You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Sushil Prusty <su...@gmail.com> on 2014/05/05 18:51:52 UTC
How can i provide clientauth required info in HttpURLConnection
Hi all
I have below code which will always throws exception while i am trying to
connect because my ClientAuth is true in server.xml of
apach/conf.Server.xml.
How can i provide clientauth info to below code using Apache api.
URL testURL = new URL("https://localhost: 443/app/AppAction.do");
HttpURLConnection conn = (HttpURLConnection) testURL.openConnection();
conn.setRequestMethod("HEAD");
conn.setInstanceFollowRedirects(false);
conn.connect();
Thanks to all in advance.
Re: How can i provide clientauth required info in HttpURLConnection
Posted by Mark Thomas <ma...@apache.org>.
On 05/05/2014 21:07, Cheong, Sandy wrote:
> Hi Christopher:
1. Please do not hijack threads.
> Please note I am trying to get a contact number for Customer
> Support at Apache with regards to the Tom Cat product.
You *REALLY* need to read this:
http://www.apache.org/foundation/how-it-works.html
> I would like to review your End User License Agreement (Click
> Through). Can you please point me to the correct person or contact
> number for this request?
Read the above and the answer to your question should be clear. If it
isn't, start a new thread to ask for help.
Mark
>
> Thank you in advance for your kind assistance.
>
> Best regards, Sandy Cheong
>
> -----Original Message----- From: Christopher Schultz
> [mailto:chris@christopherschultz.net] Sent: Monday, May 05, 2014
> 3:59 PM To: Tomcat Users List Subject: Re: How can i provide
> clientauth required info in HttpURLConnection
>
> Sushil,
>
> Please don't top-post. I've re-formatted your message with your
> reply below.
>
> On 5/5/14, 2:38 PM, Sushil Prusty wrote:
>> On Mon, May 5, 2014 at 10:32 PM, Christopher Schultz <
>> chris@christopherschultz.net> wrote:
>
>> Sushil,
>
>> On 5/5/14, 12:51 PM, Sushil Prusty wrote:
>>>>> I have below code which will always throws exception while
>>>>> i am trying to connect because my ClientAuth is true in
>>>>> server.xml of apach/conf.Server.xml. How can i provide
>>>>> clientauth info to below code using Apache api.
>>>>>
>>>>> URL testURL = new URL("https://localhost:
>>>>> 443/app/AppAction.do"); HttpURLConnection conn =
>>>>> (HttpURLConnection) testURL.openConnection();
>>>>> conn.setRequestMethod("HEAD");
>>>>> conn.setInstanceFollowRedirects(false); conn.connect();
>>>
>>> What kind of client auth do you want to provide?
>
>> It's a trustore certificate.
>
> So you need to make a connection to a secure server with a client
> certificate?
>
> It's a bit verbose, but you have to do the following. I have
> copy/pasted this from some code I adapted from Tomcat's sources. I
> have removed all of the exception handling and utility methods I
> used because otherwise it would be quite long and might not be
> convenient to read / understand. It may be missing a few features
> such as using non-default crypto providers, etc.
>
>
> import javax.net.ssl.SSLContext;
>
> ...
>
> // Load trust store (which is a KeyStore) KeyStore trustStore =
> KeyStore.getInstance(trustStoreType); InputStream in = new
> FileInputStream(sturstStoreFilename); trustStore.load(in,
> storePassword.toCharArray());
>
> TrustManagerFactory tmf =
>
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
>
>
if (null == crlFilename) // Certificate Revocation List
> { tmf.init(trustStore); } else { CertPathParameters params =
> getParameters(trustStoreAlgorithm, crlFilename,
> maxCertificatePathLength, trustStore);
>
> ManagerFactoryParameters mfp = new
> CertPathTrustManagerParameters(params);
>
> tmf.init(mfp); }
>
> SSLContext sc = SSLContext.getInstance(protocol);
>
> sc.init(null, tmf.getTrustManagers(), new
> java.security.SecureRandom());
>
> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
>
> Once you've done that, you can make a connection using the code
> you already had above.
>
> Hope that helps, -chris
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ######################################################################
>
>
The information contained in this communication is confidential and
> may contain information that is privileged or exempt from
> disclosure under applicable law. If you are not a named addressee,
> please notify the sender immediately and delete this email from
> your system. If you have received this communication, and are not a
> named recipient, you are hereby notified that any dissemination,
> distribution or copying of this communication is strictly
> prohibited.
