[trying again w/o code formatting, hopefully Apache mail server won't
reject it as spam]
Here's the code I use to set up for sending generic https GET requests.
// Create and initialize scheme registry
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("http",
PlainSocketFactory.getSocketFactory(), 80));
SSLSocketFactory sf = null;
for (String contextName : SSL_CONTEXT_NAMES) {
try {
SSLContext sslContext =
SSLContext.getInstance(contextName);
sslContext.init(null, new TrustManager[] { new
DummyX509TrustManager(null) }, null);
sf = new SSLSocketFactory(sslContext);
break;
} catch (NoSuchAlgorithmException e) {
LOGGER.debug("SSLContext algorithm not available:
" + contextName);
} catch (Exception e) {
LOGGER.debug("SSLContext can't be initialized: "
+ contextName, e);
}
}
if (sf != null) {
sf
.setHostnameVerifier
(SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
schemeRegistry.register(new Scheme("https", sf, 443));
} else {
LOGGER.warn("No valid SSLContext found for https");
}
The DummyX509TrustManager class (from Nutch) looks like:
public class DummyX509TrustManager implements X509TrustManager {
private X509TrustManager standardTrustManager = null;
/**
* Constructor for DummyX509TrustManager.
*/
public DummyX509TrustManager(KeyStore keystore) throws
NoSuchAlgorithmException, KeyStoreException {
super();
String algo = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory factory =
TrustManagerFactory.getInstance(algo);
factory.init(keystore);
TrustManager[] trustmanagers = factory.getTrustManagers();
if (trustmanagers.length == 0) {
throw new NoSuchAlgorithmException(algo + " trust manager
not supported");
}
this.standardTrustManager = (X509TrustManager)trustmanagers[0];
}
/**
* @see
javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],
String)
*/
public boolean isClientTrusted(X509Certificate[] certificates) {
return true;
}
/**
* @see
javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],
String)
*/
public boolean isServerTrusted(X509Certificate[] certificates) {
return true;
}
/**
* @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
*/
public X509Certificate[] getAcceptedIssuers() {
return this.standardTrustManager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] arg0, String
arg1) throws CertificateException {
// do nothing
}
public void checkServerTrusted(X509Certificate[] arg0, String
arg1) throws CertificateException {
// do nothing
}
}
I'm sure Oleg would have a more elegant way to handle all this :)
-- Ken
On Jan 5, 2010, at 10:39pm, droidin.net wrote:
I'm using HttpClient 4.0 to get some XML from the remote host. When
I use URL
such as https://user:[email protected] it works fine in the
browser but
fails in the HttpClient with this stacktrace (follows). Any
suggestions? I'm
using SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER while setting
ThreadSafeClientConnManager
The code (partial):
final HttpGet get= new HttpGet(url);
final HttpResponse response = this.client.execute(get);
return new BasicResponseHandler().handleResponse(response);
Stacktrace
01-05 22:34:03.783: ERROR/SearchResults(11565): Failed to process
request to
URL:
https://user:[email protected]/products/foo/meta/xml_proper_encoding.jsp?version=1
01-05 22:34:03.783: ERROR/SearchResults(11565):
org.apache.http.client.HttpResponseException: Unauthorized
--
View this message in context:
http://old.nabble.com/Authentication-fails-in-HttpClient-but-OK-in-browser-tp27026795p27026795.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
--------------------------------------------
Ken Krugler
+1 530-210-6378
http://bixolabs.com
e l a s t i c w e b m i n i n g
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
