users@jersey.java.net

[Jersey] Re: How to setup Https connection with self signed certificate?

From: Brendan cheng <ccp999_at_hotmail.com>
Date: Tue, 5 Jun 2012 06:02:37 +0000

Pavel,
you're right! ApacheHttpClient is the problem and I changed to jersey client and it works fine.
brendan

----------------------------------------
> Date: Tue, 5 Jun 2012 07:56:03 +0200
> From: pavel.bucek_at_oracle.com
> To: users_at_jersey.java.net
> Subject: [Jersey] Re: How to setup Https connection with self signed certificate?
>
> Hello,
>
> do you have to use ApacheHttpClient (3.x)? Can you please try without
> it? (Then HTTPSProperties will work as expected, see test class in
> https-clientserver-grizzly example [1]).
>
> And if you need ApacheHttpClient integration, can you use 4.x? There is
> a possibility to obtain original Apache Client instance and set whatever
> you need there..
>
> Regards,
> Pavel
>
>
> [1]
> http://search.maven.org/remotecontent?filepath=com/sun/jersey/samples/https-clientserver-grizzly/1.12/https-clientserver-grizzly-1.12-project.zip
>
> On 6/5/12 2:30 AM, Brendan cheng wrote:
> > Hi,
> > I tried to use Jersey client to connect to my HTTPS server with self signed certificate.The result of the following is my system still locate the java default trust store:
> > trustStore is: /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts
> > instead of my program one. I tested my server with javascript which is running fine.
> > import com.sun.jersey.api.client.WebResource;
> > import com.sun.jersey.client.urlconnection.HTTPSProperties;
> >
> >
> > import javax.net.ssl.HostnameVerifier;
> > import javax.net.ssl.HttpsURLConnection;
> > import javax.net.ssl.SSLContext;
> > import javax.net.ssl.TrustManager;
> >
> >
> > import java.security.cert.CertificateException;
> > import java.security.cert.X509Certificate;
> > import java.security.SecureRandom;
> > import javax.net.ssl.X509TrustManager;
> > import javax.ws.rs.core.MediaType;
> > import javax.ws.rs.core.UriBuilder;
> >
> >
> > import com.sun.jersey.client.apache.ApacheHttpClient;
> > import com.sun.jersey.client.apache.config.DefaultApacheHttpClientConfig;
> >
> >
> > public class abc {
> >
> > public static class FakeHostnameVerifier implements HostnameVerifier {
> >
> > public boolean verify(String hostname,
> > javax.net.ssl.SSLSession session) {
> > return(true);
> > } // verify
> > } // FakeHostnameVerifier
> >
> >
> > /**
> > * @param args
> > */
> > public static void main(String[] args) {
> >
> >
> > System.setProperty("javax.net.debug", "ssl");
> >
> >
> > TrustManager[] certs = new TrustManager[] { new X509TrustManager() {
> > @Override
> > public X509Certificate[] getAcceptedIssuers() {
> > return new X509Certificate[] {};
> > }
> >
> >
> > @Override
> > public void checkServerTrusted(X509Certificate[] chain,
> > String authType) throws CertificateException {
> > }
> >
> >
> > @Override
> > public void checkClientTrusted(X509Certificate[] chain,
> > String authType) throws CertificateException {
> > }
> > } };
> >
> >
> > SSLContext ctx = null;
> > try {
> > ctx = SSLContext.getInstance("TLS");
> > ctx.init(null, certs, new SecureRandom());
> > } catch (java.security.GeneralSecurityException ex) {
> > }
> >
> >
> > HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
> > HttpsURLConnection.setDefaultHostnameVerifier(new FakeHostnameVerifier());
> >
> >
> > DefaultApacheHttpClientConfig config = new DefaultApacheHttpClientConfig();
> >
> >
> > config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
> > new HTTPSProperties(new FakeHostnameVerifier(), ctx));
> >
> >
> > config.getState()
> > .setCredentials("abc", null, -1, "1101", "123");
> >
> >
> > ApacheHttpClient client = ApacheHttpClient.create(config);
> > WebResource webResource = client.resource(UriBuilder
> > .fromUri("https://192.168.33.156/abc").port(8000).build());
> >
> >
> > System.out.println(webResource.path("Account")
> > .accept(MediaType.APPLICATION_XML_TYPE).get(String.class));
> >
> >
> > }
> >
> >
> > }
> >
> >
>