Thanks, Mark! It seems to me that we could use a new page in our community thread for tech solutions that have been painfully "discovered", to spare others the same effort. Page? FAQ?
It would go under here somewhere: http://openlibrary.org/community/ kc p.s. Anyone can add the page, so go ahead. I'm holding off because I don't code and don't want to presume what would be most useful. On 11/4/13 7:20 AM, Mark Klarer wrote: > OK, > Looks like I finally got it. Ill post my solution just in case anyone else > (or me in the future haha) has trouble. It appears to be some bug/feature in > Java. I tried the prerelease of Java 8, it seemed to have no effect. I tried > bouncycastle, it seemed to have no effect. Although its still installed so > I'm not sure. The big glaring incompatibility with Java and openlibrary > seemed to be the _DHE_ system cipher suites in Java. So I basically removed > them, then evidently Java and openlibrary negotiate around it. > > Heres the routines that do appear to work : > > > private boolean logOnOpenLibrary(java.lang.String username, > java.lang.String password) > { > TurnOff_DHE_(); > > String data="{\"username\": \""+username+"\", \"password\": > \""+password+"\"}";//.getBytes("UTF-8"); > // data="{}";//.getBytes("UTF-8"); > > //URL url = new URL("http://openlibrary.org/account/login"); > > HttpsURLConnection conn = null; > try { > conn = > createOpenAPIConnection2("https://openlibrary.org/account/login",data); > } catch (NoSuchAlgorithmException | IOException e) { > // TODO Auto-generated catch block > e.printStackTrace(); > } > > > this.print_content2(conn); > > return true; > } > > > > private void TurnOff_DHE_() > { > SSLContext context = null; > // context.init(null, new TrustManager[] { tm }, null); > try { > context = SSLContext.getInstance("TLS"); > context.init(null, new TrustManager[] { }, null); > } catch (KeyManagementException e) { > // TODO Auto-generated catch block > e.printStackTrace(); > } > catch (NoSuchAlgorithmException e) { > // TODO Auto-generated catch block > e.printStackTrace(); > } > SSLParameters params = context.getSupportedSSLParameters(); > String[] suites = params.getCipherSuites(); > System.out.println("Connecting with " + suites.length + " > cipher suites supported:"); > for (int i = 0; i < suites.length; i++) { > // System.out.print(' '); > // System.out.println(suites[i]); > ; > } > > //get rid of all _DHE_ so we can negotiate with openlibrary > > > > // Security.insertProviderAt(new BouncyCastleProvider(),1); > > > // System.setProperty("https.cipherSuites", "SSL_RSA_WITH_NULL_MD5, > SSL_RSA_WITH_NULL_SHA"); > String aSHCS=""; > > for (int i = 0; i < suites.length; i++) > { > if(suites[i].contains("_DHE_")) > continue; > // if(suites[i].contains("_DH_")) > // continue; > aSHCS+=suites[i]+","; > } > > System.setProperty("https.cipherSuites",aSHCS); > > } > > > > > public HttpsURLConnection createOpenAPIConnection2(String httpsURL, String > body) throws IOException, NoSuchAlgorithmException { > > HttpsURLConnection con = null; > // PrivateKey privKey = SecurityHolder.getPrivateKey(); > // if (privKey != null) { > > // OAuthParameters oAuthparams = SecurityHolder.getDefaultOAuthParam(); > String method = "GET"; > if (body != null) { > method = "POST"; > // MessageDigest digest = MessageDigest.getInstance("SHA-1"); > // digest.reset(); > // byte[] hash = digest.digest(body.getBytes("UTF-8")); > // String encodedHash = Base64.encode(hash); > // oAuthparams.addCustomBaseParameter("oauth_body_hash", encodedHash); > } > // String baseString = OAuthUtil.getSignatureBaseString(httpsURL, > method, oAuthparams.getBaseParameters()); > // System.out.println(baseString); > // OAuthRsaSha1Signer rsaSigner = new OAuthRsaSha1Signer(); > /// rsaSigner.setPrivateKey(privKey); > // String signature = rsaSigner.getSignature(baseString, oAuthparams); > // oAuthparams.addCustomBaseParameter("oauth_signature", signature); > URL url = new URL(httpsURL); > con = (HttpsURLConnection) url.openConnection(); > con.setRequestMethod(method); > con.setSSLSocketFactory((SSLSocketFactory) > SSLSocketFactory.getDefault()); > con.setDoOutput(true); > con.setDoInput(true); > // con.addRequestProperty("Authorization", > buildAuthHeaderString(oAuthparams)); > // System.out.println(buildAuthHeaderString(oAuthparams)); > if (body != null) { > con.addRequestProperty("content-type", "application/json"); > con.addRequestProperty("content-length", > Integer.toString(body.length())); > } > con.connect(); > if (body != null) { > OutputStreamWriter request = new > OutputStreamWriter(con.getOutputStream()); > request.append(body); > request.flush(); > request.close(); > } > return con; > } > > // } > > > > private void print_content2(HttpsURLConnection con){ > if(con!