
\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J=
2EE1.4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblyt=
ool.jar;D:\J2EE1.4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv=
-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-jstl.jar;D:\J2EE1.4SDK\jdk\lib\appse=
rv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.jar;D:\J2EE1.4SDK\jdk\lib\apps=
erv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.jar;D:\J2EE1.4SDK\jd=
k\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;D:\J2EE1.4SD=
K\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\=
lib\htmlconverter_g.jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jd=
k\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-qname.jar;D:\J2EE1.4SDK\jdk\lib\ja=
xr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc=
-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.4SDK\jdk\lib\jhall.=
jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.ja=
r;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:=
\J2EE1.4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\=
J2EE1.4SDK\jdk\lib\xsdlib.jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4=
SDK\lib\endorsed\servlet-api.jar;D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\=
J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.4SDK\lib\endorsed\xercesImpl.jar=
;F:\CvsCheckOut\ISDocLoader2\bin;F:\CvsCheckOut\ISDocLoader2\lib\commons-lo=
gging.jar;F:\CvsCheckOut\ISDocLoader2\lib\jdom.jar;F:\CvsCheckOut\ISDocLoad=
er2\lib\one-jar-boot-0.95.jar;F:\CvsCheckOut\ISDocLoader2\lib\IntraSmartAPI=
.jar;F:\CvsCheckOut\ISDocLoader2\lib\log4j-1.2.8.jar;F:\CvsCheckOut\ISDocLo=
ader2\lib\commons-httpclient-2.0.2.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.jar
20 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - Oper=
ating system name: Windows NT
30 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - Oper=
ating system architecture: x86
30 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - Oper=
ating system version: 4.0
2684 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - SU=
N 1.42: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests;=
SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PK=
IX CertPathBuilder; LDAP, Collection CertStores)
2684 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - Su=
nJSSE 1.42: Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 ke=
y/trust factories, SSLv3, TLSv1)
2684 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - Su=
nRsaSign 1.42: SUN's provider for RSA signatures
2684 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - Su=
nJCE 1.42: SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE,=
Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
2694 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - Su=
nJGSS 1.0: Sun (Kerberos v5)
2734 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpState - ent=
er HttpState.setCredentials(String realm, String host, Credentials credenti=
als)
2965 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.GetMeth=
od - enter GetMethod(String)
2975 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.PostMet=
hod - enter PostMethod.addParameters(NameValuePair[])
2975 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.EntityE=
nclosingMethod - enter EntityEnclosingMethod.clearRequestBody()
2975 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - en=
ter HttpClient.executeMethod(HttpMethod)
2975 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpClient - en=
ter HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
3005 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.open()
3005 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- HttpConnection.setSoTimeout(0)
3005 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.execute(HttpState, HttpConnection)
3005 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- Execute loop try 1
3005 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.processRequest(HttpState, HttpConnection)
3005 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- Attempt number 1 to process request
3005 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.writeRequest(HttpState, HttpConnection)
3015 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.writeRequestLine(HttpState, HttpConnection)
3015 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.generateRequestLine(HttpConnection, String, String, =
String, String)
3015 [AWT-EventQueue-0] DEBUG httpclient.wire.header - >> "POST /IS/ISUploa=
dServer?sourceid=3DISULD&destid=3DISUS HTTP/1.1[\r][\n]"
3015 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.print(String)
3025 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[])
3025 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[], int, int)
3025 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.writeRequestHeaders(HttpState,HttpConnection)
3025 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.ExpectC=
ontinueMethod - enter ExpectContinueMethod.addRequestHeaders(HttpState, Htt=
pConnection)
3025 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.addRequestHeaders(HttpState, HttpConnection)
3025 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.addUserAgentRequestHeaders(HttpState, HttpConnection=
)
3025 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.addHostRequestHeader(HttpState, HttpConnection)
3025 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- Adding Host request header
3025 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.addCookieRequestHeader(HttpState, HttpConnection)
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpState - ent=
er HttpState.getCookies()
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.cookie.CookieSp=
ec - enter CookieSpecBase.match(String, int, String, boolean, Cookie[])
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.addAuthorizationRequestHeader(HttpState, HttpConnect=
ion)
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.addProxyAuthorizationRequestHeader(HttpState, HttpCo=
nnection)
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.addProxyConnectionHeader(HttpState, HttpConnection)
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.EntityE=
nclosingMethod - enter HttpMethodBase.addContentLengthRequestHeader(HttpSta=
te, HttpConnection)
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.EntityE=
nclosingMethod - enter EntityEnclosingMethod.getRequestContentLength()
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.PostMet=
hod - enter PostMethod.hasRequestContent()
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.PostMet=
hod - enter PostMethod.renerateRequestBody()
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.PostMet=
hod - enter PostMethod.getParameters()
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter getContentCharSet( Header contentheader )
3045 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- Default charset used: ISO-8859-1
3055 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- HttpMethodBase.addRequestHeader(Header)
3065 [AWT-EventQueue-0] DEBUG httpclient.wire.header - >> "User-Agent: Jaka=
rta Commons-HttpClient/2.0.2[\r][\n]"
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.print(String)
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[])
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[], int, int)
3065 [AWT-EventQueue-0] DEBUG httpclient.wire.header - >> "Host: 192.168.45=
.114[\r][\n]"
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.print(String)
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[])
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[], int, int)
3065 [AWT-EventQueue-0] DEBUG httpclient.wire.header - >> "Content-Length: =
79[\r][\n]"
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.print(String)
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[])
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[], int, int)
3065 [AWT-EventQueue-0] DEBUG httpclient.wire.header - >> "Content-Type: ap=
plication/x-www-form-urlencoded[\r][\n]"
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.print(String)
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[])
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[], int, int)
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.writeLine()
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[])
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.write(byte[], int, int)
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.flushRequestOutputStream()
3065 [AWT-EventQueue-0] DEBUG httpclient.wire.header - >> "[\r][\n]"
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.EntityE=
nclosingMethod - enter EntityEnclosingMethod.writeRequestBody(HttpState, Ht=
tpConnection)
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.PostMet=
hod - enter PostMethod.hasRequestContent()
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.EntityE=
nclosingMethod - enter EntityEnclosingMethod.getRequestContentLength()
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.PostMet=
hod - enter PostMethod.hasRequestContent()
3065 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.EntityE=
nclosingMethod - Using buffered request body
3075 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.getRequestOutputStream()
3075 [AWT-EventQueue-0] DEBUG httpclient.wire.content - >> "sourceid=3DISUL=
D&destid=3DISUS&requesttype=3DVERSION&requestid=3D111&sent=3D1122582447409"
3075 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.EntityE=
nclosingMethod - Request body sent
3075 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.flushRequestOutputStream()
3075 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.readResponse(HttpState, HttpConnection)
3075 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.readStatusLine(HttpState, HttpConnection)
3075 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.readLine()
3075 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readLine()
3075 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readRawLine()
3115 [AWT-EventQueue-0] DEBUG httpclient.wire.header - << "HTTP/1.1 403 For=
bidden[\r][\n]"
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.readResponseHeaders(HttpState,HttpConnection)
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.getResponseInputStream()
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HeaderParser.parseHeaders(HttpConnection, HeaderGroup)
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readLine()
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readRawLine()
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readLine()
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readRawLine()
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readLine()
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readRawLine()
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readLine()
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readRawLine()
3115 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readLine()
3125 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpParser - en=
ter HttpParser.readRawLine()
3125 [AWT-EventQueue-0] DEBUG httpclient.wire.header - << "Date: Thu, 28 Ju=
l 2005 20:19:52 GMT[\r][\n]"
3145 [AWT-EventQueue-0] DEBUG httpclient.wire.header - << "Server: Apache/2=
.0.52 (Unix) mod_ssl/2.0.52 OpenSSL/0.9.7e mod_jk/1.2.6[\r][\n]"
3145 [AWT-EventQueue-0] DEBUG httpclient.wire.header - << "Content-Length: =
340[\r][\n]"
3155 [AWT-EventQueue-0] DEBUG httpclient.wire.header - << "Content-Type: te=
xt/html; charset=3Diso-8859-1[\r][\n]"
3155 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.processResponseHeaders(HttpState, HttpConnection)
3155 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.methods.GetMeth=
od - enter GetMethod.readResponseBody(HttpState, HttpConnection)
3155 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.readResponseBody(HttpState, HttpConnection)
3155 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpMethodBase =
- enter HttpMethodBase.readResponseBody(HttpConnection)
3155 [AWT-EventQueue-0] DEBUG org.apache.commons.httpclient.HttpConnection =
- enter HttpConnection.getResponseInputStream()
Version =3D REQUST FAILED
Any help in advance would be appreciated. Have read tutorials and code exam=
ples..
