Finally figured it out. I had not been setting the proper System Properties for the key/truststores. I had originally set them for the HttpsURLConnection, but found it did not need them. When switching to HC it never occurred to me I should try using them again.
Best Mike On Wed, Jul 18, 2012 at 7:17 PM, Mike Knooihuisen <[email protected]> wrote: > Hi All, > > I have an Apache HTTPS server which requires client authentications. > I receive the exception "javax.net.ssl.SSLPeerUnverifiedException: > peer not authenticated" when using the following code to perform the > authentication. The same trust/keystores that are used in my example > work perfectly with the Java builtin HttpsURLConnection class, but > fails with HttpComponents. Thank you in advance for the help! > > Best, > Mike > > Syntax Highlighted Version: > http://pastie.org/4279713 > > Plain Text Version (Without Import Statements: > > public class SSLConnect { > > static final String KSPASS = "password_here"; > > private final String URL = > "https://appa.simplysolutionscoding.com/index.php";; > private ArrayList<NameValuePair> nvps; > private DefaultHttpClient dhc; > > public SSLConnect() { > nvps = null; > dhc = null; > > // setup truststore > try { > HttpParams params = new BasicHttpParams(); > > InputStream tstream = new > FileInputStream("mike.keystore"); > KeyStore trustStore = KeyStore.getInstance(KeyStore > .getDefaultType()); > trustStore.load(tstream, "test12".toCharArray()); > > TrustManagerFactory trustFactory = TrustManagerFactory > > .getInstance(TrustManagerFactory.getDefaultAlgorithm()); > trustFactory.init(trustStore); > > KeyManagerFactory keyFactory = KeyManagerFactory > .getInstance("SunX509"); > InputStream keyInput = new > FileInputStream("mike.jks"); > KeyStore keystore = KeyStore.getInstance("JKS"); > keystore.load(keyInput, KSPASS.toCharArray()); > > // trustStore.load(keyInput, KSPASS.toCharArray()); > > keyFactory.init(trustStore, KSPASS.toCharArray()); > > SSLSocketFactory ssl = new > SSLSocketFactory(trustStore, KSPASS, > keystore); > > > params.setParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 1000L); > > SchemeRegistry sr = new SchemeRegistry(); > Scheme https = new Scheme("https", 443, ssl); > sr.register(https); > > // Create Connection Manager that takes care > of the connections > // created by the client > ClientConnectionManager httpConnectionManager = new > PoolingClientConnectionManager(sr); > > dhc = new DefaultHttpClient(httpConnectionManager); > // ssl.connectSocket(socket, remote, null, params); > > System.setProperty("javax.net.debug", "all"); > > } catch (Exception ex) { > ex.printStackTrace(); > } > > } > > /** > * Sends the specified command to the server and returns the > server's parsed > * XML reply > * > * @param args > * a <Hashtable> of parameters to send to the server > * @return an XML parsed <Document> > */ > public Document sendCmd(Hashtable<String, String> args) { > HttpPost conn = new HttpPost(URL); > > add("user", "mike"); > add("password", "mikey12"); > > try { > conn.setEntity(new UrlEncodedFormEntity(nvps)); > HttpResponse resp = dhc.execute(conn); > > // get the reply > System.out.println(resp.getStatusLine()); > HttpEntity entity = resp.getEntity(); > BufferedReader reader = new BufferedReader(new > InputStreamReader( > entity.getContent())); > String line; > > while ((line = reader.readLine()) != null) { > System.out.println(line); > } > // do something useful with the response body > // and ensure it is fully consumed > > EntityUtils.consume(entity); > > } catch (Exception e) { > e.printStackTrace(); > } finally { > conn.releaseConnection(); > } > > return null; > > } > > /** > * Convenience method to add $_POST values > * > * @param key > * the name of the $_POST value > * @param value > * the data value to send > */ > private void add(String key, String value) { > if (nvps == null) { > nvps = new ArrayList<NameValuePair>(); > } > > nvps.add(new BasicNameValuePair(key, value)); > } > > public void displayResp(Document doc, OutputStream out) throws > Exception { > > TransformerFactory tfactory = > TransformerFactory.newInstance(); > Transformer serializer; > try { > serializer = tfactory.newTransformer(); > // Setup indenting to "pretty print" > serializer.setOutputProperty(OutputKeys.INDENT, > "yes"); > serializer.setOutputProperty( > > "{http://xml.apache.org/xslt}indent-amount";, "2"); > > serializer.transform(new DOMSource(doc), new > StreamResult(out)); > } catch (TransformerException e) { > // this is fatal, just dump the stack and > throw a runtime exception > e.printStackTrace(); > > throw new RuntimeException(e); > } > } > > } > > /** ERROR MESSAGE */ > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at > com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) > at > org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) > at > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) > at > org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) > at > org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) > at > org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640) > at > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) > at > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) > at > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) > at > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784) > at SSLConnect.sendCmd(SSLConnect.java:114) > at Backend.test(Backend.java:39) > at Backend.<init>(Backend.java:29) > at Backend.main(Backend.java:21) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
