HTTPS connection using JSSE & Resin - the code works, but not sure why

Discussion in 'Java' started by Keith G, Sep 8, 2003.

  1. Keith G

    Keith G Guest

    Hello there -
    I'm currently working on a project using Java 1.3.1 on Resin 2.1.6
    with JSSE 1.0.2. I am creating a connection to a secure server and
    posting an XML file. At this point I do not need to verify that the
    machine I am connecting to has a valid certificate (in fact, I want to
    be able to accept any and all certificates). I have been tinkering
    with some code (mostly using other newsgroup posts as reference) and I
    have been able to connect, send the xml file and receive a response. I
    am concerned, however, that I do not necessarily understand what
    exactly the code is doing and how it is working. I was hoping that by
    posting it, someone might be able to point out areas that look suspect
    and perhaps recommend a better approach. Bottom line, I want to make
    sure that putting this code into a production environment isn't a bad
    idea. Here's an example of what I'm doing:

    try {
    TrustManager[] trustAllCerts = new TrustManager[] {
    new X509TrustManager() {
    public java.security.cert.X509Certificate[]
    getAcceptedIssuers() {
    return null;
    }
    public boolean isServerTrusted(
    X509Certificate[] x509Certificates) {
    return true;
    }
    public boolean isClientTrusted(
    X509Certificate[] x509Certificates) {
    return false;
    }
    }
    };

    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    System.setProperty("java.protocol.handler.pkgs",
    "com.sun.net.ssl.internal.www.protocol");
    SSLContext sc = SSLContext.getInstance("SSL");
    KeyManagerFactory factory;
    factory = KeyManagerFactory.getInstance("SunX509",
    new com.sun.net.ssl.internal.ssl.Provider());
    sc.init((factory.getKeyManagers()),
    trustAllCerts,
    new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(
    sc.getSocketFactory());

    URL url = new URL ("https",
    HOST_NAME_STRING,
    443,
    FILE_NAME_STRING,
    new com.sun.net.ssl.internal.www.protocol.https.Handler());
    URLConnection urlConnection = url.openConnection();
    urlConnection.setRequestProperty("Content-Type","text/xml");
    urlConnection.setDoOutput(true);
    urlConnection.setDoInput(true);

    out = new PrintWriter(urlConnection.getOutputStream());
    out.write(buffer);
    out.flush();
    out.close();
    } catch (Exception e) {
    // log the exception
    }

    Thanks for your time, I really appreciate it.
    -Keith
    Keith G, Sep 8, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Salvo
    Replies:
    0
    Views:
    5,716
    John Salvo
    Sep 1, 2003
  2. Vladimir
    Replies:
    2
    Views:
    2,106
    Andrew Thompson
    Aug 10, 2004
  3. asaguden
    Replies:
    0
    Views:
    516
    asaguden
    Jan 24, 2005
  4. Replies:
    0
    Views:
    678
  5. Mr. SweatyFinger
    Replies:
    2
    Views:
    1,765
    Smokey Grindel
    Dec 2, 2006
Loading...

Share This Page