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Re: Re: SSL with Certificate-SSLPeerUnverifiedException
Posted by Michael Clovis <mc...@mindbridge.com>.
Oleg,
And this may be a configuration issue on the test machine...
The code is failing in the following place..
X509Certificate[] certs = session.getPeerCertificateChain();
or if I try to establish a session on my own..
session.getPeerCertificates();
both with similar stacktraces..
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(DashoA6275)
this is PRIOR to verifying against any Collection, or store on the client as far as I can see.
Any thoughts..
---------- Original Message ----------
Date: 7/29/05
From: Oleg Kalnichevski <ol...@apache.org>
To: httpclient-user@jakarta.apache.org
Subject: Re: Re: SSL with Certificate-SSLPeerUnverifiedException
>On Fri, Jul 29, 2005 at 12:15:27PM -0400, Michael Clovis wrote:
>>
>> Oleg.. again thanks for help.. Had a version (2.0.2 compliant) of AuthSSLProtocolSocketFactory.
>This class seems to me that you would have to have the cert added to keystore using
>keytool on each client machine..
>>
>
>Just create a keystore file of your own, ship it with your
>application as a regular resource accessible via a class loader, and
>live happily ever after
>
>
>> I was under impression that HttpClient did not venture into keystore area because
>there was no API to include certs into keystore. Had to use keytool..
>
>It does not. Strictly speaking one does not have to use keytool in order
>to import a private key or public certificate into a Keystore instance.
>This can be done using regular JCE classes at the runtime. However, I do
>not see a single compelling reason to do so, because you still have to
>store the cert or the key somewhere. So, why not storing them in a
>keystore file, which besides convenience also provides (some) security
>by optionally protecting the file with a pass phrase (password)?
>
>
>So.. (pardon my ignorance) but if I understood what needed to be done plus this is
>a swing application that lives on anyone within a company's employ.. Confused..
>
>I hope this clarifies the matter somewhat
>
>Oleg
>
>
>
>> Thanks for your quick responses.
>> ---------- Original Message ----------
>> Date: 7/29/05
>> From: Oleg Kalnichevski <ol...@apache.org>
>> To: httpclient-user@jakarta.apache.org
>> Subject: Re: SSL with Certificate-SSLPeerUnverifiedException
>>
>> >Michael,
>> >
>> >I suspect the SSL context has not been properly configured and a result
>> >the socket factory was unable to verify the identity of the target
>> >server. Please take a look at the AuthSSLProtocolSocketFactory below:
>> >
>> ><a <a href='href='http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/'target='_top'>http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/</a>' target='_top'>href='http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/'target='_top'>http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/</a></a>
>
>> >There are some guidelines in the javadocs as to how one can correctly
>> >set up an SSL context with required trust managers and/ or key managers
>> >
>> >Oleg
>> >
>> >On Fri, Jul 29, 2005 at 11:35:57AM -0400, Michael Clovis wrote:
>> >> Oleg.. or anyone.
>> >> Connecting with SSL and had this problem (SSLPeerUnverifiedException) with earlier
>> >class that extended HttpClient. Wrote teststub class with TestURL that works in
>browser
>> >for testing servlet..
>> >> Googled and made sure we are not using Tomcat 4.1.13 or earlier (problem reported
>> >in 1.12 bugzilla).. using highest current release of tomcat Ver 4 ,Apache2 and
>OpenSSL.
>> >Here is the test stub...
>> >>
>> >> try{
>> >> BasicConfigurator.configure();
>> >> HttpClient client = new HttpClient();
>> >> StrictSSLProtocolSocketFactory sf = new StrictSSLProtocolSocketFactory();
>> >>
>> >>
>> >> Protocol stricthttps = new Protocol( "https", sf, 443);
>> >> Protocol.registerProtocol("https",stricthttps);
>> >>
>> >> client.getHostConfiguration().setHost("192.168.45.114", 443, stricthttps);
>> >>
>> >>
>> >> String test = <a <a href='href='"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";'' target='_top'>href='"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";'</a>
><a href='target='_top'>"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";</a>' target='_top'>target='_top'>"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";</a></a>
>> >> PostMethod post = null;
>> >>
>> >>
>> >> try {
>> >> post = new PostMethod(test);
>> >> } catch (Exception e) {
>> >> e.printStackTrace();
>> >> throw e;
>> >> }
>> >> post.setDoAuthentication(true);
>> >> try {
>> >> client.executeMethod(post);
>> >> } catch (IOException e) {
>> >> //e.printStackTrace();
>> >> throw e;
>> >> }
>> >> String res = null;
>> >> if(post!=null &&post.getStatusCode() >= 300){
>> >> res = String.valueOf(post.getStatusCode());
>> >> }
>> >> else if(post!=null){
>> >> Header headers[] = null;
>> >> headers = post.getRequestHeaders();
>> >> if(headers!=null&&headers.length>0){
>> >> for (int i = 0; i < headers.length; i++) {
>> >> System.out.println(headers[i].toExternalForm());
>> >>
>> >> }
>> >> }
>> >> res = new String(post.getResponseBodyAsString());
>> >> }
>> >> System.out.println(res);
>> >> }catch(Exception e){
>> >> e.printStackTrace();
>> >> }
>> >>
>> >>
>> >> Here is the wire and stack trace..
>> >>
>> >> D:\J2EE1.4SDK\jdk\bin\java -Didea.launcher.port=7532 -Didea.launcher.library=F:
>> >\IntelliJ-IDEA-4.5\bin\breakgen.dll -Dfile.encoding=windows-1252 -classpath D:
>\J2EE1.
>> >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
>> >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;
>D:
>> >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
>> >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:
>\J2EE1.
>> >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;
>D:\J2EE1.
>> >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
>> >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
>> >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
>> >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.
>jar;
>> >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.
>4SDK\jdk\lib\htmlconverter_g.
>> >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.
>4SDK\jdk\lib\jax-
>> >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
>> >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
>> >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
>> >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.
>jar;
>> >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:
>\J2EE1.
>> >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0
>_02\common\lib\servlet.
>> >jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.
>jar;
>> >D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.
>jar;
>> >D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.
>> >jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-
>> >0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.
>> >jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:
>\SystemTray\systray.
>> >jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-
>> >2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-
>> >api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.
>> >jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1
>\junit.
>> >jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.
>jar;
>> >S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.
>> >jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:
>\Mindbridge\lib\jcifs-
>> >0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.
>jar;
>> >S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-
>> >dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-
>> >2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.
>> >jar com.intellij.rt.execution.application.AppMain TestPlain
>> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java version: 1.4.2
>_02
>> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: Sun Microsystems
>> >Inc.
>> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java class path: D:
>\J2EE1.
>> >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
>> >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;
>D:
>> >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
>> >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:
>\J2EE1.
>> >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;
>D:\J2EE1.
>> >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
>> >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
>> >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
>> >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.
>jar;
>> >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.
>4SDK\jdk\lib\htmlconverter_g.
>> >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.
>4SDK\jdk\lib\jax-
>> >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
>> >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
>> >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
>> >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.
>jar;
>> >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:
>\J2EE1.
>> >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0
>_02\common\lib\servlet.
>> >jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.
>jar;
>> >D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.
>jar;
>> >D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.
>> >jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-
>> >0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.
>> >jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:
>\SystemTray\systray.
>> >jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-
>> >2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-
>> >api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.
>> >jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1
>\junit.
>> >jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.
