hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Clovis <mclo...@mindbridge.com>
Subject Re: Re: SSL with Certificate-SSLPeerUnverifiedException
Date Fri, 29 Jul 2005 16:15:27 GMT

Oleg.. again thanks for help.. Had a version (2.0.2 compliant) of AuthSSLProtocolSocketFactory.
This class seems to me that you would have to have the cert added to keystore using keytool
on each client machine.. 

I was under impression that HttpClient did not venture into keystore area because there was
no API to include certs into keystore. Had to use keytool.. So.. (pardon my ignorance) but
if I understood what needed to be done plus this is a swing application that lives on anyone
within a company's employ.. Confused..
Thanks for your quick responses.
---------- Original Message ----------
Date: 7/29/05
From: Oleg Kalnichevski <olegk@apache.org>
To: httpclient-user@jakarta.apache.org
Subject: Re: SSL with Certificate-SSLPeerUnverifiedException

>Michael,
>
>I suspect the SSL context has not been properly configured and a result
>the socket factory was unable to verify the identity of the target
>server. Please take a look at the AuthSSLProtocolSocketFactory below:
>
><a href='http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/'
target='_top'>http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/</a>

>There are some guidelines in the javadocs as to how one can correctly 
>set up an SSL context with required trust managers and/ or key managers
>
>Oleg
>
>On Fri, Jul 29, 2005 at 11:35:57AM -0400, Michael Clovis wrote:
>> Oleg.. or anyone.
>> Connecting with SSL and had this problem (SSLPeerUnverifiedException) with earlier

>class that extended HttpClient. Wrote teststub class with TestURL that works in browser

>for testing servlet..
>> Googled and made sure we are not using Tomcat 4.1.13 or earlier (problem reported

>in 1.12 bugzilla).. using highest current release of tomcat Ver 4 ,Apache2 and OpenSSL.

>Here is the test stub...
>> 
>> try{
>> BasicConfigurator.configure();
>> HttpClient client = new HttpClient();
>> StrictSSLProtocolSocketFactory sf = new StrictSSLProtocolSocketFactory();
>> 
>> 
>> Protocol stricthttps = new Protocol( "https", sf, 443);
>> Protocol.registerProtocol("https",stricthttps);
>> 
>> client.getHostConfiguration().setHost("192.168.45.114", 443, stricthttps);
>> 
>> 
>> String test = <a href='"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";'
target='_top'>"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";</a>
>> PostMethod post = null;
>> 
>> 
>> try {
>> post = new PostMethod(test);
>> } catch (Exception e) {
>> e.printStackTrace();
>> throw e;
>> }
>> post.setDoAuthentication(true);
>> try {
>> client.executeMethod(post);
>> } catch (IOException e) {
>> //e.printStackTrace();
>> throw e;
>> }
>> String res = null;
>> if(post!=null &&post.getStatusCode() >= 300){
>> res = String.valueOf(post.getStatusCode());
>> }
>> else if(post!=null){
>> Header headers[] = null;
>> headers = post.getRequestHeaders();
>> if(headers!=null&&headers.length>0){
>> for (int i = 0; i < headers.length; i++) {
>> System.out.println(headers[i].toExternalForm());
>> 
>> }
>> }
>> res = new String(post.getResponseBodyAsString());
>> }
>> System.out.println(res);
>> }catch(Exception e){
>> e.printStackTrace();
>> }
>> 
>> 
>> Here is the wire and stack trace..
>> 
>> D:\J2EE1.4SDK\jdk\bin\java -Didea.launcher.port=7532 -Didea.launcher.library=F:
>\IntelliJ-IDEA-4.5\bin\breakgen.dll -Dfile.encoding=windows-1252 -classpath D:\J2EE1.
>4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
>jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:
>\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
>4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
>4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
>jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.
>4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.
>4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
>jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
>jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
>jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;
>D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.
>jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-
>qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
>D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
>4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
>jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
>4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
>jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;
>D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.
>4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.
>jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;
>D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;
>D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.
>jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-
>0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.
>jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.
>jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-
>2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-
>api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.
>jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.
>jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;
>S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.
>jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-
>0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;
>S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-
>dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-
>2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.
>jar com.intellij.rt.execution.application.AppMain TestPlain
>> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java version: 1.4.2_02
>> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: Sun Microsystems

>Inc.
>> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java class path: D:\J2EE1.
>4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
>jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D:
>\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
>4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
>4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
>jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1.
>4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1.
>4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
>jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
>jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
>jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar;
>D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g.
>jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax-
>qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
>D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
>4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
>jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
>4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
>jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar;
>D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1.
>4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet.
>jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar;
>D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar;
>D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.
>jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-
>0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.
>jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray.
>jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-
>2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-
>api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.
>jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit.
>jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar;
>S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.
>jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs-
>0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar;
>S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-
>dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-
>2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.
>jar
>> 10 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system name:

>Windows NT
>> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system architecture:

>x86
>> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system version:

>4.0
>> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SUN 1.42: SUN (DSA 
>key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates;

>JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
>> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJSSE 1.42: Sun JSSE

>provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
>> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunRsaSign 1.42: SUN's

>provider for RSA signatures
>> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJCE 1.42: SunJCE 
>Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, 
>HMAC-SHA1)
>> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJGSS 1.0: Sun (Kerberos

>v5)
>> 560 [main] DEBUG org.apache.commons.httpclient.methods.GetMethod - enter GetMethod
>(String)
>> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod
>(HttpMethod)
>> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod
>(HostConfiguration,HttpMethod,HttpState)
>> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - HttpConnection.
>setSoTimeout(0)
>> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
>open()
>> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
>closeSockedAndStreams()
>> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter HttpConnection.
>releaseConnection()
>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>> 	at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
>> 	at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname
>(StrictSSLProtocolSocketFactory.java:253)
>> 	at mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket
>(StrictSSLProtocolSocketFactory.java:208)
>> 	at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:683)
>> 	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:662)
>> 	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
>> 	at TestPlain.main(TestPlain.java:65)
>> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.
>java:25)
>> 	at java.lang.reflect.Method.invoke(Method.java:324)
>> 	at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
>> count = 0, total = 67
>> 
>> Process finished with exit code 0
>> 
>> Thanks for any insight
>> 
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>> 
>> 
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message