hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Knooihuisen <m...@simplysolutionscoding.com>
Subject Re: Peer Not Authenticated exception when connecting over https
Date Thu, 19 Jul 2012 01:43:16 GMT
Finally figured it out.  I had not been setting the proper System
Properties for the key/truststores.
I had originally set them for the HttpsURLConnection, but found it did
not need them.  When switching to HC it never occurred to me I should
try using them again.

Best
Mike

On Wed, Jul 18, 2012 at 7:17 PM, Mike Knooihuisen
<mike@simplysolutionscoding.com> wrote:
> Hi All,
>
> I have an Apache HTTPS server which requires client authentications.
> I receive the exception "javax.net.ssl.SSLPeerUnverifiedException:
> peer not authenticated" when using the following code to perform the
> authentication.  The same trust/keystores that are used in my example
> work perfectly with the Java builtin HttpsURLConnection class, but
> fails with HttpComponents.  Thank you in advance for the help!
>
> Best,
> Mike
>
> Syntax Highlighted Version:
> http://pastie.org/4279713
>
> Plain Text Version (Without Import Statements:
>
> public class SSLConnect {
>
>         static final String KSPASS = "password_here";
>
>         private final String URL =
> "https://appa.simplysolutionscoding.com/index.php";
>         private ArrayList<NameValuePair> nvps;
>         private DefaultHttpClient dhc;
>
>         public SSLConnect() {
>                 nvps = null;
>                 dhc = null;
>
>                 // setup truststore
>                 try {
>                         HttpParams params = new BasicHttpParams();
>
>                         InputStream tstream = new
> FileInputStream("mike.keystore");
>                         KeyStore trustStore = KeyStore.getInstance(KeyStore
>                                         .getDefaultType());
>                         trustStore.load(tstream, "test12".toCharArray());
>
>                         TrustManagerFactory trustFactory = TrustManagerFactory
>
> .getInstance(TrustManagerFactory.getDefaultAlgorithm());
>                         trustFactory.init(trustStore);
>
>                         KeyManagerFactory keyFactory = KeyManagerFactory
>                                         .getInstance("SunX509");
>                         InputStream keyInput = new FileInputStream("mike.jks");
>                         KeyStore keystore = KeyStore.getInstance("JKS");
>                         keystore.load(keyInput, KSPASS.toCharArray());
>
>                         // trustStore.load(keyInput, KSPASS.toCharArray());
>
>                         keyFactory.init(trustStore, KSPASS.toCharArray());
>
>                         SSLSocketFactory ssl = new
> SSLSocketFactory(trustStore, KSPASS,
>                                         keystore);
>
>
> params.setParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 1000L);
>
>                         SchemeRegistry sr = new SchemeRegistry();
>                         Scheme https = new Scheme("https", 443, ssl);
>                         sr.register(https);
>
>                         // Create Connection Manager that takes care
> of the connections
>                         // created by the client
>                         ClientConnectionManager httpConnectionManager = new
> PoolingClientConnectionManager(sr);
>
>                         dhc = new DefaultHttpClient(httpConnectionManager);
>                         // ssl.connectSocket(socket, remote, null, params);
>
>                         System.setProperty("javax.net.debug", "all");
>
>                 } catch (Exception ex) {
>                         ex.printStackTrace();
>                 }
>
>         }
>
>         /**
>          * Sends the specified command to the server and returns the
> server's parsed
>          * XML reply
>          *
>          * @param args
>          *            a <Hashtable> of parameters to send to the server
>          * @return an XML parsed <Document>
>          */
>         public Document sendCmd(Hashtable<String, String> args) {
>                 HttpPost conn = new HttpPost(URL);
>
>                 add("user", "mike");
>                 add("password", "mikey12");
>
>                 try {
>                         conn.setEntity(new UrlEncodedFormEntity(nvps));
>                         HttpResponse resp = dhc.execute(conn);
>
>                         // get the reply
>                         System.out.println(resp.getStatusLine());
>                         HttpEntity entity = resp.getEntity();
>                         BufferedReader reader = new BufferedReader(new
> InputStreamReader(
>                                         entity.getContent()));
>                         String line;
>
>                         while ((line = reader.readLine()) != null) {
>                                 System.out.println(line);
>                         }
>                         // do something useful with the response body
>                         // and ensure it is fully consumed
>
>                         EntityUtils.consume(entity);
>
>                 } catch (Exception e) {
>                         e.printStackTrace();
>                 } finally {
>                         conn.releaseConnection();
>                 }
>
>                 return null;
>
>         }
>
>         /**
>          * Convenience method to add $_POST values
>          *
>          * @param key
>          *            the name of the $_POST value
>          * @param value
>          *            the data value to send
>          */
>         private void add(String key, String value) {
>                 if (nvps == null) {
>                         nvps = new ArrayList<NameValuePair>();
>                 }
>
>                 nvps.add(new BasicNameValuePair(key, value));
>         }
>
>         public void displayResp(Document doc, OutputStream out) throws
> Exception {
>
>                 TransformerFactory tfactory = TransformerFactory.newInstance();
>                 Transformer serializer;
>                 try {
>                         serializer = tfactory.newTransformer();
>                         // Setup indenting to "pretty print"
>                         serializer.setOutputProperty(OutputKeys.INDENT, "yes");
>                         serializer.setOutputProperty(
>
> "{http://xml.apache.org/xslt}indent-amount", "2");
>
>                         serializer.transform(new DOMSource(doc), new
> StreamResult(out));
>                 } catch (TransformerException e) {
>                         // this is fatal, just dump the stack and
> throw a runtime exception
>                         e.printStackTrace();
>
>                         throw new RuntimeException(e);
>                 }
>         }
>
> }
>
> /** ERROR MESSAGE */
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>         at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
>         at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
>         at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
>         at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
>         at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
>         at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
>         at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
>         at SSLConnect.sendCmd(SSLConnect.java:114)
>         at Backend.test(Backend.java:39)
>         at Backend.<init>(Backend.java:29)
>         at Backend.main(Backend.java:21)

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message