hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Higgins" <billh...@gmail.com>
Subject using SSL in a development environment
Date Fri, 15 Aug 2008 16:21:55 GMT 
Hi I'm working in a development environment where our servers use
self-signed certificates. I want to use HttpClient 4 to connect to these
servers and basically ignore any security errors that come back. I was
hoping I could use org.apache.http.conn.ssl.SSLSocketFactory to do this by
using SSLSocketFactory's ALLOW_ALL_HOSTNAME_VERIFIER verifier, but it failed
with a javax.net.ssl.SSLPeerUnverifiedException with message "peer not
authenticated".

A colleague suggested that I need to create my own implementation of
LayeredSocketFactory, e.g. "TrustingSSLSocketFactory", but I was hoping
there was a way to get SSLSocketFactory to work for me, if I could configure
it the right way. Here is the code I am currently using. Please let me know
if there's something simple I can change to use SSLSocketFactory in my
development environment with servers with self-signed certs.

PS - I'm using HttpCore 4.0 Beta 2 and HttpClient 4.0 Alpha 4.

public class ProxyHandler implements HttpRequestHandler {

    private final HttpClient httpClient;
    private final HttpHost target;

    public ProxyHandler() {
        HttpParams params = new BasicHttpParams();
        HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
        HttpProtocolParams.setContentCharset(params, "UTF-8");
        HttpProtocolParams.setUseExpectContinue(params, true);

        SchemeRegistry schemeRegistry = new SchemeRegistry();

        try {
            SSLSocketFactory socketFactory = new SSLSocketFactory(null);

socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            schemeRegistry.register(new Scheme("https", socketFactory,
9443));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }

        ClientConnectionManager ccm = new
ThreadSafeClientConnManager(params, schemeRegistry);
        httpClient = new DefaultHttpClient(ccm, params);

        target = new HttpHost("localhost", 9443, "https");
    }

    public void handle(HttpRequest request, HttpResponse response,
            HttpContext context) throws HttpException, IOException {

        HttpRequest proxyRequest = new BasicHttpRequest("GET",
"/my/resource", HttpVersion.HTTP_1_1);

        HttpEntity proxyEntity = null;
        BasicHttpEntity outEntity = new BasicHttpEntity();
        try {
            HttpResponse proxyResponse = httpClient.execute(target,
proxyRequest);
            proxyEntity = proxyResponse.getEntity();
            outEntity.setContent(proxyEntity.getContent());
        } finally {
            if(proxyEntity != null) {
                proxyEntity.consumeContent();
            }
        }
    }
}
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message