>jar;
>> >S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.
>> >jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:
>\Mindbridge\lib\jcifs-
>> >0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.
>jar;
>> >S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-
>> >dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-
>> >2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.
>> >jar
>> >> 10 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system
>name:
>> >Windows NT
>> >> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system
>architecture:
>> >x86
>> >> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system
>version:
>> >4.0
>> >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SUN 1.42: SUN (DSA
>> >key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509
>certificates;
>> >JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
>> >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJSSE 1.42: Sun
>JSSE
>> >provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3,
>TLSv1)
>> >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunRsaSign 1.42:
>SUN's
>> >provider for RSA signatures
>> >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJCE 1.42: SunJCE
>> >Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-
>MD5,
>> >HMAC-SHA1)
>> >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJGSS 1.0: Sun
>(Kerberos
>> >v5)
>> >> 560 [main] DEBUG org.apache.commons.httpclient.methods.GetMethod - enter GetMethod
>> >(String)
>> >> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.
>executeMethod
>> >(HttpMethod)
>> >> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.
>executeMethod
>> >(HostConfiguration,HttpMethod,HttpState)
>> >> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - HttpConnection.
>> >setSoTimeout(0)
>> >> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
>> >open()
>> >> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
>> >closeSockedAndStreams()
>> >> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
>> >releaseConnection()
>> >> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>> >> at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
>> >> at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.
>verifyHostname
>> >(StrictSSLProtocolSocketFactory.java:253)
>> >> at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.
>createSocket
>> >(StrictSSLProtocolSocketFactory.java:208)
>> >> at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:683)
>> >> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:662)
>> >> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
>> >> at TestPlain.main(TestPlain.java:65)
>> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> >> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>39)
>> >> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.
>> >java:25)
>> >> at java.lang.reflect.Method.invoke(Method.java:324)
>> >> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
>> >> count = 0, total = 67
>> >>
>> >> Process finished with exit code 0
>> >>
>> >> Thanks for any insight
>> >>
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> >> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>> >>
>> >>
>> >
>> >---------------------------------------------------------------------
>> >To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> >For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Re: Re: SSL with Certificate-SSLPeerUnverifiedException
Posted by Michael Clovis <mc...@mindbridge.com>.
Oleg,
And this may be a configuration issue on the test machine...
The code is failing in the following place..
X509Certificate[] certs = session.getPeerCertificateChain();
or if I try to establish a session on my own..
session.getPeerCertificates();
both with similar stacktraces..
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(DashoA6275)
this is PRIOR to verifying against any Collection, or store on the client as far as I can see.
Any thoughts..
---------- Original Message ----------
Date: 7/29/05
From: Oleg Kalnichevski <ol...@apache.org>
To: httpclient-user@jakarta.apache.org
Subject: Re: Re: SSL with Certificate-SSLPeerUnverifiedException
>On Fri, Jul 29, 2005 at 12:15:27PM -0400, Michael Clovis wrote:
>>
>> Oleg.. again thanks for help.. Had a version (2.0.2 compliant) of AuthSSLProtocolSocketFactory.
>This class seems to me that you would have to have the cert added to keystore using
>keytool on each client machine..
>>
>
>Just create a keystore file of your own, ship it with your
>application as a regular resource accessible via a class loader, and
>live happily ever after
>
>
>> I was under impression that HttpClient did not venture into keystore area because
>there was no API to include certs into keystore. Had to use keytool..
>
>It does not. Strictly speaking one does not have to use keytool in order
>to import a private key or public certificate into a Keystore instance.
>This can be done using regular JCE classes at the runtime. However, I do
>not see a single compelling reason to do so, because you still have to
>store the cert or the key somewhere. So, why not storing them in a
>keystore file, which besides convenience also provides (some) security
>by optionally protecting the file with a pass phrase (password)?
>
>
>So.. (pardon my ignorance) but if I understood what needed to be done plus this is
>a swing application that lives on anyone within a company's employ.. Confused..
>
>I hope this clarifies the matter somewhat
>
>Oleg
>
>
>
>> Thanks for your quick responses.
>> ---------- Original Message ----------
>> Date: 7/29/05
>> From: Oleg Kalnichevski <ol...@apache.org>
>> To: httpclient-user@jakarta.apache.org
>> Subject: Re: SSL with Certificate-SSLPeerUnverifiedException
>>
>> >Michael,
>> >
>> >I suspect the SSL context has not been properly configured and a result
>> >the socket factory was unable to verify the identity of the target
>> >server. Please take a look at the AuthSSLProtocolSocketFactory below:
>> >
>> ><a <a href='href='http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/'target='_top'>http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/</a>' target='_top'>href='http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/'target='_top'>http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/</a></a>
>
>> >There are some guidelines in the javadocs as to how one can correctly
>> >set up an SSL context with required trust managers and/ or key managers
>> >
>> >Oleg
>> >
>> >On Fri, Jul 29, 2005 at 11:35:57AM -0400, Michael Clovis wrote:
>> >> Oleg.. or anyone.
>> >> Connecting with SSL and had this problem (SSLPeerUnverifiedException) with earlier
>> >class that extended HttpClient. Wrote teststub class with TestURL that works in
>browser
>> >for testing servlet..
>> >> Googled and made sure we are not using Tomcat 4.1.13 or earlier (problem reported
>> >in 1.12 bugzilla).. using highest current release of tomcat Ver 4 ,Apache2 and
>OpenSSL.
>> >Here is the test stub...
>> >>
>> >> try{
>> >> BasicConfigurator.configure();
>> >> HttpClient client = new HttpClient();
>> >> StrictSSLProtocolSocketFactory sf = new StrictSSLProtocolSocketFactory();
>> >>
>> >>
>> >> Protocol stricthttps = new Protocol( "https", sf, 443);
>> >> Protocol.registerProtocol("https",stricthttps);
>> >>
>> >> client.getHostConfiguration().setHost("192.168.45.114", 443, stricthttps);
>> >>
>> >>
>> >> String test = <a <a href='href='"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";'' target='_top'>href='"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";'</a>
><a href='target='_top'>"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";</a>' target='_top'>target='_top'>"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";</a></a>
>> >> PostMethod post = null;
>> >>
>> >>
>> >> try {
>> >> post = new PostMethod(test);
>> >> } catch (Exception e) {
>> >> e.printStackTrace();
>> >> throw e;
>> >> }
>> >> post.setDoAuthentication(true);
>> >> try {
>> >> client.executeMethod(post);
>> >> } catch (IOException e) {
>> >> //e.printStackTrace();
>> >> throw e;
>> >> }
>> >> String res = null;
>> >> if(post!=null &&post.getStatusCode() >= 300){
>> >> res = String.valueOf(post.getStatusCode());
>> >> }
>> >> else if(post!=null){
>> >> Header headers[] = null;
>> >> headers = post.getRequestHeaders();
>> >> if(headers!=null&&headers.length>0){
>> >> for (int i = 0; i < headers.length; i++) {
>> >> System.out.println(headers[i].toExternalForm());
>> >>
>> >> }
>> >> }
>> >> res = new String(post.getResponseBodyAsString());
>> >> }
>> >> System.out.println(res);
>> >> }catch(Exception e){
>> >> e.printStackTrace();
>> >> }
>> >>
>> >>
>> >> Here is the wire and stack trace..
>> >>
>> >> D:\J2EE1.4SDK\jdk\bin\java -Didea.launcher.port=7532 -Didea.launcher.library=F:
>> >\IntelliJ-IDEA-4.5\bin\breakgen.dll -Dfile.encoding=windows-1252 -classpath D:
>\J2EE1.
>> >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
>> >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;
>D:
>> >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
>> >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:
>\J2EE1.
>> >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;
>D:\J2EE1.
>> >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
>> >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
>> >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
>> >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.
>jar;
>> >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.
>4SDK\jdk\lib\htmlconverter_g.
>> >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.
>4SDK\jdk\lib\jax-
>> >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
>> >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
>> >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
>> >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.
>jar;
>> >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:
>\J2EE1.
>> >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0
>_02\common\lib\servlet.
