On Tue, Jun 14, 2005 at 07:22:07PM +0800, pavan kumar wrote: > Hi Oleg, > > I am using Sun's default provider. > I have a sample code that does http tunnelling with basic auth, Can you > please help me where to make changes so that it does NTLM auth and https > tunnelling. I am learning NTLM a lot these days. > > I am sending the sample code too. >
Please do not send any code that has nothing to do with HttpClient. This is not a Microsoft / Sun support forum Thank you Oleg > many many thanks > Pavan > > ----- Original Message ----- > From: "Oleg Kalnichevski" <[EMAIL PROTECTED]> > To: "HttpClient User Discussion" <[email protected]> > Subject: Re: https tunnelling with NTLM+Proxy > Date: Tue, 14 Jun 2005 10:51:11 +0200 > > > > > On Tue, Jun 14, 2005 at 03:35:54PM +0800, pavan kumar wrote: > > > Hi All, > > > > > > > > > Does Apache's HttpClient 3.0 support Https Tunnelling over Proxy > > > with NTLM. ( I am using MSProxy2.0 on win2k server). > > > > > > > Yes, it does > > > > > > > Can some one throw light on that? > > > Is jdk1.3 compatibale with Apache's HttpClient 3.0 > > > > > > > What provider? IBM? Sun? HttpClient is compatible with Java 1.2 or > > above. However, Sun JSSE 1.0.3 is known to have problems, so it is > > highly recommended to upgrade to Java 1.4 when using SSL > > > > http://jakarta.apache.org/commons/httpclient/3.0/sslguide.html#Known%20limitations%20and%20problems > > > > Hope this helps > > > > Oleg > > > > > > > Thanks in advance Pavan > > > > > > > > > -- _______________________________________________ > > > Get your free email from http://www.dellmail.com > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > import java.net.*; > import java.io.*; > import java.security.*; > import sun.misc.BASE64Encoder; > import javax.net.*; > import javax.net.ssl.*; > > /* > * This example is based on JavaWorld Tip 111. Thanks to Pua Yeow Cheong for > writing it. > * It tunnels through a proxy using the Https protocol. > * Thanks go to David Lord in the java forums for figuring out the main > problem with Tip 111 > * PLEASE NOTE: You need to have the JSSE 1.0.2 jars installed for this to > work > */ > /** > * Downloads contents of a URL, using Proxy Tunneling and Basic > Authentication > */ > public class URLReader { > /** > * The main program for the URLReader class > */ > public static void main(String[] args) throws Exception { > //set up strings for use in app. Change these to your own settings > String proxyPassword ="chn_Kjagad"; > String proxyUsername = "password123"; > String proxyHost = "10.132.58.182"; > String proxyPort = "80"; > String connectionURL = "https://www.verisign.com";; > > //set up system properties to indicate we are using a proxy > System.setProperty("https.proxyHost", proxyHost); > System.setProperty("https.proxyPort", proxyPort); > System.setProperty("proxyHost", proxyHost); > System.setProperty("proxyPort", proxyPort); > System.setProperty("proxySet", "true"); > System.setProperty("http.proxyHost", proxyHost); > System.setProperty("http.proxyPort", proxyPort); > System.setProperty("http.proxySet", "true"); > > //set up handler for jsse > System.setProperty("java.protocol.handler.pkgs", > "com.sun.net.ssl.internal.www.protocol"); > java.security.Provider prov = new > com.sun.net.ssl.internal.ssl.Provider(); > Security.addProvider(prov); > //create the connection > // URL myURL = new URL(connectionURL); > URL myURL = new URL(null,connectionURL,new > com.sun.net.ssl.internal.www.protocol.https.Handler()); > > URLConnection myConnection = myURL.openConnection(); > if (myConnection instanceof com.sun.net.ssl.HttpsURLConnection) { > ((com.sun.net.ssl.HttpsURLConnection) > myConnection).setSSLSocketFactory(new > SSLTunnelSocketFactory(System.getProperty("proxyHost"), > System.getProperty("proxyPort"))); > } > myConnection.setDoInput(true); > myConnection.setDoOutput(true); > BufferedReader in; > try { > System.err.println("opening Input stream1"); > in = new BufferedReader( > new InputStreamReader( > myConnection.getInputStream())); > String inputLine; > System.err.println("Input stream is Open1"); > while ((inputLine = in.readLine()) != null) { > System.err.println(inputLine); > } > in.close(); > System.err.println("Input stream is Closed1"); > } catch (Exception e) { > e.printStackTrace(System.err); > String tmp = e.getMessage().toLowerCase().trim(); > System.err.println("tmp *" + tmp + "*"); > if (tmp.indexOf("http") > -1) { > //http error message to be parsed > > tmp = tmp.substring(tmp.indexOf("http")).trim(); > System.err.println("tmp *" + tmp + "*"); > tmp = tmp.substring(8).trim(); > System.err.println("tmp *" + tmp + "*"); > if (tmp.startsWith("407")) { > //proxy authentication required > > myURL = new URL(connectionURL); > myConnection = myURL.openConnection(); > if (myConnection instanceof > com.sun.net.ssl.HttpsURLConnection) { > ((com.sun.net.ssl.HttpsURLConnection) > myConnection).setSSLSocketFactory(new > SSLTunnelSocketFactory(System.getProperty("proxyHost"), > System.getProperty("proxyPort"), proxyUsername, proxyPassword)); > } > myConnection.setDoInput(true); > myConnection.setDoOutput(true); > > try { > System.err.println("opening Input stream 2"); > in = new BufferedReader( > new InputStreamReader( > myConnection.getInputStream())); > String inputLine; > System.err.println("Input stream is Open 2"); > > while ((inputLine = in.readLine()) != null) { > System.out.println(inputLine); > } > in.close(); > System.err.println("Input stream is closed 2"); > } catch (Exception ex) { > System.err.println(ex.getMessage()); > ex.printStackTrace(System.err); > } > } > } > } > } > > } > > /** > * SSLSocket used to tunnel through a proxy > */ > class SSLTunnelSocketFactory extends SSLSocketFactory { > > > private String tunnelHost; > private int tunnelPort; > private SSLSocketFactory dfactory; > private String tunnelPassword; > private String tunnelUserName; > private boolean socketConnected = false; > private int falsecount = 0; > > > /** > * Constructor for the SSLTunnelSocketFactory object > * > [EMAIL PROTECTED] proxyHost The url of the proxy host > [EMAIL PROTECTED] proxyPort the port of the proxy > */ > public SSLTunnelSocketFactory(String proxyHost, String proxyPort) { > System.err.println("creating Socket Factory"); > tunnelHost = proxyHost; > tunnelPort = Integer.parseInt(proxyPort); > dfactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); > } > > > /** > * Constructor for the SSLTunnelSocketFactory object > * > [EMAIL PROTECTED] proxyHost The url of the proxy host > [EMAIL PROTECTED] proxyPort the port of the proxy > [EMAIL PROTECTED] proxyUserName username for authenticating with the > proxy > [EMAIL PROTECTED] proxyPassword password for authenticating with the > proxy > */ > public SSLTunnelSocketFactory(String proxyHost, String proxyPort, String > proxyUserName, String proxyPassword) { > System.err.println("creating Socket Factory with password/username"); > tunnelHost = proxyHost; > tunnelPort = Integer.parseInt(proxyPort); > tunnelUserName = proxyUserName; > tunnelPassword = proxyPassword; > dfactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); > } > > > /** > * Sets the proxyUserName attribute of the SSLTunnelSocketFactory object > * > [EMAIL PROTECTED] proxyUserName The new proxyUserName value > */ > public void setProxyUserName(String proxyUserName) { > tunnelUserName = proxyUserName; > } > > > /** > * Sets the proxyPassword attribute of the SSLTunnelSocketFactory object > * > [EMAIL PROTECTED] proxyPassword The new proxyPassword value > */ > public void setProxyPassword(String proxyPassword) { > tunnelPassword = proxyPassword; > } > > > /** > * Gets the supportedCipherSuites attribute of the SSLTunnelSocketFactory > * object > * > [EMAIL PROTECTED] The supportedCipherSuites value > */ > public String[] getSupportedCipherSuites() { > return dfactory.getSupportedCipherSuites(); > } > > > /** > * Gets the defaultCipherSuites attribute of the SSLTunnelSocketFactory > * object > * > [EMAIL PROTECTED] The defaultCipherSuites value > */ > public String[] getDefaultCipherSuites() { > return dfactory.getDefaultCipherSuites(); > } > > > /** > * Gets the socketConnected attribute of the SSLTunnelSocketFactory > object > * > [EMAIL PROTECTED] The socketConnected value > */ > public synchronized boolean getSocketConnected() { > return socketConnected; > } > > > /** > * Creates a new SSL Tunneled Socket > * > [EMAIL PROTECTED] s Ignored > [EMAIL PROTECTED] host destination host > [EMAIL PROTECTED] port destination port > [EMAIL PROTECTED] autoClose wether to close the socket > automaticly > [EMAIL PROTECTED] proxy tunneled socket > [EMAIL PROTECTED] IOException raised by an IO error > [EMAIL PROTECTED] UnknownHostException raised when the host is unknown > */ > public Socket createSocket(Socket s, String host, int port, boolean > autoClose) > throws IOException, UnknownHostException { > Socket tunnel = new Socket(tunnelHost, tunnelPort); > doTunnelHandshake(tunnel, host, port); > SSLSocket result = (SSLSocket) dfactory.createSocket(tunnel, host, > port, autoClose); > result.addHandshakeCompletedListener( > new HandshakeCompletedListener() { > public void handshakeCompleted(HandshakeCompletedEvent event) > { > System.out.println("Handshake Finished!"); > System.out.println("\t CipherSuite :" + > event.getCipherSuite()); > System.out.println("\t SessionId: " + event.getSession()); > System.out.println("\t PeerHost: " + > event.getSession().getPeerHost()); > setSocketConnected(true); > } > }); > // thanks to David Lord in the java forums for figuring out this line > is the problem > // result.startHandshake(); //this