=null){ > > try { > > System.out.println("****** Content of the URL ********"); > BufferedReader br = > new BufferedReader( > new InputStreamReader(con.getInputStream())); > > String input; > > System.out.println("****** headers ********"); > Map<String,List<String>> headers = con.getHeaderFields(); > for (String key:headers.keySet()) > { > List<String> value=headers.get(key); > for (int i=0;i<value.size();i++) > { > String strdbg1=value.get(i); > System.out.println(strdbg1); > // if(value.get(i).compareTo("HTTP/1.1 200 OK")==0) > // { > // bAuthenticated=true; > // } > > } > } > > > while ((input = br.readLine()) != null){ > System.out.println(input); > } > > > > br.close(); > > } catch (IOException e) { > e.printStackTrace(); > } > > } > > } > > > > > > > > > > ________________________________________ > From: ol-tech-boun...@archive.org [ol-tech-boun...@archive.org] on behalf of > Mark Klarer > Sent: Friday, October 25, 2013 12:31 PM > To: Open Library -- technical discussion > Subject: Re: [ol-tech] openlibrary SSL DH with Java > > Whoops I spoke too soon. There is no official eclipse release with Java 8, > but looks like it can be done if you want to try early access, and some > reconfiguring on your own. But anyhow thanks again guys, ill get it fixed > eventually. > > ________________________________________ > From: ol-tech-boun...@archive.org [ol-tech-boun...@archive.org] on behalf of > Mark Klarer > Sent: Friday, October 25, 2013 11:47 AM > To: Open Library -- technical discussion > Subject: Re: [ol-tech] openlibrary SSL DH with Java > > OK thanks guys. I tried the latest version of eclipse, there is no Java 8 > support in it yet. That's what all of my projects are built with, and I just > don't have the time or motivation to convert everything just for this. > > I think I can get a good solution going, or cobble a rube goldberg thing a ma > bob to get it going eventually, thanks for all your help again. > > > > ________________________________________ > From: ol-tech-boun...@archive.org [ol-tech-boun...@archive.org] on behalf of > Anand Chitipothu [an...@archive.org] > Sent: Thursday, October 24, 2013 4:31 PM > To: Open Library -- technical discussion > Subject: Re: [ol-tech] openlibrary SSL DH with Java > > On 24-Oct-2013, at 11:43 AM, Mark Klarer wrote: > >> >> This isn't really a problem with openlibrary, but a problem with >> implementing a project using openlibrary in Java. I'm just hoping someone >> else is in the same boat and already fixed it. >> >> Since the SSL change to openlibrary.org, my little project isn't working. > [...] > > What is the URL that you are trying to access? If it is an API, it should > continue to work. > > Anand > _______________________________________________ > Ol-tech mailing list > ol-tech@archive.org > http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech > Archives: http://www.mail-archive.com/ol-tech@archive.org/ > To unsubscribe from this mailing list, send email to > ol-tech-unsubscr...@archive.org > _______________________________________________ > Ol-tech mailing list > ol-tech@archive.org > http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech > Archives: http://www.mail-archive.com/ol-tech@archive.org/ > To unsubscribe from this mailing list, send email to > ol-tech-unsubscr...@archive.org > _______________________________________________ > Ol-tech mailing list > ol-tech@archive.org > http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech > Archives: http://www.mail-archive.com/ol-tech@archive.org/ > To unsubscribe from this mailing list, send email to > ol-tech-unsubscr...@archive.org > _______________________________________________ > Ol-tech mailing list > ol-tech@archive.org > http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech > Archives: http://www.mail-archive.com/ol-tech@archive.org/ > To unsubscribe from this mailing list, send email to > ol-tech-unsubscr...@archive.org > -- Karen Coyle kco...@kcoyle.net http://kcoyle.net m: 1-510-435-8234 skype: kcoylenet _______________________________________________ Ol-tech mailing list ol-tech@archive.org http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech Archives: http://www.mail-archive.com/ol-tech@archive.org/ To unsubscribe from this mailing list, send email to ol-tech-unsubscr...@archive.org