>> >jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.
>jar;
>> >D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.
>jar;
>> >D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.
>> >jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-
>> >0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.
>> >jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:
>\SystemTray\systray.
>> >jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-
>> >2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-
>> >api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.
>> >jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1
>\junit.
>> >jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.
>jar;
>> >S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.
>> >jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:
>\Mindbridge\lib\jcifs-
>> >0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.
>jar;
>> >S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-
>> >dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-
>> >2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.
>> >jar com.intellij.rt.execution.application.AppMain TestPlain
>> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java version: 1.4.2
>_02
>> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: Sun Microsystems
>> >Inc.
>> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java class path: D:
>\J2EE1.
>> >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
>> >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;
>D:
>> >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
>> >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:
>\J2EE1.
>> >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;
>D:\J2EE1.
>> >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
>> >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
>> >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
>> >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.
>jar;
>> >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.
>4SDK\jdk\lib\htmlconverter_g.
>> >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.
>4SDK\jdk\lib\jax-
>> >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
>> >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
>> >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
>> >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.
>jar;
>> >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:
>\J2EE1.
>> >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0
>_0���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Re: Re: SSL with Certificate-SSLPeerUnverifiedException
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, Jul 29, 2005 at 12:15:27PM -0400, Michael Clovis wrote:
>
> Oleg.. again thanks for help.. Had a version (2.0.2 compliant) of AuthSSLProtocolSocketFactory. This class seems to me that you would have to have the cert added to keystore using keytool on each client machine..
>
Just create a keystore file of your own, ship it with your
application as a regular resource accessible via a class loader, and
live happily ever after
> I was under impression that HttpClient did not venture into keystore area because there was no API to include certs into keystore. Had to use keytool..
It does not. Strictly speaking one does not have to use keytool in order
to import a private key or public certificate into a Keystore instance.
This can be done using regular JCE classes at the runtime. However, I do
not see a single compelling reason to do so, because you still have to
store the cert or the key somewhere. So, why not storing them in a
keystore file, which besides convenience also provides (some) security
by optionally protecting the file with a pass phrase (password)?
So.. (pardon my ignorance) but if I understood what needed to be done plus this is a swing application that lives on anyone within a company's employ.. Confused..
I hope this clarifies the matter somewhat
Oleg
> Thanks for your quick responses.
> ---------- Original Message ----------
> Date: 7/29/05
> From: Oleg Kalnichevski <ol...@apache.org>
> To: httpclient-user@jakarta.apache.org
> Subject: Re: SSL with Certificate-SSLPeerUnverifiedException
>
> >Michael,
> >
> >I suspect the SSL context has not been properly configured and a result
> >the socket factory was unable to verify the identity of the target
> >server. Please take a look at the AuthSSLProtocolSocketFactory below:
> >
> ><a href='http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/' target='_top'>http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/</a>
>
> >There are some guidelines in the javadocs as to how one can correctly
> >set up an SSL context with required trust managers and/ or key managers
> >
> >Oleg
> >
> >On Fri, Jul 29, 2005 at 11:35:57AM -0400, Michael Clovis wrote:
> >> Oleg.. or anyone.
> >> Connecting with SSL and had this problem (SSLPeerUnverifiedException) with earlier
> >class that extended HttpClient. Wrote teststub class with TestURL that works in browser
> >for testing servlet..
> >> Googled and made sure we are not using Tomcat 4.1.13 or earlier (problem reported
> >in 1.12 bugzilla).. using highest current release of tomcat Ver 4 ,Apache2 and OpenSSL.
> >Here is the test stub...
> >>
> >> try{
> >> BasicConfigurator.configure();
> >> HttpClient client = new HttpClient();
> >> StrictSSLProtocolSocketFactory sf = new StrictSSLProtocolSocketFactory();
> >>
> >>
> >> Protocol stricthttps = new Protocol( "https", sf, 443);
> >> Protocol.registerProtocol("https",stricthttps);
> >>
> >> client.getHostConfiguration().setHost("192.168.45.114", 443, stricthttps);
> >>
> >>
> >> String test = <a href='"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";' target='_top'>"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";</a>
> >> PostMethod post = null;
> >>
> >>
> >> try {
> >> post = new PostMethod(test);
> >> } catch (Exception e) {
> >> e.printStackTrace();
> >> throw e;
> >> }
> >> post.setDoAuthentication(true);
> >> try {
> >> client.executeMethod(post);
> >> } catch (IOException e) {
> >> //e.printStackTrace();
> >> throw e;
> >> }
> >> String res = null;
> >> if(post!=null &&post.getStatusCode() >= 300){
> >> res = String.valueOf(post.getStatusCode());
> >> }
> >> else if(post!=null){
> >> Header headers[] = null;
> >> headers = post.getRequestHeaders();
> >> if(headers!=null&&headers.length>0){
> >> for (int i = 0; i < headers.length; i++) {
> >> System.out.println(headers[i].toExternalForm());
> >>
> >> }
> >> }
> >> res = new String(post.getResponseBodyAsString());
> >> }
> >> System.out.println(res);
> >> }catch(Exception e){
> >> e.printStackTrace();
> >> }
> >>
> >>
> >> Here is the wire and stack trace..
> >>
> >> D:\J2EE1.4SDK\jdk\bin\java -Didea.launcher.port=7532 -Didea.launcher.library=F:
> >\IntelliJ-IDEA-4.5\bin\breakgen.dll -Dfile.encoding=windows-1252 -classpath D:\J2EE1.
> >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
> >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:
> >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
> >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
> >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
> >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.
> >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.
> >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
> >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
> >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
> >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;
> >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.
> >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-
> >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
> >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
> >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
> >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
> >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
> >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;
> >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.
> >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.
> >jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;
> >D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;
> >D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.
> >jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-
> >0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.
> >jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.
> >jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-
> >2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-
> >api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.
> >jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.
> >jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;
> >S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.
> >jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-
> >0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;
> >S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-
> >dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-
> >2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.
> >jar com.intellij.rt.execution.application.AppMain TestPlain
> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java version: 1.4.2_02
> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: Sun Microsystems
> >Inc.
> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java class path: D:\J2EE1.
> >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
> >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:
> >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
> >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
> >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
> >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.
> >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.
> >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
> >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
> >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
> >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;
> >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.
> >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-
> >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
> >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
> >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
> >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
> >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
> >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;
> >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.
> >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.
> >jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;
> >D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;
> >D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.
> >jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-
> >0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.
> >jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.
> >jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-
> >2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-
> >api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.
> >jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.
> >jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;
> >S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.
> >jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-
> >0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;
> >S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-
> >dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-
> >2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.
> >jar
> >> 10 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system name:
> >Windows NT
> >> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system architecture:
> >x86
> >> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system version:
> >4.0
> >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SUN 1.42: SUN (DSA
> >key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates;
> >JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
> >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJSSE 1.42: Sun JSSE
> >provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
> >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunRsaSign 1.42: SUN's
> >provider for RSA signatures
> >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJCE 1.42: SunJCE
> >Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5,
> >HMAC-SHA1)
> >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJGSS 1.0: Sun (Kerberos
> >v5)
> >> 560 [main] DEBUG org.apache.commons.httpclient.methods.GetMethod - enter GetMethod
> >(String)
> >> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod
> >(HttpMethod)
> >> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod
> >(HostConfiguration,HttpMethod,HttpState)
> >> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - HttpConnection.
> >setSoTimeout(0)
> >> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
> >open()
> >> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
> >closeSockedAndStreams()
> >> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
> >releaseConnection()
> >> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> >> at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
> >> at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname
> >(StrictSSLProtocolSocketFactory.java:253)
> >> at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket
> >(StrictSSLProtocolSocketFactory.java:208)
> >> at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:683)
> >> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:662)
> >> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
> >> at TestPlain.main(TestPlain.java:65)
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> >> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.
> >java:25)
> >> at java.lang.reflect.Method.invoke(Method.java:324)
> >> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
> >> count = 0, total = 67
> >>
> >> Process finished with exit code 0
> >>
> >> Thanks for any insight
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >>
> >>
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Re: SSL with Certificate-SSLPeerUnverifiedException
Posted by Michael Clovis <mc...@mindbridge.com>.
