Hello,
do you have to use ApacheHttpClient (3.x)? Can you please try without
it? (Then HTTPSProperties will work as expected, see test class in
https-clientserver-grizzly example [1]).
And if you need ApacheHttpClient integration, can you use 4.x? There is
a possibility to obtain original Apache Client instance and set whatever
you need there..
Regards,
Pavel
[1]
http://search.maven.org/remotecontent?filepath=com/sun/jersey/samples/https-clientserver-grizzly/1.12/https-clientserver-grizzly-1.12-project.zip
On 6/5/12 2:30 AM, Brendan cheng wrote:
> Hi,
> I tried to use Jersey client to connect to my HTTPS server with self signed certificate.The result of the following is my system still locate the java default trust store:
> trustStore is: /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts
> instead of my program one. I tested my server with javascript which is running fine.
> import com.sun.jersey.api.client.WebResource;
> import com.sun.jersey.client.urlconnection.HTTPSProperties;
>
>
> import javax.net.ssl.HostnameVerifier;
> import javax.net.ssl.HttpsURLConnection;
> import javax.net.ssl.SSLContext;
> import javax.net.ssl.TrustManager;
>
>
> import java.security.cert.CertificateException;
> import java.security.cert.X509Certificate;
> import java.security.SecureRandom;
> import javax.net.ssl.X509TrustManager;
> import javax.ws.rs.core.MediaType;
> import javax.ws.rs.core.UriBuilder;
>
>
> import com.sun.jersey.client.apache.ApacheHttpClient;
> import com.sun.jersey.client.apache.config.DefaultApacheHttpClientConfig;
>
>
> public class abc {
>
> public static class FakeHostnameVerifier implements HostnameVerifier {
>
> public boolean verify(String hostname,
> javax.net.ssl.SSLSession session) {
> return(true);
> } // verify
> } // FakeHostnameVerifier
>
>
> /**
> * @param args
> */
> public static void main(String[] args) {
>
>
> System.setProperty("javax.net.debug", "ssl");
>
>
> TrustManager[] certs = new TrustManager[] { new X509TrustManager() {
> @Override
> public X509Certificate[] getAcceptedIssuers() {
> return new X509Certificate[] {};
> }
>
>
> @Override
> public void checkServerTrusted(X509Certificate[] chain,
> String authType) throws CertificateException {
> }
>
>
> @Override
> public void checkClientTrusted(X509Certificate[] chain,
> String authType) throws CertificateException {
> }
> } };
>
>
> SSLContext ctx = null;
> try {
> ctx = SSLContext.getInstance("TLS");
> ctx.init(null, certs, new SecureRandom());
> } catch (java.security.GeneralSecurityException ex) {
> }
>
>
> HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
> HttpsURLConnection.setDefaultHostnameVerifier(new FakeHostnameVerifier());
>
>
> DefaultApacheHttpClientConfig config = new DefaultApacheHttpClientConfig();
>
>
> config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
> new HTTPSProperties(new FakeHostnameVerifier(), ctx));
>
>
> config.getState()
> .setCredentials("abc", null, -1, "1101", "123");
>
>
> ApacheHttpClient client = ApacheHttpClient.create(config);
> WebResource webResource = client.resource(UriBuilder
> .fromUri("https://192.168.33.156/abc").port(8000).build());
>
>
> System.out.println(webResource.path("Account")
> .accept(MediaType.APPLICATION_XML_TYPE).get(String.class));
>
>
> }
>
>
> }
>
>