Access to an https page with certificate

[Alessandro Rossi]

Hi
I'm writing a class which tries to access to an https web page which
has an user/password and a certificate. I need to access to this page
programmaticaly because I have to post some data looping a set of data.
The probelm is that I receive an error and my code doesn't work. My
question is: If I haven't the certificate installed on my PC, Can I
access to this page with my class? And if this is possible, who can
help me? Thank you in advance.

/**
*
*/
package mypackage;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.iutputStream;
import java.iutputStreamWriter;
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.net.URLStreamHandlerFactory;
import java.security.KeyStore;
import java.security.Security;
import java.util.Properties;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;


/**
* @author me
*
*/
public class PostQuery {

/**
*
*/
public PostQuery() {
super();
// TODO Auto-generated constructor stub
}

/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
PostQuery postQuery = new PostQuery();
URL url;
try {
url = new URL("https://user:[email protected]");

try {
postQuery.getResponse(url, "mydata");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

}

public String getResponse (URL _url, String _request)throws
Exception{
HttpsURLConnection c = null;
InputStream is = null;
OutputStream os = null;
// b is to collect the repsonse from the server
StringBuffer b = new StringBuffer( );


// Create a trust manager that does not validate certificate
chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
}
};

// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new
java.security.SecureRandom());

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}



// open the connection
c = (HttpsURLConnection)_url.openConnection();
c.setDoOutput(true);
c.setDoInput(true);
// set the method (i.e. GET or POST)
c.setRequestMethod("POST");

// get the output stream - this is for writing the post data to
os = c.getOutputStream();
// write the data
os.write(_request.getBytes());

os.flush();
os.close();
// Get HTTP response
is = c.getInputStream( );
System.out.println("Response code = "+ c.getResponseCode());
int ch;
while ((ch = is.read( )) != -1){
b.append((char) ch);
}
is.close();
c.disconnect();
// b contains the data returned from the server
return(b.toString());
}
}

I receive "Server returned HTTP response code: 401"

Bye
Alessandro

 

[IchBin]

Hi
I'm writing a class which tries to access to an https web page which
has an user/password and a certificate. I need to access to this page
programmaticaly because I have to post some data looping a set of data.
The probelm is that I receive an error and my code doesn't work. My
question is: If I haven't the certificate installed on my PC, Can I
access to this page with my class? And if this is possible, who can
help me? Thank you in advance.
[snip code]

I receive "Server returned HTTP response code: 401"

Bye
Alessandro

Are you behind a firewall? Could be a firewall, proxy or ZoneAlarm...
etc problem.

--


Thanks in Advance...
IchBin, Pocono Lake, Pa, USA
http://weconsultants.servebeer.com/JHackerAppManager
__________________________________________________________________________

'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)

 

[abrasivesponge]

You may wanna try an authenticator too
http://javaalmanac.com/egs/java.net/Auth.html

 

[Alessandro Rossi]

Yes , there is a firewall, but you think the code is right?

Thank you
Ale

 

[Alessandro Rossi]

I tried, but it gives me this error when I execute:
BufferedReader in = new BufferedReader(new
InputStreamReader(url.openStream()));

sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: basic constraints check
failed: this is not a CA certificate

Thank you
Ale

 

[Alessandro Rossi]

Ah, I would like add that if I access the page from a browser ( from
the same computer where the class is running), this works properly. It
asks me to accept the certificate, and then, if I accept it gives me a
prompt to set the user and the password. Entering the right user and
pwd I can access to the page...

Ale

 

[Alexey Osyatnikov]

Hi,
Have you considered using Apache Commons HTTP client for this?
It supports authentication, proxies and has a number of contributed classes
as well.
There you can find examples of different TrustManagers (your version will
have an empty checkClientCert and checkServerCert methods if you don't want
to validate certificates)

Hi
I'm writing a class which tries to access to an https web page which
has an user/password and a certificate. I need to access to this page
programmaticaly because I have to post some data looping a set of data.
The probelm is that I receive an error and my code doesn't work. My
question is: If I haven't the certificate installed on my PC, Can I
access to this page with my class? And if this is possible, who can
help me? Thank you in advance.

/**
*
*/
package mypackage;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.iutputStream;
import java.iutputStreamWriter;
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.net.URLStreamHandlerFactory;
import java.security.KeyStore;
import java.security.Security;
import java.util.Properties;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;


/**
* @author me
*
*/
public class PostQuery {

/**
*
*/
public PostQuery() {
super();
// TODO Auto-generated constructor stub
}

/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
PostQuery postQuery = new PostQuery();
URL url;
try {
url = new URL("https://user:[email protected]");

try {
postQuery.getResponse(url, "mydata");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

}

public String getResponse (URL _url, String _request)throws
Exception{
HttpsURLConnection c = null;
InputStream is = null;
OutputStream os = null;
// b is to collect the repsonse from the server
StringBuffer b = new StringBuffer( );


// Create a trust manager that does not validate certificate
chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
}
};

// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new
java.security.SecureRandom());

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}



// open the connection
c = (HttpsURLConnection)_url.openConnection();
c.setDoOutput(true);
c.setDoInput(true);
// set the method (i.e. GET or POST)
c.setRequestMethod("POST");

// get the output stream - this is for writing the post data to
os = c.getOutputStream();
// write the data
os.write(_request.getBytes());

os.flush();
os.close();
// Get HTTP response
is = c.getInputStream( );
System.out.println("Response code = "+ c.getResponseCode());
int ch;
while ((ch = is.read( )) != -1){
b.append((char) ch);
}
is.close();
c.disconnect();
// b contains the data returned from the server
return(b.toString());
}
}

I receive "Server returned HTTP response code: 401"

Bye
Alessandro

 

[Rogan Dawes]

Hi
I'm writing a class which tries to access to an https web page which
has an user/password and a certificate. I need to access to this page
programmaticaly because I have to post some data looping a set of data.
The probelm is that I receive an error and my code doesn't work. My
question is: If I haven't the certificate installed on my PC, Can I
access to this page with my class? And if this is possible, who can
help me? Thank you in advance.

I receive "Server returned HTTP response code: 401"

Bye
Alessandro

401 is the server returning an "Unauthorised" response.

I'm not sure if Java actually supports the "userassword@url" notation.

You may need to add an "Authorization: Basic " +
base64(usernameassword) header to authenticate yourself to the server.

Or possibly the Url class has some specific support for this.

Rogan