1 2 3 Previous Next 36 Replies Latest reply on May 30, 2011 10:23 AM by EJP

    SSL code returns HTTPClient.HttpURLConnection

      Challenge: connect to a secured site to post some data.
      Issue: tried several ways, HTTPSURLConnection is not getting obtained, just HTTPClient.HttpURLConnection every time.

      Environment: OS - Linux, version 2.6.9.
      java.version: 1.5.0_10.
      Server: Oracle iAS Apache Jserv.

      Security providers list when printed with a loop:
      Provider[] p = Security.getProviders();
              for(int i=0;i<p.length;i++)
      SUN-1.5-sun.security.provider.Sun-SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
      SunRsaSign-1.5-sun.security.rsa.SunRsaSign-Sun RSA signature provider
      SunJSSE-1.5-com.sun.net.ssl.internal.ssl.Provider-Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
      SunJCE-1.5-com.sun.crypto.provider.SunJCE-SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)
      SunJGSS-1.0-sun.security.jgss.SunProvider-Sun (Kerberos v5)
      SunSASL-1.5-com.sun.security.sasl.Provider-Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
      default environment property value for java.protocol.handler.pkgs is HTTPClient
      (Is there anything need to be done to change this so that it can check the standard JSSE packages from javax ?)
      https.proxyHost and https.proxyPort are set to proper network proxy server.
      Keystroke is initialized as follows:
      KeyStore ks = KeyStore.getInstance("JKS");
      ks.load(new FileInputStream(keyStoreName), keyStorePassword.toCharArray());
      KeyManagerFactory is initialized as follows:
      KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
      TrustManager is initialized as follows:
      TrustManager[] tms = new javax.net.ssl.TrustManager[]
      new javax.net.ssl.X509TrustManager()
      public void checkClientTrusted(java.security.cert.X509Certificate[] certs,String authType){}
      public void checkServerTrusted(java.security.cert.X509Certificate[] certs,String authType){}
      public java.security.cert.X509Certificate[] getAcceptedIssuers(){ return null; }                                              
      SSLContext is obtained as:
      SSLContext sc = SSLContext.getInstance("SSL");
      sc.init(kmf.getKeyManagers(), tms, new java.security.SecureRandom());
      Its provider info when printed using sc.getProvider().getName()+sc.getProvider().getInfo() in debug is
      SunJSSESun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
      Finally, defaults for HTTPS are set (before  any urlconnection is opened) as below.
      SSLSocketFactory sslsf = sc.getSocketFactory();
      Now, url is opened as (with proper https prefix url)
      url = new URL(httpsweblink);
      and url.openConnection() is not resulting in HTTPS.
      May I Please know how to fix this please !
      Thanks a lot in advance for any kind help here!
      Edited by: 817816 on May 16, 2011 11:09 PM
      Edited by: 817816 on May 16, 2011 11:15 PM
      Edited by: 817816 on May 16, 2011 11:17 PM                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
        • 1. Re: SSL code returns HTTPClient.HttpURLConnection
          Please edit that mess to get rid of all the bold-face and use {noformat}
          {noformat} tags, so we have some chance of actually reading it.                                                                                                                                                                                                                                                                                            
          • 2. Re: SSL code returns HTTPClient.HttpURLConnection
            Thanks, now it looks little better I guess, pls check.
            • 3. Re: SSL code returns HTTPClient.HttpURLConnection
              default environment property value for java.protocol.handler.pkgs is HTTPClient
              Anything you read about changing this property is obsolete, pre 1.3. If you have any code that does so, remove it.
              (Is there anything need to be done to change this so that it can check the standard JSSE packages from javax ?)
              Not @since 1.3.
              TrustManager is initialized as follows:
              Don't use that. Use a proper truststore. This thing is insecure.
              url.openConnection() is not resulting in HTTPS
              What exactly do you mean by that?
              • 4. Re: SSL code returns HTTPClient.HttpURLConnection
                java.protocol.handler.pkgs is not changed through code, only captured in output logs.
                updated with proper trsuststore.
                Regd. getting the HttpsURLConnection from URL, notsure if I mistaken from the [JSEE Docs|http://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#HttpsURLConnectionEx] that if initialization is all fine,
                by default the javax.net.ssl.HttpsURLConnection is returned from the https handler...trying to find the proper way to get through.
                • 5. Re: SSL code returns HTTPClient.HttpURLConnection
                  So what is the class of the returned HttpURLConnection object?
                  • 6. Re: SSL code returns HTTPClient.HttpURLConnection
                    HTTPClient.HttpURLConnection - not able to figure out how this is coming into the scope with all default packages.
                    No external reference libraries have been set with this code.
                    • 7. Re: SSL code returns HTTPClient.HttpURLConnection
                      You must have something installed or configured or set somewhere that does that. Is the package name really 'HTTPClient'? and do you have such a package yourself?

                      Having said that, unless you have per-connection SSL requirements, I would junk all that code, just set the system properties javax.net.ssl.keyStore/keyStorePassword/trustStore appropriately, and use new URL(...).
                      • 8. Re: SSL code returns HTTPClient.HttpURLConnection
                        Cross posted - http://www.coderanch.com/t/538060/Security/SSL-code-returns-HTTPClient-HttpURLConnection
                        • 9. Re: SSL code returns HTTPClient.HttpURLConnection
                          yep...was seeking help from folks around here with my same initial note, I heard that there were no responses, hence rushed to oracle forums where I found to be lucky finding valuable help !
                          • 10. Re: SSL code returns HTTPClient.HttpURLConnection
                            I initially thought this has something to do with the parameter java.protocol.handler.pkgs with default value HTTPClient
                            but from the initial response, seems this may not be an issue, as you said, its change is not impacting anyway.
                            HTTPClient.HttpURLConnection is what I am getting in the trace when tried to print URL object.
                            • 11. Re: SSL code returns HTTPClient.HttpURLConnection
                              It does have to do with that. Find whatever is setting it and remove it. Or reset it to empty yourself. I just said not to set it to anything. And also find the JAR containing the class and remove it.
                              1 person found this helpful
                              • 12. Re: SSL code returns HTTPClient.HttpURLConnection
                                I've cleared it, seems it is through now, getting stream is showing some delay will get back soon.
                                Another item to highlight...out of all the security providers listed with code above using Security.getProviders(),
                                I wanted to bring the JSSE Provider class i.e. com.sun.net.ssl.internal.ssl.Provider to the position one (index# 1) since
                                this is the standard JSSE, but seems there is no possibility for this, other than removing the rest of providers.
                                Just trying how to get this (change the index of a provider) and also to find out which provider is getting used and whether this makes any difference !

                                Edited by: 817816 on May 17, 2011 8:30 AM
                                • 13. Re: SSL code returns HTTPClient.HttpURLConnection
                                  I wanted to bring the JSSE Provider class i.e. com.sun.net.ssl.internal.ssl.Provider to the position one (index# 1)
                                  No you don't, you want to leave it where it is, or rather make it identical to a standard JRE installation.
                                  since this is the standard JSSE, but seems there is no possibility for this, other than removing the rest of providers.
                                  They are crypto providers not just JSSE providers. Don't mess with this.
                                  • 14. Re: SSL code returns HTTPClient.HttpURLConnection
                                    Sure, thanks for all valuable suggestions EJP!
                                    Initial hit was successful, unfortunately, the vendor's HTTPS test instance is on outage.
                                    I'll have the results posted after one full test ASAP...I believe we are all set.
                                    1 2 3 Previous Next