On Fri, Jul 29, 2005 at 12:15:27PM -0400, Michael Clovis wrote: > > Oleg.. again thanks for help.. Had a version (2.0.2 compliant) of > AuthSSLProtocolSocketFactory. This class seems to me that you would have to > have the cert added to keystore using keytool on each client machine.. >
Just create a keystore file of your own, ship it with your application as a regular resource accessible via a class loader, and live happily ever after > I was under impression that HttpClient did not venture into keystore area > because there was no API to include certs into keystore. Had to use keytool.. It does not. Strictly speaking one does not have to use keytool in order to import a private key or public certificate into a Keystore instance. This can be done using regular JCE classes at the runtime. However, I do not see a single compelling reason to do so, because you still have to store the cert or the key somewhere. So, why not storing them in a keystore file, which besides convenience also provides (some) security by optionally protecting the file with a pass phrase (password)? So.. (pardon my ignorance) but if I understood what needed to be done plus this is a swing application that lives on anyone within a company's employ.. Confused.. I hope this clarifies the matter somewhat Oleg > Thanks for your quick responses. > ---------- Original Message ---------- > Date: 7/29/05 > From: Oleg Kalnichevski <[EMAIL PROTECTED]> > To: [email protected] > Subject: Re: SSL with Certificate-SSLPeerUnverifiedException > > >Michael, > > > >I suspect the SSL context has not been properly configured and a result > >the socket factory was unable to verify the identity of the target > >server. Please take a look at the AuthSSLProtocolSocketFactory below: > > > ><a > >href='http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/' > > > >target='_top'>http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/</a> > > >There are some guidelines in the javadocs as to how one can correctly > >set up an SSL context with required trust managers and/ or key managers > > > >Oleg > > > >On Fri, Jul 29, 2005 at 11:35:57AM -0400, Michael Clovis wrote: > >> Oleg.. or anyone. > >> Connecting with SSL and had this problem (SSLPeerUnverifiedException) with > >> earlier > >class that extended HttpClient. Wrote teststub class with TestURL that works > >in browser > >for testing servlet.. > >> Googled and made sure we are not using Tomcat 4.1.13 or earlier (problem > >> reported > >in 1.12 bugzilla).. using highest current release of tomcat Ver 4 ,Apache2 > >and OpenSSL. > >Here is the test stub... > >> > >> try{ > >> BasicConfigurator.configure(); > >> HttpClient client = new HttpClient(); > >> StrictSSLProtocolSocketFactory sf = new StrictSSLProtocolSocketFactory(); > >> > >> > >> Protocol stricthttps = new Protocol( "https", sf, 443); > >> Protocol.registerProtocol("https",stricthttps); > >> > >> client.getHostConfiguration().setHost("192.168.45.114", 443, stricthttps); > >> > >> > >> String test = <a > >> href='"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";;' > >> target='_top'>"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";;</a> > >> PostMethod post = null; > >> > >> > >> try { > >> post = new PostMethod(test); > >> } catch (Exception e) { > >> e.printStackTrace(); > >> throw e; > >> } > >> post.setDoAuthentication(true); > >> try { > >> client.executeMethod(post); > >> } catch (IOException e) { > >> //e.printStackTrace(); > >> throw e; > >> } > >> String res = null; > >> if(post!=null &&post.getStatusCode() >= 300){ > >> res = String.valueOf(post.getStatusCode()); > >> } > >> else if(post!=null){ > >> Header headers[] = null; > >> headers = post.getRequestHeaders(); > >> if(headers!=null&&headers.length>0){ > >> for (int i = 0; i < headers.length; i++) { > >> System.out.println(headers[i].toExternalForm()); > >> > >> } > >> } > >> res = new String(post.getResponseBodyAsString()); > >> } > >> System.out.println(res); > >> }catch(Exception e){ > >> e.printStackTrace(); > >> } > >> > >> > >> Here is the wire and stack trace.. > >> > >> D:\J2EE1.4SDK\jdk\bin\java -Didea.launcher.port=7532 > >> -Didea.launcher.library=F: > >\IntelliJ-IDEA-4.5\bin\breakgen.dll -Dfile.encoding=windows-1252 -classpath > >D:\J2EE1. > >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse. > >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D: > >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1. > >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1. > >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider. > >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1. > >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1. > >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv- > >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags. > >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher. > >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar; > >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g. > >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax- > >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar; > >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1. > >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype. > >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1. > >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib. > >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar; > >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1. > >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet. > >jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar; > >D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar; > >D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp. > >jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds- > >0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8. > >jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray. > >jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient- > >2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging- > >api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer. > >jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit. > >jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar; > >S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0. > >jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs- > >0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar; > >S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI- > >dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces- > >2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt. > >jar com.intellij.rt.execution.application.AppMain TestPlain > >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java version: > >> 1.4.2_02 > >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: Sun > >> Microsystems > >Inc. > >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java class path: > >> D:\J2EE1. > >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse. > >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D: > >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1. > >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1. > >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider. > >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1. > >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1. > >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv- > >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags. > >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher. > >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar; > >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g. > >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax- > >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar; > >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1. > >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype. > >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1. > >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib. > >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar; > >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1. > >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet. > >jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar; > >D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar; > >D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp. > >jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds- > >0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8. > >jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray. > >jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient- > >2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging- > >api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer. > >jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit. > >jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar; > >S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0. > >jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs- > >0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar; > >S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI- > >dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces- > >2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt. > >jar > >> 10 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating > >> system name: > >Windows NT > >> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating > >> system architecture: > >x86 > >> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating > >> system version: > >4.0 > >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SUN 1.42: SUN > >> (DSA > >key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; > >X.509 certificates; > >JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection > >CertStores) > >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJSSE 1.42: > >> Sun JSSE > >provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, > >SSLv3, TLSv1) > >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunRsaSign > >> 1.42: SUN's > >provider for RSA signatures > >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJCE 1.42: > >> SunJCE > >Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, > >HMAC-MD5, > >HMAC-SHA1) > >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJGSS 1.0: > >> Sun (Kerberos > >v5) > >> 560 [main] DEBUG org.apache.commons.httpclient.methods.GetMethod - enter > >> GetMethod > >(String) > >> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter > >> HttpClient.executeMethod > >(HttpMethod) > >> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter > >> HttpClient.executeMethod > >(HostConfiguration,HttpMethod,HttpState) > >> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - > >> HttpConnection. > >setSoTimeout(0) > >> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter > >> HttpConnection. > >open() > >> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter > >> HttpConnection. > >closeSockedAndStreams() > >> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter > >> HttpConnection. > >releaseConnection() > >> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > >> at > >> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275) > >> at > >> mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname > >(StrictSSLProtocolSocketFactory.java:253) > >> at > >> mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket > >(StrictSSLProtocolSocketFactory.java:208) > >> at > >> org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:683) > >> at > >> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:662) > >> at > >> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529) > >> at TestPlain.main(TestPlain.java:65) > >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > >> at > >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > >> at > >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl. > >java:25) > >> at java.lang.reflect.Method.invoke(Method.java:324) > >> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78) > >> count = 0, total = 67 > >> > >> Process finished with exit code 0 > >> > >> Thanks for any insight > >> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