> ######################################################################
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: How can i provide clientauth required info in HttpURLConnection
Posted by "Cheong, Sandy" <Sa...@mlp.com>.
Hi Christopher:
Please note I am trying to get a contact number for Customer Support at Apache with regards to the Tom Cat product. I would like to review your End User License Agreement (Click Through). Can you please point me to the correct person or contact number for this request?
Thank you in advance for your kind assistance.
Best regards,
Sandy Cheong
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Monday, May 05, 2014 3:59 PM
To: Tomcat Users List
Subject: Re: How can i provide clientauth required info in HttpURLConnection
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sushil,
Please don't top-post. I've re-formatted your message with your reply below.
On 5/5/14, 2:38 PM, Sushil Prusty wrote:
> On Mon, May 5, 2014 at 10:32 PM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
> Sushil,
>
> On 5/5/14, 12:51 PM, Sushil Prusty wrote:
>>>> I have below code which will always throws exception while i am
>>>> trying to connect because my ClientAuth is true in server.xml of
>>>> apach/conf.Server.xml. How can i provide clientauth info to below
>>>> code using Apache api.
>>>>
>>>> URL testURL = new URL("https://localhost:
>>>> 443/app/AppAction.do"); HttpURLConnection conn =
>>>> (HttpURLConnection) testURL.openConnection();
>>>> conn.setRequestMethod("HEAD");
>>>> conn.setInstanceFollowRedirects(false); conn.connect();
>>
>> What kind of client auth do you want to provide?
>
> It's a trustore certificate.
So you need to make a connection to a secure server with a client certificate?
It's a bit verbose, but you have to do the following. I have copy/pasted this from some code I adapted from Tomcat's sources. I have removed all of the exception handling and utility methods I used because otherwise it would be quite long and might not be convenient to read / understand. It may be missing a few features such as using non-default crypto providers, etc.
import javax.net.ssl.SSLContext;
...
// Load trust store (which is a KeyStore)
KeyStore trustStore = KeyStore.getInstance(trustStoreType);
InputStream in = new FileInputStream(sturstStoreFilename);
trustStore.load(in, storePassword.toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
if (null == crlFilename) // Certificate Revocation List
{
tmf.init(trustStore);
}
else
{
CertPathParameters params =
getParameters(trustStoreAlgorithm,
crlFilename,
maxCertificatePathLength,
trustStore);
ManagerFactoryParameters mfp =
new CertPathTrustManagerParameters(params);
tmf.init(mfp);
}
SSLContext sc = SSLContext.getInstance(protocol);
sc.init(null,
tmf.getTrustManagers(),
new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
Once you've done that, you can make a connection using the code you already had above.
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJTZ+2ZAAoJEBzwKT+lPKRYuNYQALw9W8hR3tCdiqixvIcmsZHm
bPd97Q+FaNSOB0jAf5eqTDSjw4xHuv/u2frLU+q/0NHpUG3s5koBJQVpC7CXrRZX
B8dSykIZCQSP2Qd0KVyb0HeWXs/OJt8G4/aftWM/1Qw5/0xIa0GuHXx3qOSL++io
uZFVHiPKorCF8cmmgwE0iM8YjOX2OpOh+j8kQeNV33vPik0kW7m/3V1T+LNsRbQv
XitvI+mng0twJU3B185jkuNdBJP0B830669horJCsKzKuWmxvtafIYecQ334D9RJ
AGLX0jq6hanNdgBcta9hCiVZhrphz589gwbFV9IZEIRmm4xR//YOMEVssD1kWAK5
xL8N1uJ+kHSCypE8TCvEfyq4bNehsrd7KCZNeut5abD18XhkGn4JnEuKAq1FWVM/
9REf39jC56V7tIINp0pxmeFDIPIYcM5wlpJIO20VgS//QnTL+/kTaa1s4Il+do22
fhwWmC2BzIGg4rUIyQbn9PtFOBwJMUC8errylRAEoUGa65ZkLwilKUE8N0/esZkI
SErE6p99l/qzSxbs24yRQJveJadR67gKpn2uclhivu0q+d9wy7Try6Wvg5tmOe9y
jlh6Gs5zDtie+sMVcR+BucOtxAP/62Nz5tuOIzodiPiDzmDIaFj9UZ0cUFCak+jw
w0TgZ7vlcRAewLAjrjSt
=x7vJ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
######################################################################
The information contained in this communication is confidential and
may contain information that is privileged or exempt from disclosure
under applicable law. If you are not a named addressee, please notify
the sender immediately and delete this email from your system.
