HTTPS connection using JSSE & Resin - the code works, but not sure why

K

Keith G

Hello there -
I'm currently working on a project using Java 1.3.1 on Resin 2.1.6
with JSSE 1.0.2. I am creating a connection to a secure server and
posting an XML file. At this point I do not need to verify that the
machine I am connecting to has a valid certificate (in fact, I want to
be able to accept any and all certificates). I have been tinkering
with some code (mostly using other newsgroup posts as reference) and I
have been able to connect, send the xml file and receive a response. I
am concerned, however, that I do not necessarily understand what
exactly the code is doing and how it is working. I was hoping that by
posting it, someone might be able to point out areas that look suspect
and perhaps recommend a better approach. Bottom line, I want to make
sure that putting this code into a production environment isn't a bad
idea. Here's an example of what I'm doing:

try {
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public boolean isServerTrusted(
X509Certificate[] x509Certificates) {
return true;
}
public boolean isClientTrusted(
X509Certificate[] x509Certificates) {
return false;
}
}
};

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
SSLContext sc = SSLContext.getInstance("SSL");
KeyManagerFactory factory;
factory = KeyManagerFactory.getInstance("SunX509",
new com.sun.net.ssl.internal.ssl.Provider());
sc.init((factory.getKeyManagers()),
trustAllCerts,
new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(
sc.getSocketFactory());

URL url = new URL ("https",
HOST_NAME_STRING,
443,
FILE_NAME_STRING,
new com.sun.net.ssl.internal.www.protocol.https.Handler());
URLConnection urlConnection = url.openConnection();
urlConnection.setRequestProperty("Content-Type","text/xml");
urlConnection.setDoOutput(true);
urlConnection.setDoInput(true);

out = new PrintWriter(urlConnection.getOutputStream());
out.write(buffer);
out.flush();
out.close();
} catch (Exception e) {
// log the exception
}

Thanks for your time, I really appreciate it.
-Keith
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,734
Messages
2,569,441
Members
44,832
Latest member
GlennSmall

Latest Threads

Top