Oleg.. again thanks for help.. Had a version (2.0.2 compliant) of AuthSSLProtocolSocketFactory. This class seems to me that you would have to have the cert added to keystore using keytool on each client machine..
I was under impression that HttpClient did not venture into keystore area because there was no API to include certs into keystore. Had to use keytool.. So.. (pardon my ignorance) but if I understood what needed to be done plus this is a swing application that lives on anyone within a company's employ.. Confused..
Thanks for your quick responses.
---------- Original Message ----------
Date: 7/29/05
From: Oleg Kalnichevski <ol...@apache.org>
To: httpclient-user@jakarta.apache.org
Subject: Re: SSL with Certificate-SSLPeerUnverifiedException
>Michael,
>
>I suspect the SSL context has not been properly configured and a result
>the socket factory was unable to verify the identity of the target
>server. Please take a look at the AuthSSLProtocolSocketFactory below:
>
><a href='http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/' target='_top'>http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/</a>
>There are some guidelines in the javadocs as to how one can correctly
>set up an SSL context with required trust managers and/ or key managers
>
>Oleg
>
>On Fri, Jul 29, 2005 at 11:35:57AM -0400, Michael Clovis wrote:
>> Oleg.. or anyone.
>> Connecting with SSL and had this problem (SSLPeerUnverifiedException) with earlier
>class that extended HttpClient. Wrote teststub class with TestURL that works in browser
>for testing servlet..
>> Googled and made sure we are not using Tomcat 4.1.13 or earlier (problem reported
>in 1.12 bugzilla).. using highest current release of tomcat Ver 4 ,Apache2 and OpenSSL.
>Here is the test stub...
>>
>> try{
>> BasicConfigurator.configure();
>> HttpClient client = new HttpClient();
>> StrictSSLProtocolSocketFactory sf = new StrictSSLProtocolSocketFactory();
>>
>>
>> Protocol stricthttps = new Protocol( "https", sf, 443);
>> Protocol.registerProtocol("https",stricthttps);
>>
>> client.getHostConfiguration().setHost("192.168.45.114", 443, stricthttps);
>>
>>
>> String test = <a href='"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";' target='_top'>"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";</a>
>> PostMethod post = null;
>>
>>
>> try {
>> post = new PostMethod(test);
>> } catch (Exception e) {
>> e.printStackTrace();
>> throw e;
>> }
>> post.setDoAuthentication(true);
>> try {
>> client.executeMethod(post);
>> } catch (IOException e) {
>> //e.printStackTrace();
>> throw e;
>> }
>> String res = null;
>> if(post!=null &&post.getStatusCode() >= 300){
>> res = String.valueOf(post.getStatusCode());
>> }
>> else if(post!=null){
>> Header headers[] = null;
>> headers = post.getRequestHeaders();
>> if(headers!=null&&headers.length>0){
>> for (int i = 0; i < headers.length; i++) {
>> System.out.println(headers[i].toExternalForm());
>>
>> }
>> }
>> res = new String(post.getResponseBodyAsString());
>> }
>> System.out.println(res);
>> }catch(Exception e){
>> e.printStackTrace();
>> }
>>
>>
>> Here is the wire and stack trace..
>>
>> D:\J2EE1.4SDK\jdk\bin\java -Didea.launcher.port=7532 -Didea.launcher.library=F:
>\IntelliJ-IDEA-4.5\bin\breakgen.dll -Dfile.encoding=windows-1252 -classpath D:\J2EE1.
>4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
>jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:
>\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
>4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
>4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
>jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.
>4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.
>4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
>jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
>jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
>jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;
>D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.
>jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-
>qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
>D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
>4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
>jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
>4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
>jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;
>D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.
>4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.
>jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;
>D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;
>D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.
>jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-
>0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.
>jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.
>jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-
>2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-
>api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.
>jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.
>jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;
>S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.
>jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-
>0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;
>S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-
>dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-
>2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.
>jar com.intellij.rt.execution.application.AppMain TestPlain
>> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java version: 1.4.2_02
>> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: Sun Microsystems
>Inc.
>> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java class path: D:\J2EE1.
>4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
>jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:
>\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
>4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
>4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
>jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.
>4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.
>4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
>jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
>jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
>jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;
>D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.
>jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-
>qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
>D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
>4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
>jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
>4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
>jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;
>D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.
>4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.
>jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;
>D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;
>D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.
>jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-
>0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.
>jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.
>jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-
>2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-
>api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.
>jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.
>jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;
>S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.
>jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-
>0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;
>S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-
>dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-
>2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.
>jar
>> 10 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system name:
>Windows NT
>> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system architecture:
>x86
>> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system version:
>4.0
>> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SUN 1.42: SUN (DSA
>key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates;
>JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
>> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJSSE 1.42: Sun JSSE
>provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
>> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunRsaSign 1.42: SUN's
>provider for RSA signatures
>> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJCE 1.42: SunJCE
>Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5,
>HMAC-SHA1)
>> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJGSS 1.0: Sun (Kerberos
>v5)
>> 560 [main] DEBUG org.apache.commons.httpclient.methods.GetMethod - enter GetMethod
>(String)
>> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod
>(HttpMethod)
>> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod
>(HostConfiguration,HttpMethod,HttpState)
>> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - HttpConnection.
>setSoTimeout(0)
>> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
>open()
>> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
>closeSockedAndStreams()
>> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
>releaseConnection()
>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>> at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
>> at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname
>(StrictSSLProtocolSocketFactory.java:253)
>> at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket
>(StrictSSLProtocolSocketFactory.java:208)
>> at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:683)
>> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:662)
>> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
>> at TestPlain.main(TestPlain.java:65)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.
>java:25)
>> at java.lang.reflect.Method.invoke(Method.java:324)
>> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
>> count = 0, total = 67
>>
>> Process finished with exit code 0
>>
>> Thanks for any insight
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL with Certificate-SSLPeerUnverifiedException
Posted by Oleg Kalnichevski <ol...@apache.org>.
Michael,
I suspect the SSL context has not been properly configured and a result
the socket factory was unable to verify the identity of the target
server. Please take a look at the AuthSSLProtocolSocketFactory below:
http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/
There are some guidelines in the javadocs as to how one can correctly
set up an SSL context with required trust managers and/ or key managers
Oleg
On Fri, Jul 29, 2005 at 11:35:57AM -0400, Michael Clovis wrote:
> Oleg.. or anyone.
> Connecting with SSL and had this problem (SSLPeerUnverifiedException) with earlier class that extended HttpClient. Wrote teststub class with TestURL that works in browser for testing servlet..
> Googled and made sure we are not using Tomcat 4.1.13 or earlier (problem reported in 1.12 bugzilla).. using highest current release of tomcat Ver 4 ,Apache2 and OpenSSL. Here is the test stub...
>
> try{
> BasicConfigurator.configure();
> HttpClient client = new HttpClient();
> StrictSSLProtocolSocketFactory sf = new StrictSSLProtocolSocketFactory();
>
>
> Protocol stricthttps = new Protocol( "https", sf, 443);
> Protocol.registerProtocol("https",stricthttps);
>
> client.getHostConfiguration().setHost("192.168.45.114", 443, stricthttps);
>
>
> String test = "https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";
> PostMethod post = null;
>
>
> try {
> post = new PostMethod(test);
> } catch (Exception e) {
> e.printStackTrace();
> throw e;
> }
> post.setDoAuthentication(true);
> try {
> client.executeMethod(post);
> } catch (IOException e) {
> //e.printStackTrace();
> throw e;
> }
> String res = null;
> if(post!=null &&post.getStatusCode() >= 300){
> res = String.valueOf(post.getStatusCode());
> }
> else if(post!=null){
> Header headers[] = null;
> headers = post.getRequestHeaders();
> if(headers!=null&&headers.length>0){
> for (int i = 0; i < headers.length; i++) {
> System.out.println(headers[i].toExternalForm());
>
> }
> }
> res = new String(post.getResponseBodyAsString());
> }
> System.out.println(res);
> }catch(Exception e){
> e.printStackTrace();
> }
>
>
> Here is the wire and stack trace..