If you have received this communication, and are not a named
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
######################################################################
Re: How can i provide clientauth required info in HttpURLConnection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sushil,
Please don't top-post. I've re-formatted your message with your reply
below.
On 5/5/14, 2:38 PM, Sushil Prusty wrote:
> On Mon, May 5, 2014 at 10:32 PM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
> Sushil,
>
> On 5/5/14, 12:51 PM, Sushil Prusty wrote:
>>>> I have below code which will always throws exception while i
>>>> am trying to connect because my ClientAuth is true in
>>>> server.xml of apach/conf.Server.xml. How can i provide
>>>> clientauth info to below code using Apache api.
>>>>
>>>> URL testURL = new URL("https://localhost:
>>>> 443/app/AppAction.do"); HttpURLConnection conn =
>>>> (HttpURLConnection) testURL.openConnection();
>>>> conn.setRequestMethod("HEAD");
>>>> conn.setInstanceFollowRedirects(false); conn.connect();
>>
>> What kind of client auth do you want to provide?
>
> It's a trustore certificate.
So you need to make a connection to a secure server with a client
certificate?
It's a bit verbose, but you have to do the following. I have
copy/pasted this from some code I adapted from Tomcat's sources. I
have removed all of the exception handling and utility methods I used
because otherwise it would be quite long and might not be convenient
to read / understand. It may be missing a few features such as using
non-default crypto providers, etc.
import javax.net.ssl.SSLContext;
...
// Load trust store (which is a KeyStore)
KeyStore trustStore = KeyStore.getInstance(trustStoreType);
InputStream in = new FileInputStream(sturstStoreFilename);
trustStore.load(in, storePassword.toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
if (null == crlFilename) // Certificate Revocation List
{
tmf.init(trustStore);
}
else
{
CertPathParameters params =
getParameters(trustStoreAlgorithm,
crlFilename,
maxCertificatePathLength,
trustStore);
ManagerFactoryParameters mfp =
new CertPathTrustManagerParameters(params);
tmf.init(mfp);
}
SSLContext sc = SSLContext.getInstance(protocol);
sc.init(null,
tmf.getTrustManagers(),
new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
Once you've done that, you can make a connection using the code you
already had above.
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJTZ+2ZAAoJEBzwKT+lPKRYuNYQALw9W8hR3tCdiqixvIcmsZHm
bPd97Q+FaNSOB0jAf5eqTDSjw4xHuv/u2frLU+q/0NHpUG3s5koBJQVpC7CXrRZX
B8dSykIZCQSP2Qd0KVyb0HeWXs/OJt8G4/aftWM/1Qw5/0xIa0GuHXx3qOSL++io
uZFVHiPKorCF8cmmgwE0iM8YjOX2OpOh+j8kQeNV33vPik0kW7m/3V1T+LNsRbQv
XitvI+mng0twJU3B185jkuNdBJP0B830669horJCsKzKuWmxvtafIYecQ334D9RJ
AGLX0jq6hanNdgBcta9hCiVZhrphz589gwbFV9IZEIRmm4xR//YOMEVssD1kWAK5
xL8N1uJ+kHSCypE8TCvEfyq4bNehsrd7KCZNeut5abD18XhkGn4JnEuKAq1FWVM/
9REf39jC56V7tIINp0pxmeFDIPIYcM5wlpJIO20VgS//QnTL+/kTaa1s4Il+do22
fhwWmC2BzIGg4rUIyQbn9PtFOBwJMUC8errylRAEoUGa65ZkLwilKUE8N0/esZkI
SErE6p99l/qzSxbs24yRQJveJadR67gKpn2uclhivu0q+d9wy7Try6Wvg5tmOe9y
jlh6Gs5zDtie+sMVcR+BucOtxAP/62Nz5tuOIzodiPiDzmDIaFj9UZ0cUFCak+jw
w0TgZ7vlcRAewLAjrjSt
=x7vJ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How can i provide clientauth required info in HttpURLConnection
Posted by Sushil Prusty <su...@gmail.com>.
It's a trustore certificate.
On Mon, May 5, 2014 at 10:32 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Sushil,
>
> On 5/5/14, 12:51 PM, Sushil Prusty wrote:
> > I have below code which will always throws exception while i am
> > trying to connect because my ClientAuth is true in server.xml of
> > apach/conf.Server.xml. How can i provide clientauth info to below
> > code using Apache api.