line is the bug which stops Tip111 > from working correctly > return result; > } > > > /** > * Creates a new SSL Tunneled Socket > * > [EMAIL PROTECTED] host destination host > [EMAIL PROTECTED] port destination port > [EMAIL PROTECTED] tunneled SSL Socket > [EMAIL PROTECTED] IOException raised by IO error > [EMAIL PROTECTED] UnknownHostException raised when the host is unknown > */ > public Socket createSocket(String host, int port) > throws IOException, UnknownHostException { > return createSocket(null, host, port, true); > } > > > /** > * Creates a new SSL Tunneled Socket > * > [EMAIL PROTECTED] host Destination Host > [EMAIL PROTECTED] port Destination Port > [EMAIL PROTECTED] clientHost Ignored > [EMAIL PROTECTED] clientPort Ignored > [EMAIL PROTECTED] SSL Tunneled Socket > [EMAIL PROTECTED] IOException Raised when IO error occurs > [EMAIL PROTECTED] UnknownHostException Raised when the destination > host is > * unknown > */ > public Socket createSocket(String host, int port, InetAddress clientHost, > int clientPort) > throws IOException, UnknownHostException { > return createSocket(null, host, port, true); > } > > > /** > * Creates a new SSL Tunneled Socket > * > [EMAIL PROTECTED] host destination host > [EMAIL PROTECTED] port destination port > [EMAIL PROTECTED] tunneled SSL Socket > [EMAIL PROTECTED] IOException raised when IO error occurs > */ > public Socket createSocket(InetAddress host, int port) > throws IOException { > return createSocket(null, host.getHostName(), port, true); > } > > > /** > * Creates a new SSL Tunneled Socket > * > [EMAIL PROTECTED] address destination host > [EMAIL PROTECTED] port destination port > [EMAIL PROTECTED] clientAddress ignored > [EMAIL PROTECTED] clientPort ignored > [EMAIL PROTECTED] tunneled SSL Socket > [EMAIL PROTECTED] IOException raised when IO exception occurs > */ > public Socket createSocket(InetAddress address, int port, > InetAddress clientAddress, int clientPort) > throws IOException { > return createSocket(null, address.getHostName(), port, true); > } > > > /** > * Sets the socketConnected attribute of the SSLTunnelSocketFactory > object > * > [EMAIL PROTECTED] b The new socketConnected value > */ > private synchronized void setSocketConnected(boolean b) { > socketConnected = b; > } > > > /** > * Description of the Method > * > [EMAIL PROTECTED] tunnel tunnel socket > [EMAIL PROTECTED] host destination host > [EMAIL PROTECTED] port destination port > [EMAIL PROTECTED] IOException raised when an IO error occurs > */ > private void doTunnelHandshake(Socket tunnel, String host, int port) > throws IOException { > OutputStream out = tunnel.getOutputStream(); > //generate connection string > String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n" > + "User-Agent: " > + sun.net.www.protocol.http.HttpURLConnection.userAgent; > if (tunnelUserName != null && tunnelPassword != null) { > //add basic authentication header for the proxy > sun.misc.BASE64Encoder enc = new sun.misc.BASE64Encoder(); > String encodedPassword = enc.encode((tunnelUserName + ":" + > tunnelPassword).getBytes()); > msg = msg + "\nProxy-Authorization: Basic " + encodedPassword; > } > msg = msg + "\nContent-Length: 0"; > msg = msg + "\nPragma: no-cache"; > > msg = msg + "\r\n\r\n"; > > System.err.println(msg); > byte b[]; > try { > //we really do want ASCII7 as the http protocol doesnt change > with locale > b = msg.getBytes("ASCII7"); > } catch (UnsupportedEncodingException ignored) { > //If ASCII7 isn't there, something is seriously wrong! > b = msg.getBytes(); > } > out.write(b); > out.flush(); > > byte reply[] = new byte[200]; > int replyLen = 0; > int newlinesSeen = 0; > boolean headerDone = false; > > InputStream in = tunnel.getInputStream(); > boolean error = false; > > while (newlinesSeen < 2) { > int i = in.read(); > System.out.print((char)i); > if (i < 0) { > throw new IOException("Unexpected EOF from Proxy"); > } > if (i == '\n') { > headerDone = true; > ++newlinesSeen; > } else > if (i != '\r') { > newlinesSeen = 0; > if (!headerDone && replyLen < reply.length) { > reply[replyLen++] = (byte) i; > } > } > } > > //convert byte array to string > String replyStr; > try { > replyStr = new String(reply, 0, replyLen, "ASCII7"); > } catch (UnsupportedEncodingException ignored) { > replyStr = new String(reply, 0, replyLen); > } > System.out.println("Reply String : " + replyStr); > > //we check for connection established because our proxy returns > http/1.1 instead of 1.0 > if (replyStr.toLowerCase().indexOf("200 connection established") == > -1) { > System.err.println(replyStr); > throw new IOException("Unable to tunnel through " + tunnelHost + > ":" + tunnelPort + ". Proxy returns\"" + replyStr + "\""); > } > //tunneling hanshake was successful > } > > } > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
