On Mon, 2010-12-13 at 09:23 +0100, Gerhard Sinne wrote:
> Hi all,
> I've asked something similar before, so apologies if you feel its doubled.
>
> I have a https- Server that I need to connect to using HTTPS and digest
> authentication. This works perfect with plain HTTP.
>
> Now for SSL, I implemented a TrustManager with its methods as empty ones
> and connected it to the SSLFactory. But the methods
> are not even called during the httpclient.execute() call.
>
> Then I switched to TrustStrategy and connected this to the SSLFactory.
> Again no way. The isTrusted()- method of TrustStrategy is not even called.
>
> Instead both implementation just abort with
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
>
> This is the essential code for TrustManager (X509TrustManager did not
> work either)
> ==============================================================================================
> public class ClientTrustManager {
>
> public final static void main(String[] args) throws Exception{
>
> SSLContext ctx = SSLContext.getInstance("TLS");
> MyTrustManager tm = new MyTrustManager();
> ctx.init (null, new TrustManager []{tm}, null);
> SSLSocketFactory socketFactory = new SSLSocketFactory(ctx);
>
> DefaultHttpClient httpclient = new DefaultHttpClient();
> httpclient.getConnectionManager().getSchemeRegistry().register(new
> Scheme("https", 443, socketFactory));
> httpclient.getCredentialsProvider() .setCredentials(new
> AuthScope(null, -1, null),
> new
> UsernamePasswordCredentials("...", "..."));
> HttpGet httpget = new HttpGet("https://192.168.111.56/...";);
> HttpResponse response = httpclient.execute(httpget);
> }
> }
>
> class MyTrustManager implements TrustManager {
>
> public void checkClientTrusted(java.security.cert.X509Certificate[] xcs,
>
> String string) throws CertificateException {
> System.out.println("checkClientTrusted");
> }
> public java.security.cert.X509Certificate[] getAcceptedIssuers() {
> System.out.println("getAcceptedIssuers");
> return null;
> }
> public void checkServerTrusted(java.security.cert.X509Certificate[]
> arg0, String arg1) throws CertificateException {
> System.out.println("checkServerTrusted");
>
> }
> }
>
> And this is the essential code for TrustStrategy:
> ====================================================================================
> public class ClientTrustStrategy {
>
> public final static void main(String[] args) throws Exception{
>
> MyTrustStrategy ts = new MyTrustStrategy();
> SSLSocketFactory socketFactory = new SSLSocketFactory(ts);
> DefaultHttpClient httpclient = new DefaultHttpClient();
> httpclient.getConnectionManager().getSchemeRegistry().register(new
> Scheme("https", 443, socketFactory));
>
> httpclient.getCredentialsProvider().setCredentials(new AuthScope(null,
> -1, null),
> new
> UsernamePasswordCredentials("...", "..."));
> HttpResponse response = httpclient.execute(httpget);
> }
> }
> class MyTrustStrategy implements TrustStrategy {
>
> public boolean isTrusted(X509Certificate[] arg0, String authString)
> throws CertificateException {
> System.out.println("MyTrustStrategy.isTrusted:" + authString);
> return true;
> }
> }
> ====================================================================================
> Can somebody sched a light on this ?
>
> Thx for any help
> Gerd
>
Gerd
I find it somewhat difficult to believe that the trust manager never
gets called. You might want to turn on the SSL debugging to find out
what certificates are trusted.
http://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
