This question already has answers here:
Trusting all certificates using HttpClient over HTTPS
(22 answers)
Closed 8 years ago.
I'm trying to hit an https site through an Android client:
URL url = new URL(myurl);
Log.d("Connection", myurl);
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setReadTimeout(10000 /* milliseconds */);
conn.setConnectTimeout(15000 /* milliseconds */);
conn.addRequestProperty("Content-Type", "application/json");
conn.setRequestMethod("POST");
conn.setDoInput(true);
// Starts the query
Log.d("Connection", "Connecting...");
conn.connect();
The connect call is throwing an exception:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
EDIT: I'm told the site is using a self-signed certificate, and since this is only a prototype I just need to trust all hosts so it will work. Can someone point me toward a simple example of doing this? The code I've seen online gets quite complicated, I just want to do a hacky bypass of any verification.
Are you sure that the password you are supplying is correct? This answer suggests that the connection can appear to hang if the password is incorrect.
I fixed it by creating a new .csr with the right Organizational Unit Name and Common Name
Hope you are using HTTPS in your URL.
Related
This question already has answers here:
Persistent HttpURLConnection in Java
(3 answers)
Closed 9 years ago.
I am interested in reusing an HttpUrlConnection (as part of a statefull protocol between server and client that I'm developing).
I know that there is an Connection=keep-alive header for persistent http.
Now, I want to know how to reuse such a conenction.
I have written this code:
URL u = new java.net.URL("http://localhost:8080/Abc/Def");
HttpURLConnection c = (HttpURLConnection) u.openConnection();
c.setRequestMethod("GET");
c.setRequestProperty("Connection", "keep-alive");
c.setHeader("A","B");
c.getInputStream() //here I see that server gets my messages (using DEBUG)
c.setHeader("B","C"); //
Now how do I resend this "B" header to the server, I tried re-connect etc,but nothing gets it to work.
And the server also perform response.setHeader("Connection", "keep-alive");
I've looked in many forums, but no one wrote about this. Maybe HttpURLConnection doesn't handle this?
You don't. You close this one and create a new one. It does TCP connection pooling and keepalive behind the scenes.
The following code is the common way of establishing a connection to create an array of certificates by given a URL link (that I use it in my program):
URL destinationURL = new URL("https://www.google.com");
HttpsURLConnection con = (HttpsURLConnection) destinationURL.openConnection();
con.connect();
Certificate[] certs = con.getServerCertificates();
My question is how con.getServerCertificates() really imports all the certificates chanining into Java from given a URL link, does con.getServerCertificates() always set a SSL connection to the webpage and import all the certificates chaining into an array OR does it just use (cacerts file) that comes with JKD ?
It connects to the server and gets the certificates.
There's no way it could have all the certificates already stored in a file, because then Java would have to update every time a certificate was added, removed or replaced anywhere on the Internet. And that obviously doesn't happen.
I inherited some code, no clue what it's trying to do (I commented what i think its doing), the original coder left my organization years ago... I'm hoping the great community here can at least point me in some direction as to what this code might be trying to do, and where I can start looking for a solution...
Java code
//Read java.security file from JDK and create a Security provider from it
PropertyFileReader reader = new PropertyFileReader();
Security.addProvider(new IBMJSSEProvider());
Security.setProperty("ssl.SocketFactory.provider",
"com.ibm.jsse2.SSLSocketFactoryImpl");
System.getProperties().putAll(
reader.readProperties("security.properties"));
//Set some authentication stuff
Authenticator.setDefault(new PasswordAuthentication("User", "Password"));
// get url to servlet (note, actual application has valid url)
url = new URL("Connection URL");
// Set out HTTP URL connection
httpURLConnection = (HttpURLConnection) url.openConnection();
httpURLConnection.setRequestProperty("Authorization", "Basic ");
httpURLConnection.setDoInput(true);
httpURLConnection.setDoOutput(true);
httpURLConnection.setUseCaches(false);
httpURLConnection.setDefaultUseCaches(false);
httpURLConnection.setRequestProperty("Content-Type",
"application/x-www-form-urlencoded");
httpURLConnection.setRequestMethod("POST");
//EXCEPTION IS THROWN HERE!
DataOutputStream outputStream = new DataOutputStream(
httpURLConnection.getOutputStream());
Stack trace
javax.net.ssl.SSLKeyException: RSA premaster secret error
at com.ibm.jsse2.fb.<init>(fb.java:38)
at com.ibm.jsse2.hb.a(hb.java:200)
at com.ibm.jsse2.hb.a(hb.java:70)
at com.ibm.jsse2.gb.n(gb.java:223)
at com.ibm.jsse2.gb.a(gb.java:170)
at com.ibm.jsse2.sc.a(sc.java:595)
at com.ibm.jsse2.sc.g(sc.java:284)
at com.ibm.jsse2.sc.a(sc.java:200)
at com.ibm.jsse2.sc.startHandshake(sc.java:205)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsU RLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.jav a:230)
What kind of connection is this considered?
What the heck is a RSA Premaster Secret?
What / Where should I start looking / studying to understand whats going on?
Thanks!
I had a similar issue today with our web app. The guys in system admin room updated the Java version without asking anyone. After hours of searching i found something useful.
Here is the link if you are still interested:
https://community.oracle.com/thread/1533888
The solution: Just remove the updated java version from your server Classpath and try to install the old java version.
similar question in Stackoverflow:
SSL IOExceptionjavax.net.ssl.SSLKeyException: RSA premaster secret error
This question already has answers here:
Persistent HttpURLConnection in Java
(3 answers)
Closed 9 years ago.
I am interested in reusing an HttpUrlConnection (as part of a statefull protocol between server and client that I'm developing).
I know that there is an Connection=keep-alive header for persistent http.
Now, I want to know how to reuse such a conenction.
I have written this code:
URL u = new java.net.URL("http://localhost:8080/Abc/Def");
HttpURLConnection c = (HttpURLConnection) u.openConnection();
c.setRequestMethod("GET");
c.setRequestProperty("Connection", "keep-alive");
c.setHeader("A","B");
c.getInputStream() //here I see that server gets my messages (using DEBUG)
c.setHeader("B","C"); //
Now how do I resend this "B" header to the server, I tried re-connect etc,but nothing gets it to work.
And the server also perform response.setHeader("Connection", "keep-alive");
I've looked in many forums, but no one wrote about this. Maybe HttpURLConnection doesn't handle this?
You don't. You close this one and create a new one. It does TCP connection pooling and keepalive behind the scenes.
I have the java code like this :
URL url = new URL(endPoint);
String encoding = Base64.encodeBase64String(this.key.getBytes());
connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setDoOutput(true);
which is opening a ssl connection. Lets say the endPoint does uses a self-singed certificate and act as a original website. Is it possible to prevent these sort of things in the java code?
Thanks in advance.
By default, the SSL implementation in Java checks against a list of trusted certification authorities, which is included in the Java VM. Unless you extend the default trust store, specify a different trust store at run time or provide your own implementation of a TrustManager and/or HostnameVerifier, you will not be able to make an SSL connection to a server with a self-signed certificate.
If you for some reason need access to the server certificates after you have established the connection, you can get these from an HttpsURLConnection like this:
URL url = new URL("https://www.google.com");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.connect();
for(Certificate crt : conn.getServerCertificates()) {
System.out.println(crt);
}