>
> D:\J2EE1.4SDK\jdk\bin\java -Didea.launcher.port=7532 -Didea.launcher.library=F:\IntelliJ-IDEA-4.5\bin\breakgen.dll -Dfile.encoding=windows-1252 -classpath D:\J2EE1.4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.jar com.intellij.rt.execution.application.AppMain TestPlain
> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java version: 1.4.2_02
> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: Sun Microsystems Inc.
> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java class path: D:\J2EE1.4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.jar
> 10 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system name: Windows NT
> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system architecture: x86
> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system version: 4.0
> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SUN 1.42: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJSSE 1.42: Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunRsaSign 1.42: SUN's provider for RSA signatures
> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJCE 1.42: SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJGSS 1.0: Sun (Kerberos v5)
> 560 [main] DEBUG org.apache.commons.httpclient.methods.GetMethod - enter GetMethod(String)
> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod(HttpMethod)
> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - HttpConnection.setSoTimeout(0)
> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.open()
> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.closeSockedAndStreams()
> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.releaseConnection()
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
> at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname(StrictSSLProtocolSocketFactory.java:253)
> at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket(StrictSSLProtocolSocketFactory.java:208)
> at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:683)
> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:662)
> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
> at TestPlain.main(TestPlain.java:65)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
> count = 0, total = 67
>
> Process finished with exit code 0
>
> Thanks for any insight
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
SSL with Certificate-SSLPeerUnverifiedException
Posted by Michael Clovis <mc...@mindbridge.com>.
Oleg.. or anyone.
Connecting with SSL and had this problem (SSLPeerUnverifiedException) with earlier class that extended HttpClient. Wrote teststub class with TestURL that works in browser for testing servlet..
Googled and made sure we are not using Tomcat 4.1.13 or earlier (problem reported in 1.12 bugzilla).. using highest current release of tomcat Ver 4 ,Apache2 and OpenSSL. Here is the test stub...
try{
BasicConfigurator.configure();
HttpClient client = new HttpClient();
StrictSSLProtocolSocketFactory sf = new StrictSSLProtocolSocketFactory();
Protocol stricthttps = new Protocol( "https", sf, 443);
Protocol.registerProtocol("https",stricthttps);
client.getHostConfiguration().setHost("192.168.45.114", 443, stricthttps);
String test = "https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";
PostMethod post = null;
try {
post = new PostMethod(test);
} catch (Exception e) {
e.printStackTrace();
throw e;
}
post.setDoAuthentication(true);
try {
client.executeMethod(post);
} catch (IOException e) {
//e.printStackTrace();
throw e;
}
String res = null;
if(post!=null &&post.getStatusCode() >= 300){
res = String.valueOf(post.getStatusCode());
}
else if(post!=null){
Header headers[] = null;
headers = post.getRequestHeaders();
if(headers!=null&&headers.length>0){
for (int i = 0; i < headers.length; i++) {
System.out.println(headers[i].toExternalForm());
}
}
res = new String(post.getResponseBodyAsString());
}
System.out.println(res);
}catch(Exception e){
e.printStackTrace();
}
Here is the wire and stack trace..
D:\J2EE1.4SDK\jdk\bin\java -Didea.launcher.port=7532 -Didea.launcher.library=F:\IntelliJ-IDEA-4.5\bin\breakgen.dll -Dfile.encoding=windows-1252 -classpath D:\J2EE1.4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.jar com.intellij.rt.execution.application.AppMain TestPlain
0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java version: 1.4.2_02
0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: Sun Microsystems Inc.
0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java class path: D:\J2EE1.4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.jar
10 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system name: Windows NT
20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system architecture: x86
20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system version: 4.0
390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SUN 1.42: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJSSE 1.42: Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunRsaSign 1.42: SUN's provider for RSA signatures
390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJCE 1.42: SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJGSS 1.0: Sun (Kerberos v5)
560 [main] DEBUG org.apache.commons.httpclient.methods.GetMethod - enter GetMethod(String)
560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod(HttpMethod)
560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - HttpConnection.setSoTimeout(0)
851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.open()
1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.closeSockedAndStreams()
1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.releaseConnection()
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname(StrictSSLProtocolSocketFactory.java:253)
at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket(StrictSSLProtocolSocketFactory.java:208)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:683)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:662)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
at TestPlain.main(TestPlain.java:65)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
count = 0, total = 67
Process finished with exit code 0
Thanks for any insight
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
SSL with Certificate-SSLPeerUnverifiedException
Posted by Michael Clovis <mc...@mindbridge.com>.
Oleg.. or anyone.
Connecting with SSL and had this problem (SSLPeerUnverifiedException) with earlier class that extended HttpClient. Wrote teststub class with TestURL that works in browser for testing servlet..
Googled and made sure we are not using Tomcat 4.1.13 or earlier (problem reported in 1.12 bugzilla).. using highest current release of tomcat Ver 4 ,Apache2 and OpenSSL. Here is the test stub...
try{
BasicConfigurator.configure();
HttpClient client = new HttpClient();
StrictSSLProtocolSocketFactory sf = new StrictSSLProtocolSocketFactory();
Protocol stricthttps = new Protocol( "https", sf, 443);
Protocol.registerProtocol("https",stricthttps);
client.getHostConfiguration().setHost("192.168.45.114", 443, stricthttps);
String test = "https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";
PostMethod post = null;
try {
post = new PostMethod(test);
} catch (Exception e) {
e.printStackTrace();
throw e;
}
post.setDoAuthentication(true);
try {
client.executeMethod(post);
} catch (IOException e) {
//e.printStackTrace();
throw e;
}
String res = null;
if(post!=null &&post.getStatusCode() >= 300){
res = String.valueOf(post.getStatusCode());
}
else if(post!=null){
Header headers[] = null;
headers = post.getRequestHeaders();
if(headers!=null&&headers.length>0){
for (int i = 0; i < headers.length; i++) {
System.out.println(headers[i].toExternalForm());
}
}
res = new String(post.getResponseBodyAsString());
}
System.out.println(res);
}catch(Exception e){
e.printStackTrace();
}
Here is the wire and stack trace..
D:\J2EE1.4SDK\jdk\bin\java -Didea.launcher.port=7532 -Didea.launcher.library=F:\IntelliJ-IDEA-4.5\bin\breakgen.dll -Dfile.encoding=windows-1252 -classpath D:\J2EE1.4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.jar com.intellij.rt.execution.application.AppMain TestPlain
0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java version: 1.4.2_02
0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: Sun Microsystems Inc.
0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java class path: D:\J2EE1.4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.jar
10 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system name: Windows NT
20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system architecture: x86
20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system version: 4.0
390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SUN 1.42: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJSSE 1.42: Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunRsaSign 1.42: SUN's provider for RSA signatures
390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJCE 1.42: SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJGSS 1.0: Sun (Kerberos v5)
560 [main] DEBUG org.apache.commons.httpclient.methods.GetMethod - enter GetMethod(String)
560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod(HttpMethod)
560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - HttpConnection.setSoTimeout(0)
851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.open()
1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.closeSockedAndStreams()
1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.releaseConnection()
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname(StrictSSLProtocolSocketFactory.java:253)
at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket(StrictSSLProtocolSocketFactory.java:208)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:683)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:662)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
at TestPlain.main(TestPlain.java:65)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
count = 0, total = 67
Process finished with exit code 0
Thanks for any insight
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Re: Re: SSL with Certificate
Posted by Michael Clovis <mc...@mindbridge.com>.
Oleg,
I pass in the host name and Servlet "constant" that maps to URI we use in server.xml.. but thanks to the "long - distance" proof reading of my code found what I think is the problem.. Programmer who worked for me had hardcoded using a stringBuffer http:// to beginning of server name.. inside of this class. my duh! Thanks for your help and all your great work! Will fix it and try some more.
