Access to an https page with certificate


A

Alessandro Rossi

Hi
I'm writing a class which tries to access to an https web page which
has an user/password and a certificate. I need to access to this page
programmaticaly because I have to post some data looping a set of data.
The probelm is that I receive an error and my code doesn't work. My
question is: If I haven't the certificate installed on my PC, Can I
access to this page with my class? And if this is possible, who can
help me? :) Thank you in advance.

/**
*
*/
package mypackage;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io_OutputStream;
import java.io_OutputStreamWriter;
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.net.URLStreamHandlerFactory;
import java.security.KeyStore;
import java.security.Security;
import java.util.Properties;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;


/**
* @author me
*
*/
public class PostQuery {

/**
*
*/
public PostQuery() {
super();
// TODO Auto-generated constructor stub
}

/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
PostQuery postQuery = new PostQuery();
URL url;
try {
url = new URL("https://user:[email protected]");

try {
postQuery.getResponse(url, "mydata");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

}

public String getResponse (URL _url, String _request)throws
Exception{
HttpsURLConnection c = null;
InputStream is = null;
OutputStream os = null;
// b is to collect the repsonse from the server
StringBuffer b = new StringBuffer( );


// Create a trust manager that does not validate certificate
chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
}
};

// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new
java.security.SecureRandom());

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}



// open the connection
c = (HttpsURLConnection)_url.openConnection();
c.setDoOutput(true);
c.setDoInput(true);
// set the method (i.e. GET or POST)
c.setRequestMethod("POST");

// get the output stream - this is for writing the post data to
os = c.getOutputStream();
// write the data
os.write(_request.getBytes());

os.flush();
os.close();
// Get HTTP response
is = c.getInputStream( );
System.out.println("Response code = "+ c.getResponseCode());
int ch;
while ((ch = is.read( )) != -1){
b.append((char) ch);
}
is.close();
c.disconnect();
// b contains the data returned from the server
return(b.toString());
}
}

I receive "Server returned HTTP response code: 401"

Bye
Alessandro
 
Ad

Advertisements

I

IchBin

Alessandro said:
Hi
I'm writing a class which tries to access to an https web page which
has an user/password and a certificate. I need to access to this page
programmaticaly because I have to post some data looping a set of data.
The probelm is that I receive an error and my code doesn't work. My
question is: If I haven't the certificate installed on my PC, Can I
access to this page with my class? And if this is possible, who can
help me? :) Thank you in advance.
[snip code]

I receive "Server returned HTTP response code: 401"

Bye
Alessandro
Are you behind a firewall? Could be a firewall, proxy or ZoneAlarm...
etc problem.

--


Thanks in Advance...
IchBin, Pocono Lake, Pa, USA
http://weconsultants.servebeer.com/JHackerAppManager
__________________________________________________________________________

'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)
 
A

Alessandro Rossi

I tried, but it gives me this error when I execute:
BufferedReader in = new BufferedReader(new
InputStreamReader(url.openStream()));

sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: basic constraints check
failed: this is not a CA certificate

Thank you
Ale
 
A

Alessandro Rossi

Ah, I would like add that if I access the page from a browser ( from
the same computer where the class is running), this works properly. It
asks me to accept the certificate, and then, if I accept it gives me a
prompt to set the user and the password. Entering the right user and
pwd I can access to the page...

Ale
 
Ad

Advertisements

A

Alexey Osyatnikov

Hi,
Have you considered using Apache Commons HTTP client for this?
It supports authentication, proxies and has a number of contributed classes
as well.
There you can find examples of different TrustManagers (your version will
have an empty checkClientCert and checkServerCert methods if you don't want
to validate certificates)


Alessandro Rossi said:
Hi
I'm writing a class which tries to access to an https web page which
has an user/password and a certificate. I need to access to this page
programmaticaly because I have to post some data looping a set of data.
The probelm is that I receive an error and my code doesn't work. My
question is: If I haven't the certificate installed on my PC, Can I
access to this page with my class? And if this is possible, who can
help me? :) Thank you in advance.

/**
*
*/
package mypackage;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io_OutputStream;
import java.io_OutputStreamWriter;
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.net.URLStreamHandlerFactory;
import java.security.KeyStore;
import java.security.Security;
import java.util.Properties;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;


/**
* @author me
*
*/
public class PostQuery {

/**
*
*/
public PostQuery() {
super();
// TODO Auto-generated constructor stub
}

/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
PostQuery postQuery = new PostQuery();
URL url;
try {
url = new URL("https://user:[email protected]");

try {
postQuery.getResponse(url, "mydata");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

}

public String getResponse (URL _url, String _request)throws
Exception{
HttpsURLConnection c = null;
InputStream is = null;
OutputStream os = null;
// b is to collect the repsonse from the server
StringBuffer b = new StringBuffer( );


// Create a trust manager that does not validate certificate
chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
}
};

// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new
java.security.SecureRandom());

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}



// open the connection
c = (HttpsURLConnection)_url.openConnection();
c.setDoOutput(true);
c.setDoInput(true);
// set the method (i.e. GET or POST)
c.setRequestMethod("POST");

// get the output stream - this is for writing the post data to
os = c.getOutputStream();
// write the data
os.write(_request.getBytes());

os.flush();
os.close();
// Get HTTP response
is = c.getInputStream( );
System.out.println("Response code = "+ c.getResponseCode());
int ch;
while ((ch = is.read( )) != -1){
b.append((char) ch);
}
is.close();
c.disconnect();
// b contains the data returned from the server
return(b.toString());
}
}

I receive "Server returned HTTP response code: 401"

Bye
Alessandro
 
Ad

Advertisements

R

Rogan Dawes

Alessandro said:
Hi
I'm writing a class which tries to access to an https web page which
has an user/password and a certificate. I need to access to this page
programmaticaly because I have to post some data looping a set of data.
The probelm is that I receive an error and my code doesn't work. My
question is: If I haven't the certificate installed on my PC, Can I
access to this page with my class? And if this is possible, who can
help me? :) Thank you in advance.
I receive "Server returned HTTP response code: 401"

Bye
Alessandro

401 is the server returning an "Unauthorised" response.

I'm not sure if Java actually supports the "user:p[email protected]" notation.

You may need to add an "Authorization: Basic " +
base64(username:password) header to authenticate yourself to the server.

Or possibly the Url class has some specific support for this.

Rogan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top