hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Clovis <mclo...@mindbridge.com>
Subject Re: Re: Re: SSL with Certificate-SSLPeerUnverifiedException
Date Fri, 29 Jul 2005 18:18:32 GMT
Oleg,
 And this may be a configuration issue on the test machine...
The code is failing in the following place..
 X509Certificate[] certs = session.getPeerCertificateChain();


or if I try to establish a session on my own..
session.getPeerCertificates();

both with similar stacktraces..

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
	at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(DashoA6275)

this is PRIOR to verifying against any Collection, or store on the client as far as I can
see.

Any thoughts..




---------- Original Message ----------
Date: 7/29/05
From: Oleg Kalnichevski <olegk@apache.org>
To: httpclient-user@jakarta.apache.org
Subject: Re: Re: SSL with Certificate-SSLPeerUnverifiedException

>On Fri, Jul 29, 2005 at 12:15:27PM -0400, Michael Clovis wrote:
>> 
>> Oleg.. again thanks for help.. Had a version (2.0.2 compliant) of AuthSSLProtocolSocketFactory.

>This class seems to me that you would have to have the cert added to keystore using 
>keytool on each client machine.. 
>>
>
>Just create a keystore file of your own, ship it with your
>application as a regular resource accessible via a class loader, and
>live happily ever after
>
>
>> I was under impression that HttpClient did not venture into keystore area because

>there was no API to include certs into keystore. Had to use keytool.. 
>
>It does not. Strictly speaking one does not have to use keytool in order
>to import a private key or public certificate into a Keystore instance.
>This can be done using regular JCE classes at the runtime. However, I do
>not see a single compelling reason to do so, because you still have to
>store the cert or the key somewhere. So, why not storing them in a
>keystore file, which besides convenience also provides (some) security
>by optionally protecting the file with a pass phrase (password)?
>
>
>So.. (pardon my ignorance) but if I understood what needed to be done plus this is 
>a swing application that lives on anyone within a company's employ.. Confused..
>
>I hope this clarifies the matter somewhat
>
>Oleg
>
>
>
>> Thanks for your quick responses.
>> ---------- Original Message ----------
>> Date: 7/29/05
>> From: Oleg Kalnichevski <olegk@apache.org>
>> To: httpclient-user@jakarta.apache.org
>> Subject: Re: SSL with Certificate-SSLPeerUnverifiedException
>> 
>> >Michael,
>> >
>> >I suspect the SSL context has not been properly configured and a result
>> >the socket factory was unable to verify the identity of the target
>> >server. Please take a look at the AuthSSLProtocolSocketFactory below:
>> >
>> ><a <a href='href='http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/'target='_top'>http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/</a>'
target='_top'>href='http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/'target='_top'>http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/</a></a>
> 
>> >There are some guidelines in the javadocs as to how one can correctly 
>> >set up an SSL context with required trust managers and/ or key managers
>> >
>> >Oleg
>> >
>> >On Fri, Jul 29, 2005 at 11:35:57AM -0400, Michael Clovis wrote:
>> >> Oleg.. or anyone.
>> >> Connecting with SSL and had this problem (SSLPeerUnverifiedException) with
earlier 
>> >class that extended HttpClient. Wrote teststub class with TestURL that works
in 
>browser 
>> >for testing servlet..
>> >> Googled and made sure we are not using Tomcat 4.1.13 or earlier (problem
reported 
>> >in 1.12 bugzilla).. using highest current release of tomcat Ver 4 ,Apache2 and

>OpenSSL. 
>> >Here is the test stub...
>> >> 
>> >> try{
>> >> BasicConfigurator.configure();
>> >> HttpClient client = new HttpClient();
>> >> StrictSSLProtocolSocketFactory sf = new StrictSSLProtocolSocketFactory();
>> >> 
>> >> 
>> >> Protocol stricthttps = new Protocol( "https", sf, 443);
>> >> Protocol.registerProtocol("https",stricthttps);
>> >> 
>> >> client.getHostConfiguration().setHost("192.168.45.114", 443, stricthttps);
>> >> 
>> >> 
>> >> String test = <a <a href='href='"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";''
target='_top'>href='"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";'</a>

><a href='target='_top'>"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";</a>'
target='_top'>target='_top'>"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";</a></a>
>> >> PostMethod post = null;
>> >> 
>> >> 
>> >> try {
>> >> post = new PostMethod(test);
>> >> } catch (Exception e) {
>> >> e.printStackTrace();
>> >> throw e;
>> >> }
>> >> post.setDoAuthentication(true);
>> >> try {
>> >> client.executeMethod(post);
>> >> } catch (IOException e) {
>> >> //e.printStackTrace();
>> >> throw e;
>> >> }
>> >> String res = null;
>> >> if(post!=null &&post.getStatusCode() >= 300){
>> >> res = String.valueOf(post.getStatusCode());
>> >> }
>> >> else if(post!=null){
>> >> Header headers[] = null;
>> >> headers = post.getRequestHeaders();
>> >> if(headers!=null&&headers.length>0){
>> >> for (int i = 0; i < headers.length; i++) {
>> >> System.out.println(headers[i].toExternalForm());
>> >> 
>> >> }
>> >> }
>> >> res = new String(post.getResponseBodyAsString());
>> >> }
>> >> System.out.println(res);
>> >> }catch(Exception e){
>> >> e.printStackTrace();
>> >> }
>> >> 
>> >> 
>> >> Here is the wire and stack trace..
>> >> 
>> >> D:\J2EE1.4SDK\jdk\bin\java -Didea.launcher.port=7532 -Didea.launcher.library=F:
>> >\IntelliJ-IDEA-4.5\bin\breakgen.dll -Dfile.encoding=windows-1252 -classpath D:
>\J2EE1.
>> >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
>> >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;
>D:
>> >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
>> >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:
>\J2EE1.
>> >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;
>D:\J2EE1.
>> >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
>> >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
>> >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
>> >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.
>jar;
>> >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.
>4SDK\jdk\lib\htmlconverter_g.
>> >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.
>4SDK\jdk\lib\jax-
>> >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
>> >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
>> >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
>> >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.
>jar;
>> >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:
>\J2EE1.
>> >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0
>_02\common\lib\servlet.
>> >jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.
>jar;
>> >D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.
>jar;
>> >D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp.
>> >jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds-
>> >0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8.
>> >jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:
>\SystemTray\systray.
>> >jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient-
>> >2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging-
>> >api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer.
>> >jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1
>\junit.
>> >jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.
>jar;
>> >S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0.
>> >jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:
>\Mindbridge\lib\jcifs-
>> >0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.
>jar;
>> >S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI-
>> >dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces-
>> >2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt.
>> >jar com.intellij.rt.execution.application.AppMain TestPlain
>> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java version:
1.4.2
>_02
>> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: Sun
Microsystems 
>> >Inc.
>> >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java class path:
D:
>\J2EE1.
>> >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse.
>> >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;
>D:
>> >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1.
>> >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider.
>> >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:
>\J2EE1.
>> >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;
>D:\J2EE1.
>> >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv-
>> >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags.
>> >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher.
>> >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.
>jar;
>> >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.
>4SDK\jdk\lib\htmlconverter_g.
>> >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.
>4SDK\jdk\lib\jax-
>> >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar;
>> >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype.
>> >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1.
>> >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib.
>> >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.
>jar;
>> >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:
>\J2EE1.
>> >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0
Mime
View raw message