> >
> > URL testURL = new URL("https://localhost: 443/app/AppAction.do");
> > HttpURLConnection conn = (HttpURLConnection)
> > testURL.openConnection(); conn.setRequestMethod("HEAD");
> > conn.setInstanceFollowRedirects(false); conn.connect();
>
> What kind of client auth do you want to provide?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTZ8QeAAoJEBzwKT+lPKRYdrcP/AxTn2DM1Ny7Y5YSl+ZJy+DM
> y6sOxoCwxzXZ/PQhTbIZdP+wqA/VUWTvTCgVlIGpsElKG9oK6+sWxany/lFwSRWv
> ffEh7NppFflN9Vq/XZlrhL7EyyJTC5b9lYK/5yfI3FENbUdOEzrNnzZ8tZRXFZm9
> SvfGxoRu1YWiZM6H2B7hGccF3guO0U+tz8I194TRIH74eet4Q/sl8abqqDUv/HCH
> frvX1slZx3xctyhnL4m0m8nSRIPsKfBd3p1qGUG1pcfOLl0UGQXXzPrzfXeoPybR
> DPAfcrVhV6tdN8CW61M1sP7Djy3zvHriFjcWWeaxeGrOsMaiTEe4UBtwuGz+lRwC
> znPicOUcTM8m+F4j2Je7ky5HnY5vIs7rTNz7AR/p4BfRjh6udoS7DugaJwa9kKiN
> 4iNAZxFGUoAqUqlvbtMjgLeiGlwfLU2Zwiv+rk+sGMSwGSMSHClXNw5AuSS+p02c
> pet4zbDu6eKAgOP0e93LgJsJGAu/Qk5FEXX9IQ5SEykD04hPZ/AX67hl5z7HLR67
> ndtu8ih9slrYhgxoFcjiybT05WikrlXtpxBzTo0fOtN2kWjP0eSY6H4q9vY5d8pr
> 6Pzd2BHITeNy9HVsUEEF+GFXcsrXkrYaXTviHaADuhLf5TEAZ2XWtraL4DYCq+lu
> qPuyTKlBNShCZdW3sVmU
> =EXqd
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: How can i provide clientauth required info in HttpURLConnection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sushil,
On 5/5/14, 12:51 PM, Sushil Prusty wrote:
> I have below code which will always throws exception while i am
> trying to connect because my ClientAuth is true in server.xml of
> apach/conf.Server.xml. How can i provide clientauth info to below
> code using Apache api.
>
> URL testURL = new URL("https://localhost: 443/app/AppAction.do");
> HttpURLConnection conn = (HttpURLConnection)
> testURL.openConnection(); conn.setRequestMethod("HEAD");
> conn.setInstanceFollowRedirects(false); conn.connect();
What kind of client auth do you want to provide?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJTZ8QeAAoJEBzwKT+lPKRYdrcP/AxTn2DM1Ny7Y5YSl+ZJy+DM
y6sOxoCwxzXZ/PQhTbIZdP+wqA/VUWTvTCgVlIGpsElKG9oK6+sWxany/lFwSRWv
ffEh7NppFflN9Vq/XZlrhL7EyyJTC5b9lYK/5yfI3FENbUdOEzrNnzZ8tZRXFZm9
SvfGxoRu1YWiZM6H2B7hGccF3guO0U+tz8I194TRIH74eet4Q/sl8abqqDUv/HCH
frvX1slZx3xctyhnL4m0m8nSRIPsKfBd3p1qGUG1pcfOLl0UGQXXzPrzfXeoPybR
DPAfcrVhV6tdN8CW61M1sP7Djy3zvHriFjcWWeaxeGrOsMaiTEe4UBtwuGz+lRwC
znPicOUcTM8m+F4j2Je7ky5HnY5vIs7rTNz7AR/p4BfRjh6udoS7DugaJwa9kKiN
4iNAZxFGUoAqUqlvbtMjgLeiGlwfLU2Zwiv+rk+sGMSwGSMSHClXNw5AuSS+p02c
pet4zbDu6eKAgOP0e93LgJsJGAu/Qk5FEXX9IQ5SEykD04hPZ/AX67hl5z7HLR67
ndtu8ih9slrYhgxoFcjiybT05WikrlXtpxBzTo0fOtN2kWjP0eSY6H4q9vY5d8pr
6Pzd2BHITeNy9HVsUEEF+GFXcsrXkrYaXTviHaADuhLf5TEAZ2XWtraL4DYCq+lu
qPuyTKlBNShCZdW3sVmU
=EXqd
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org