---------- Original Message ----------
Date: 7/29/05
From: Oleg Kalnichevski <ol...@apache.org>
To: httpclient-user@jakarta.apache.org
Subject: Re: Re: SSL with Certificate
>Michael, what is the value of servletPath?
>
>Oleg
>
>
>On Fri, Jul 29, 2005 at 08:46:21AM -0400, Michael Clovis wrote:
>>
>> Oleg thanks in advance..
>>
>> This is from the class that extends HttpClient.. all methods prepare servlet request
>first like so..
>>
>>
>> public boolean authorizeIS(){
>> NameValuePair[] form_data = new NameValuePair[8];
>> form_data[0] = new NameValuePair("sourceid", SOURCE_ID); //APPLICATION ID
>> form_data[1] = new NameValuePair("destid", DEST_ID); //DEST ID
>> form_data[2] = new NameValuePair("requesttype",BULKLOADERSESSIONID_REQ); //TYPE
>OF REQUEST
>> form_data[3] = new NameValuePair("requestid", "111"); //ID OF THE REQUEST
>> form_data[4] = new NameValuePair("username",isUser); //USER ID
>> form_data[5] = new NameValuePair("password",isPass); //PASSWORD
>> form_data[6] = new NameValuePair("sent",Long.toString(System.currentTimeMillis()));
>> form_data[7] = new NameValuePair("ntlmlogin",ntlmlogin);
>>
>> StringBuffer servBuff = new StringBuffer(servletPath);
>> servBuff.append("?sourceid=").append(SOURCE_ID).append("&destid=").append(DEST_ID);
>> //System.out.println(servBuff.toString());
>>
>> ReqResult reqRes = this.sendRequest(servBuff.toString(), form_data, "Session");
>> if(reqRes == null){
>> System.out.println("Requested Result is null");
>> //writeErrLog("Request Result was null", SERVLET_ERR);
>> return false;
>> }
>>
>> System.out.println("Request result: " + reqRes.isAccepted());
>>
>> if(reqRes.isAccepted()){
>> this.sessionID = reqRes.getSessionId();
>> this.isAdmin = reqRes.isAdmin();
>> System.out.println("SESSION ID: " + this.sessionID);
>> System.out.println("UserAdmin: "+isAdmin);
>> }else{
>> writeErrLog(reqRes.getErrorMessage(),Integer.parseInt(reqRes.getErrorCode()));
>> return false;
>> }
>>
>> return true;
>> }
>>
>> ... sendRequest is where PostMethod is executed as follows...
>>
>>
>> protected ReqResult sendRequest(String host, NameValuePair[] data, String resultType)
>{
>> PostMethod post = new PostMethod(host);
>> post.addParameters(data);
>> try {
>> return sendRequest(post, resultType);
>> } catch (Exception e) {
>> this.writeErrException(e);
>> e.printStackTrace();
>> //throw e;
>> return null;
>> }
>>
>> }
>>
>> protected ReqResult sendRequest(ExpectContinueMethod post, String resultType){
>> ReqResult reqResult = null;
>> post.setDoAuthentication(true);
>> try{
>> this.executeMethod(post);
>>
>> //handle any errors that'll come down the pipe
>> if(post.getStatusCode() >= 300){
>> writeErrLog(post.getStatusLine().getReasonPhrase(), post.getStatusCode());
>> return null;
>> }
>>
>> String responseBody = new String(post.getResponseBodyAsString());
>> System.out.println(responseBody);
>> reqResult = new ReqResult(responseBody, resultType);
>>
>> }catch(HttpException hte){
>> this.writeErrException(hte);
>> hte.printStackTrace();
>> }catch(IOException ioe){
>> this.writeErrException(ioe);
>> ioe.printStackTrace();
>> }
>> catch(Exception e){
>> this.writeErrException(e);
>> e.printStackTrace();
>> }
>> return reqResult;
>> }
>>
>> I again appreciate in advance your insight!
>>
>>
>> ---------- Original Message ----------
>> Date: 7/29/05
>> From: Oleg Kalnichevski <ol...@apache.org>
>> To: httpclient-user@jakarta.apache.org
>> Subject: Re: SSL with Certificate
>>
>> >Michael,
>> >
>> >Could you please post a code snippet showing how the HttpMethod is
>> >instantiated and executed?
>> >
>> >Oleg
>> >
>> >
>> >On Thu, Jul 28, 2005 at 05:52:30PM -0400, Michael Clovis wrote:
>> >> I am maintaining an application that is using HTTPClient 2.0.2 and one clas=
>> >> s extends HttpClient in particular ( one reason for not upgrading to 3x). N=
>> >> eed to support SSL and have started to test code using self-signed certs. M=
>> >> ade sure through Apache the servlet the application accesses can not be acc=
>> >> essed other than through SSL and wire info reads that the header informatio=
>> >> n can be seen yet when method is sent to servlet get a 401. Furthermore doi=
>> >> ng tcpdumps reveal app never ran on port 443 but port 80. Am using simple p=
>> >> aradigm (as in example code) of :
>> >>
>> >> StrictSSLProtocolSocketFactory sf =3D new StrictSSLProtocolSocketFactory()=
>> >> ;
>> >> =20
>> >>
>> >> Protocol stricthttps =3D new Protocol( "https", sf, 443);
>> >> Protocol.registerProtocol("https",stricthttps);
>> >> // du is client instance du.getHostConfiguration().setHost(this.hostname.ge=
>> >> tText().trim(),443,stricthttps)
>> >>
>> >>
>> >
>> >---------------------------------------------------------------------
>> >To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> >For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Re: SSL with Certificate
Posted by Oleg Kalnichevski <ol...@apache.org>.
Michael, what is the value of servletPath?
Oleg
On Fri, Jul 29, 2005 at 08:46:21AM -0400, Michael Clovis wrote:
>
> Oleg thanks in advance..
>
> This is from the class that extends HttpClient.. all methods prepare servlet request first like so..
>
>
> public boolean authorizeIS(){
> NameValuePair[] form_data = new NameValuePair[8];
> form_data[0] = new NameValuePair("sourceid", SOURCE_ID); //APPLICATION ID
> form_data[1] = new NameValuePair("destid", DEST_ID); //DEST ID
> form_data[2] = new NameValuePair("requesttype",BULKLOADERSESSIONID_REQ); //TYPE OF REQUEST
> form_data[3] = new NameValuePair("requestid", "111"); //ID OF THE REQUEST
> form_data[4] = new NameValuePair("username",isUser); //USER ID
> form_data[5] = new NameValuePair("password",isPass); //PASSWORD
> form_data[6] = new NameValuePair("sent",Long.toString(System.currentTimeMillis()));
> form_data[7] = new NameValuePair("ntlmlogin",ntlmlogin);
>
> StringBuffer servBuff = new StringBuffer(servletPath);
> servBuff.append("?sourceid=").append(SOURCE_ID).append("&destid=").append(DEST_ID);
> //System.out.println(servBuff.toString());
>
> ReqResult reqRes = this.sendRequest(servBuff.toString(), form_data, "Session");
> if(reqRes == null){
> System.out.println("Requested Result is null");
> //writeErrLog("Request Result was null", SERVLET_ERR);
> return false;
> }
>
> System.out.println("Request result: " + reqRes.isAccepted());
>
> if(reqRes.isAccepted()){
> this.sessionID = reqRes.getSessionId();
> this.isAdmin = reqRes.isAdmin();
> System.out.println("SESSION ID: " + this.sessionID);
> System.out.println("UserAdmin: "+isAdmin);
> }else{
> writeErrLog(reqRes.getErrorMessage(),Integer.parseInt(reqRes.getErrorCode()));
> return false;
> }
>
> return true;
> }
>
> ... sendRequest is where PostMethod is executed as follows...
