On Thu, 2007-07-05 at 15:36 +0530, Dhanushka Amarakoon wrote: > I'm not exactly sure. It may be a caused by a security implementation of > HttpClient. But I cant be for sure. > > Reguards > > Dhanushka Amrakoon >
Dhanushka, HttpClient does not implement _ANY_ SSL security internally. It fully relies on pluggable ProtocolSocketFactorys to take care of the socket initialization. Oleg > > -----Original Message----- > From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 05, 2007 3:34 PM > To: HttpClient User Discussion > Subject: RE: HTTPS Certification problem > > On Thu, 2007-07-05 at 15:28 +0530, Dhanushka Amarakoon wrote: > > Yes I understand the difference. Sorry for the mistake. Let me explain > again > > > > > ---------------------------------------------------------------------------- > > HttpClient httpclient = new HttpClient(); > > // System.setProperty("javax.net.ssl.trustStore", keyStore); > > // System.setProperty("javax.net.ssl.trustStorePassword", password); > > GetMethod get = new GetMethod(cmd); > > returnVal = new StringBuffer(""); > > System.out.println("COMMAND : " + cmd); > > > > HttpMethodParams httpParams = new HttpMethodParams(); > > httpParams.setSoTimeout(httpTimeout); > > get.setParams(httpParams); > > > > Protocol authhttps; > > try{ > > authhttps = new Protocol("https", > > new AuthSSLProtocolSocketFactory( > > new URL( > > > > "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"), > > "112233", > > new URL( > > > > "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"), > > "112233"), 443); > > Protocol.registerProtocol("https", authhttps); > > }catch(Exception e){ > > e.printStackTrace(); > > } > > > ---------------------------------------------------------------------------- > > > > I use the above code to make my application point to the truststore that I > > want. Unfortunately it still points to the default trustStore. > > Does this problem have anything to do with HttpClient? > > Oleg > > > > And if I > > uncomment the 2nd and 3rd lines it wont point to the updated trustStore > when > > a update occurs. > > > > Reguards > > > > Dhanushka Amrakoon > > > > > > -----Original Message----- > > From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] > > Sent: Thursday, July 05, 2007 3:18 PM > > To: HttpClient User Discussion > > Subject: RE: HTTPS Certification problem > > > > On Thu, 2007-07-05 at 15:03 +0530, Dhanushka Amarakoon wrote: > > > Yes I agree. If you take a look at the code that I have submitted then > > > you'll see that I have tried the approach using > > > AuthSSLProtocolSocketFactory. > > > > > > > Dhanushka, > > > > A key store and a trust store (at least conceptually) is not the same > > thing. Are you sure you are not confusing the two? > > > > > But it still points to the default keyStore and not the one that I have > > > specified. > > > > That does not seem to be a problem with HttpClient, does it? > > > > Oleg > > > > > I also tried to initialize the keyStore using an SSLContext. But > > > nothing seems to work. > > > > > > Please help > > > > > > > > > Reguards > > > > > > Dhanushka Amrakoon > > > > > > > > > -----Original Message----- > > > From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, July 05, 2007 2:59 PM > > > To: HttpClient User Discussion > > > Subject: RE: HTTPS Certification problem > > > > > > On Thu, 2007-07-05 at 08:28 +0530, Dhanushka Amarakoon wrote: > > > > Hi > > > > > > > > I believe that I also tried what you suggested earlier. I > reinitialized > > > the > > > > keyStore just before executing the httpGet method. But it still > doesn't > > > > work. > > > > > > You mean the trust store, don't you? As I said just creating a new trust > > > store is not enough. You have to create a new SSLContext using that new > > > trust store. Essentially that means you have to create a new instance of > > > the AuthSSLProtocolSocketFactory. > > > > > > Oleg > > > > > > > > > > Can you please provide me with the necessary steps as to how to achive > > > what > > > > I require. > > > > > > > > > > > > Reguards > > > > > > > > Dhanushka Amrakoon > > > > > > > > > > > > -----Original Message----- > > > > From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, July 04, 2007 5:16 PM > > > > To: HttpClient User Discussion > > > > Subject: RE: HTTPS Certification problem > > > > > > > > On Mon, 2007-07-02 at 11:52 +0530, Dhanushka Amarakoon wrote: > > > > > Hi > > > > > > > > > > I did what you suggested but I am unable to still obtain the result > > that > > > I > > > > > require. > > > > > > > > > > Can anyone please tell me a way to dynamically change the truststore > > > used. > > > > > It doesn't have to be something related to > > AuthSSLProtocolSocketFactory. > > > > Any > > > > > way to do it would be fine. > > > > > > > > > > I need to > > > > > 1. Execute a HTTP get command > > > > > 2. Check the truststore for any valid certificates. > > > > > 3. If the truststore doesn't have the valid certificate obtain it > from > > > the > > > > > end server and store it in the truststore. > > > > > 4. reexecute the HTTP get command. Have to make sure that the > > truststore > > > > > used is the newly updated truststore. > > > > > > > > > > I am able to do steps 1-3 successfully. > > > > > But I am not able to reexecute the HTTP command again successfully > as > > it > > > > > still only obtains certificates from the old truststore not the new > > > > updated > > > > > one. > > > > > > > > > > > > > If the trust store changes, you need to make sure the SSLContext > > > > instance used to create SSL sockets gets reinitialized (recreated > using > > > > the new trust store). > > > > > > > > Hope this helps > > > > > > > > Oleg > > > > > > > > > BTW > > > > > Thanks go out to Roland for helping me out. > > > > > > > > > > Reguards > > > > > > > > > > Dhanushka Amrakoon > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Roland Weber [mailto:[EMAIL PROTECTED] > > > > > Sent: Friday, June 29, 2007 10:49 PM > > > > > To: HttpClient User Discussion > > > > > Subject: Re: HTTPS Certification problem > > > > > > > > > > Hello Dhanushka, > > > > > > > > > > > while (retry <= retryCount) { > > > > > > > > > > > > try { > > > > > > > > > > > > Protocol authhttps = new Protocol("https", > > > > > > new > > > > > AuthSSLProtocolSocketFactory( > > > > > > new URL( > > > > > > > > > > > > > "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"), > > > > > > > > > > That is a really strange format for a URL. I would have used > > > > > file:///e:/Dhanushka/Connectors/AptiloConnector_new/my.keyStore > > > > > Anyway, if it works. > > > > > > > > > > > "112233", > > > > > > new URL( > > > > > > > > > > > > > "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"), > > > > > > "112233"), 443); > > > > > > // httpclient.getHostConfiguration().setHost("localhost", > > 443, > > > > > > authhttps); > > > > > > Protocol.registerProtocol("https", authhttps); > > > > > > > > > > It is a rather bad idea to register the protocol in a loop. > > > > > And it may not work as expected, depending on how the > > > > > AuthSSLProtocolSocketFactory relates to SSL contexts. > > > > > I can't tell you details, because I don't know them. > > > > > But this _feels_ all wrong. > > > > > Use one single AuthSSLProtocolSocketFactory. Modify the > > > > > code of that factory so you can update the key store at > > > > > runtime. Test and debug until you are sure that the new > > > > > key store content is picked up at runtime. > > > > > Then verify that the initial key store is read from the > > > > > file referenced above. Afterwards, verify that updates > > > > > to the key store are written to that very file. And make > > > > > sure that the writing succeeds and is not prevented by > > > > > some spurious file locks because a file is not properly > > > > > closed or some such interference. > > > > > > > > > > good luck, > > > > > Roland > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
