Monday, March 5, 2012

Request Https resource (Pass Authentication + Trust All Certificates) in Java

 

A post to remember

  • Request resource from : https://a.b.c.d/test-metadata.xml
    • Trust all certificates (PKIX path building failed)
    • Pass SSL handshake verification (javax SSLHandshakeException)
    • Pass basic (username/password) authentication (401, Authentication Required)

Basic Java Way :

import java.io.*;
import java.net.*;
import java.security.cert.*;
import javax.net.ssl.*;

public class
HttpsRequestClient {
private final String USERNAME = "flyworld"
;
private final String PASSWORD = "mypwd"
;
private final String TESTURL = "https://a.b.c.d/test-metadata.xml"
;

public static void main(String
[] args) {
HttpsRequestClient client =
new
HttpsRequestClient();
switch
(args.length) {
case
0:
client.testURL();
break
;
case
1:
client.testURL(args[0]);
case
3:
client.testURL(args[0], args[1], args[2]);
default
:
client.testURL();
}

}

public void
testURL() {
testURL(TESTURL, USERNAME, PASSWORD);
}

public void testURL(String
url) {
testURL(url, USERNAME, PASSWORD);
}

public void testURL(String testURL, final String name, final String
pwd) {

HttpsURLConnection testConnection =
null
;
try
{
// Trust All HttpsCertificates
SSLContext sc = SSLContext.getInstance("SSL"
);
sc.init(
null, new TrustManager[] { new AllPassTrustManager() }, null
);

// Pass handshake verification
HostnameVerifier myHostnameVarifier = new HostnameVerifier() {
public boolean verify(String
urlHostName, SSLSession session) {
return true
;
}
};

// Configuration
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(myHostnameVarifier);
Authenticator.setDefault(
new
Authenticator() {
protected
PasswordAuthentication getPasswordAuthentication() {
return new
PasswordAuthentication(name, pwd.toCharArray());
}
});

testConnection = (HttpsURLConnection)
new URL
(testURL).openConnection();

printHttpsCertificates(testConnection);
printResponseContent(testConnection);

}
catch (MalformedURLException
e) {
e.printStackTrace();
}
catch (IOException
e) {
e.printStackTrace();
}
catch (Exception
e) {
e.printStackTrace();
}
finally
{
if (testConnection != null
)
testConnection.disconnect();
}

}

private static void
printHttpsCertificates(HttpsURLConnection con) {
try
{
System.out.println("-----Certificates-----"
);
System.out.println("Response Code : "
+ con.getResponseCode());
System.out.println("Cipher Suite : "
+ con.getCipherSuite());
System.out.println(System.getProperty("line.separator"
));

Certificate
[] certs = con.getServerCertificates();
System.out.println("Certificate Number : "
+ certs.length);
for (int
i = 0; i < certs.length; i++) {
Certificate
cert = certs[i];
System.out.println("No : "
+ i);
System.out.println("Cert Type : "
+ cert.getType());
System.out.println("Cert Hash Code : "
+ cert.hashCode());
System.out.println("Cert Public Key Algorithm : "
+ cert.getPublicKey().getAlgorithm());
System.out.println("Cert Public Key Format : "
+ cert.getPublicKey().getFormat());
System.out.println(System.getProperty("line.separator"
));
}
}
catch
(SSLPeerUnverifiedException e) {
e.printStackTrace();
}
catch (IOException
e) {
e.printStackTrace();
}
}

private static void
printResponseContent(HttpsURLConnection con) {
try
{
System.out.println("-----Content-----"
);
BufferedReader br = new BufferedReader(
new InputStreamReader
(con.getInputStream()));
String
input;
while ((input = br.readLine()) != null
) {
System
.out.println(input);
}
br.close();
}
catch (IOException
e) {
e.printStackTrace();
}
}

/**
     * A TrustManager which passes all certificates
     *
     * @see TrustManager
     */
private class AllPassTrustManager implements
TrustManager, X509TrustManager {
public
X509Certificate[] getAcceptedIssuers() {
return null
;
}

public void checkServerTrusted(X509Certificate[] certs, String authType) throws
CertificateException {
return
;
}

public void checkClientTrusted(X509Certificate[] certs, String authType) throws
CertificateException {
return
;
}
}

}

With HttpClient, the testURL method become easier





public void testURL(String testURL, String name, String pwd) {
DefaultHttpClient httpclient = new DefaultHttpClient();
try {
// Trust all https certificates
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[] { new AllPassTrustManager() }, null);
// Use apache SSLSocketFactory
httpclient.getConnectionManager().getSchemeRegistry()
.register(new Scheme("https", 443, new SSLSocketFactory(sc)));
httpclient.getCredentialsProvider().setCredentials(
new AuthScope(AuthScope.ANY_HOST, 443),
new UsernamePasswordCredentials(name, pwd));
HttpGet httpget = new HttpGet(testURL);
ResponseHandler<String> handler = new ResponseHandler<String>() {
public String handleResponse(HttpResponse response)
throws ClientProtocolException, IOException {
System.out.println("Response Status : " + response.getStatusLine());
System.out.println("-----Content-----");
HttpEntity entity = response.getEntity();
if (entity != null) {
return EntityUtils.toString(entity);
} else {
return null;
}
}
};
System.out.println(httpclient.execute(httpget, handler));
} catch (Exception e) {
e.printStackTrace();
} finally {
httpclient.getConnectionManager().shutdown();
}
}

Reference :


http://www.mkyong.com/java/java-https-client-httpsurlconnection-example/
http://hc.apache.org/httpcomponents-client-ga/examples.html

No comments:

Post a Comment