Hi All, I have an Apache HTTPS server which requires client authentications. I receive the exception "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" when using the following code to perform the authentication. The same trust/keystores that are used in my example work perfectly with the Java builtin HttpsURLConnection class, but fails with HttpComponents. Thank you in advance for the help!
Best, Mike Syntax Highlighted Version: http://pastie.org/4279713 Plain Text Version (Without Import Statements: public class SSLConnect { static final String KSPASS = "password_here"; private final String URL = "https://appa.simplysolutionscoding.com/index.php";; private ArrayList<NameValuePair> nvps; private DefaultHttpClient dhc; public SSLConnect() { nvps = null; dhc = null; // setup truststore try { HttpParams params = new BasicHttpParams(); InputStream tstream = new FileInputStream("mike.keystore"); KeyStore trustStore = KeyStore.getInstance(KeyStore .getDefaultType()); trustStore.load(tstream, "test12".toCharArray()); TrustManagerFactory trustFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustFactory.init(trustStore); KeyManagerFactory keyFactory = KeyManagerFactory .getInstance("SunX509"); InputStream keyInput = new FileInputStream("mike.jks"); KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(keyInput, KSPASS.toCharArray()); // trustStore.load(keyInput, KSPASS.toCharArray()); keyFactory.init(trustStore, KSPASS.toCharArray()); SSLSocketFactory ssl = new SSLSocketFactory(trustStore, KSPASS, keystore); params.setParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 1000L); SchemeRegistry sr = new SchemeRegistry(); Scheme https = new Scheme("https", 443, ssl); sr.register(https); // Create Connection Manager that takes care of the connections // created by the client ClientConnectionManager httpConnectionManager = new PoolingClientConnectionManager(sr); dhc = new DefaultHttpClient(httpConnectionManager); // ssl.connectSocket(socket, remote, null, params); System.setProperty("javax.net.debug", "all"); } catch (Exception ex) { ex.printStackTrace(); } } /** * Sends the specified command to the server and returns the server's parsed * XML reply * * @param args * a <Hashtable> of parameters to send to the server * @return an XML parsed <Document> */ public Document sendCmd(Hashtable<String, String> args) { HttpPost conn = new HttpPost(URL); add("user", "mike"); add("password", "mikey12"); try { conn.setEntity(new UrlEncodedFormEntity(nvps)); HttpResponse resp = dhc.execute(conn); // get the reply System.out.println(resp.getStatusLine()); HttpEntity entity = resp.getEntity(); BufferedReader reader = new BufferedReader(new InputStreamReader( entity.getContent())); String line; while ((line = reader.readLine()) != null) { System.out.println(line); } // do something useful with the response body // and ensure it is fully consumed EntityUtils.consume(entity); } catch (Exception e) { e.printStackTrace(); } finally { conn.releaseConnection(); } return null; } /** * Convenience method to add $_POST values * * @param key * the name of the $_POST value * @param value * the data value to send */ private void add(String key, String value) { if (nvps == null) { nvps = new ArrayList<NameValuePair>(); } nvps.add(new BasicNameValuePair(key, value)); } public void displayResp(Document doc, OutputStream out) throws Exception { TransformerFactory tfactory = TransformerFactory.newInstance(); Transformer serializer; try { serializer = tfactory.newTransformer(); // Setup indenting to "pretty print" serializer.setOutputProperty(OutputKeys.INDENT, "yes"); serializer.setOutputProperty( "{http://xml.apache.org/xslt}indent-amount";, "2"); serializer.transform(new DOMSource(doc), new StreamResult(out)); } catch (TransformerException e) { // this is fatal, just dump the stack and throw a runtime exception e.printStackTrace(); throw new RuntimeException(e); } } } /** ERROR MESSAGE */ javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784) at SSLConnect.sendCmd(SSLConnect.java:114) at Backend.test(Backend.java:39) at Backend.<init>(Backend.java:29) at Backend.main(Backend.java:21) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