>
>
> protected ReqResult sendRequest(String host, NameValuePair[] data, String resultType){
> PostMethod post = new PostMethod(host);
> post.addParameters(data);
> try {
> return sendRequest(post, resultType);
> } catch (Exception e) {
> this.writeErrException(e);
> e.printStackTrace();
> //throw e;
> return null;
> }
>
> }
>
> protected ReqResult sendRequest(ExpectContinueMethod post, String resultType){
> ReqResult reqResult = null;
> post.setDoAuthentication(true);
> try{
> this.executeMethod(post);
>
> //handle any errors that'll come down the pipe
> if(post.getStatusCode() >= 300){
> writeErrLog(post.getStatusLine().getReasonPhrase(), post.getStatusCode());
> return null;
> }
>
> String responseBody = new String(post.getResponseBodyAsString());
> System.out.println(responseBody);
> reqResult = new ReqResult(responseBody, resultType);
>
> }catch(HttpException hte){
> this.writeErrException(hte);
> hte.printStackTrace();
> }catch(IOException ioe){
> this.writeErrException(ioe);
> ioe.printStackTrace();
> }
> catch(Exception e){
> this.writeErrException(e);
> e.printStackTrace();
> }
> return reqResult;
> }
>
> I again appreciate in advance your insight!
>
>
> ---------- Original Message ----------
> Date: 7/29/05
> From: Oleg Kalnichevski <ol...@apache.org>
> To: httpclient-user@jakarta.apache.org
> Subject: Re: SSL with Certificate
>
> >Michael,
> >
> >Could you please post a code snippet showing how the HttpMethod is
> >instantiated and executed?
> >
> >Oleg
> >
> >
> >On Thu, Jul 28, 2005 at 05:52:30PM -0400, Michael Clovis wrote:
> >> I am maintaining an application that is using HTTPClient 2.0.2 and one clas=
> >> s extends HttpClient in particular ( one reason for not upgrading to 3x). N=
> >> eed to support SSL and have started to test code using self-signed certs. M=
> >> ade sure through Apache the servlet the application accesses can not be acc=
> >> essed other than through SSL and wire info reads that the header informatio=
> >> n can be seen yet when method is sent to servlet get a 401. Furthermore doi=
> >> ng tcpdumps reveal app never ran on port 443 but port 80. Am using simple p=
> >> aradigm (as in example code) of :
> >>
> >> StrictSSLProtocolSocketFactory sf =3D new StrictSSLProtocolSocketFactory()=
> >> ;
> >> =20
> >>
> >> Protocol stricthttps =3D new Protocol( "https", sf, 443);
> >> Protocol.registerProtocol("https",stricthttps);
> >> // du is client instance du.getHostConfiguration().setHost(this.hostname.ge=
> >> tText().trim(),443,stricthttps)
> >>
> >>
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Re: SSL with Certificate
Posted by Michael Clovis <mc...@mindbridge.com>.
Oleg thanks in advance..
This is from the class that extends HttpClient.. all methods prepare servlet request first like so..
public boolean authorizeIS(){
NameValuePair[] form_data = new NameValuePair[8];
form_data[0] = new NameValuePair("sourceid", SOURCE_ID); //APPLICATION ID
form_data[1] = new NameValuePair("destid", DEST_ID); //DEST ID
form_data[2] = new NameValuePair("requesttype",BULKLOADERSESSIONID_REQ); //TYPE OF REQUEST
form_data[3] = new NameValuePair("requestid", "111"); //ID OF THE REQUEST
form_data[4] = new NameValuePair("username",isUser); //USER ID
form_data[5] = new NameValuePair("password",isPass); //PASSWORD
form_data[6] = new NameValuePair("sent",Long.toString(System.currentTimeMillis()));
form_data[7] = new NameValuePair("ntlmlogin",ntlmlogin);
StringBuffer servBuff = new StringBuffer(servletPath);
servBuff.append("?sourceid=").append(SOURCE_ID).append("&destid=").append(DEST_ID);
//System.out.println(servBuff.toString());
ReqResult reqRes = this.sendRequest(servBuff.toString(), form_data, "Session");
if(reqRes == null){
System.out.println("Requested Result is null");
//writeErrLog("Request Result was null", SERVLET_ERR);
return false;
}
System.out.println("Request result: " + reqRes.isAccepted());
if(reqRes.isAccepted()){
this.sessionID = reqRes.getSessionId();
this.isAdmin = reqRes.isAdmin();
System.out.println("SESSION ID: " + this.sessionID);
System.out.println("UserAdmin: "+isAdmin);
}else{
writeErrLog(reqRes.getErrorMessage(),Integer.parseInt(reqRes.getErrorCode()));
return false;
}
return true;
}
... sendRequest is where PostMethod is executed as follows...
protected ReqResult sendRequest(String host, NameValuePair[] data, String resultType){
PostMethod post = new PostMethod(host);
post.addParameters(data);
try {
return sendRequest(post, resultType);
} catch (Exception e) {
this.writeErrException(e);
e.printStackTrace();
//throw e;
return null;
}
}
protected ReqResult sendRequest(ExpectContinueMethod post, String resultType){
ReqResult reqResult = null;
post.setDoAuthentication(true);
try{
this.executeMethod(post);
//handle any errors that'll come down the pipe
if(post.getStatusCode() >= 300){
writeErrLog(post.getStatusLine().getReasonPhrase(), post.getStatusCode());
return null;
}
String responseBody = new String(post.getResponseBodyAsString());
System.out.println(responseBody);
reqResult = new ReqResult(responseBody, resultType);
}catch(HttpException hte){
this.writeErrException(hte);
hte.printStackTrace();
}catch(IOException ioe){
this.writeErrException(ioe);
ioe.printStackTrace();
}
catch(Exception e){
this.writeErrException(e);
e.printStackTrace();
}
return reqResult;
}
I again appreciate in advance your insight!
---------- Original Message ----------
Date: 7/29/05
From: Oleg Kalnichevski <ol...@apache.org>
To: httpclient-user@jakarta.apache.org
Subject: Re: SSL with Certificate
>Michael,
>
>Could you please post a code snippet showing how the HttpMethod is
>instantiated and executed?
>
>Oleg
>
>
>On Thu, Jul 28, 2005 at 05:52:30PM -0400, Michael Clovis wrote:
>> I am maintaining an application that is using HTTPClient 2.0.2 and one clas=
>> s extends HttpClient in particular ( one reason for not upgrading to 3x). N=
>> eed to support SSL and have started to test code using self-signed certs. M=
>> ade sure through Apache the servlet the application accesses can not be acc=
>> essed other than through SSL and wire info reads that the header informatio=
>> n can be seen yet when method is sent to servlet get a 401. Furthermore doi=
>> ng tcpdumps reveal app never ran on port 443 but port 80. Am using simple p=
>> aradigm (as in example code) of :
>>
>> StrictSSLProtocolSocketFactory sf =3D new StrictSSLProtocolSocketFactory()=
>> ;
>> =20
>>
>> Protocol stricthttps =3D new Protocol( "https", sf, 443);
>> Protocol.registerProtocol("https",stricthttps);
>> // du is client instance du.getHostConfiguration().setHost(this.hostname.ge=
>> tText().trim(),443,stricthttps)
>>
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL with Certificate
Posted by Oleg Kalnichevski <ol...@apache.org>.
Michael,
Could you please post a code snippet showing how the HttpMethod is
instantiated and executed?
Oleg
On Thu, Jul 28, 2005 at 05:52:30PM -0400, Michael Clovis wrote:
> I am maintaining an application that is using HTTPClient 2.0.2 and one clas=
> s extends HttpClient in particular ( one reason for not upgrading to 3x). N=
> eed to support SSL and have started to test code using self-signed certs. M=
> ade sure through Apache the servlet the application accesses can not be acc=
> essed other than through SSL and wire info reads that the header informatio=
> n can be seen yet when method is sent to servlet get a 401. Furthermore doi=
> ng tcpdumps reveal app never ran on port 443 but port 80. Am using simple p=
> aradigm (as in example code) of :
>
> StrictSSLProtocolSocketFactory sf =3D new StrictSSLProtocolSocketFactory()=
> ;
> =20
>
> Protocol stricthttps =3D new Protocol( "https", sf, 443);
> Protocol.registerProtocol("https",stricthttps);
> // du is client instance du.getHostConfiguration().setHost(this.hostname.ge=
> tText().trim(),443,stricthttps)
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org