Hi, Thanks for the reply.
I changed the code a bit but it still causes me problems.
private StringBuffer httpGet(String cmd) {
Debug.getInstance().printUsingDebug(
"AptiloHTTPCommand-> httpGet-> START");
int retry = 0;
StringBuffer returnVal;
HttpClient httpclient = new HttpClient();
GetMethod get = new GetMethod(cmd);
returnVal = new StringBuffer("");
System.out.println("COMMAND : " + cmd);
HttpMethodParams httpParams = new HttpMethodParams();
httpParams.setSoTimeout(httpTimeout);
get.setParams(httpParams);
while (retry <= retryCount) {
try {
Protocol authhttps = new Protocol("https",
new AuthSSLProtocolSocketFactory(
new URL(
"file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"),
"112233",
new URL(
"file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"),
"112233"), 443);
// httpclient.getHostConfiguration().setHost("localhost", 443,
authhttps);
Protocol.registerProtocol("https", authhttps);
int result = httpclient.executeMethod(get); // Point where keyStore
is initialized.
int statusCode = get.getStatusCode();
System.out.println("Sent at " +
DateAndTime.returnDateAndTime(System.
currentTimeMillis()));
System.out.println("STATUS CODE OF GET METHOD:" + statusCode);
System.out.println("\nResult is :\n---");
returnVal = new StringBuffer(get.getResponseBodyAsString());
System.out.println(returnVal);
System.out.println("---\n");
get.releaseConnection();
Debug.getInstance().printUsingDebug(
"AptiloHTTPCommand-> httpGet-> END");
return returnVal;
}
catch (IOException i) {
................
What I did was I created a new keystore using
keytool -genkey -v -alias "my client key" -validity 365 -keystore
my.keystore
Then I ran the program... This time I didn't get any
> java.security.KeyStoreException: No private keys found in keystore!
or
> java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
Errors.
So when it determines that I don't have the certificate it adds the
certificate to my.keystore and saves and retries again. But still it
generates a
sun.security.validator.ValidatorException: No trusted certificate found
Error. And now even if I restart the program it still generates the same
error meaning the program is not even looking at the new keyStore but
instead looking in the default keystore in
$JAVA_HOME\jre\lib\security\cacerts
Please Help
Reguards
Dhanushka Amrakoon
-----Original Message-----
From: Roland Weber [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 28, 2007 8:19 PM
To: HttpClient User Discussion
Subject: Re: HTTPS Certification problem
Dhanushka Amarakoon wrote:
> while (retry <= retryCount) {
> System.setProperty("javax.net.ssl.trustStore", keyStore);
>
> HttpClient httpclient = new HttpClient();
That is bad. You should instantiate HttpClient only once
and re-use the instance. At the very least you should
shutdown the connection manager before forgetting about
an HttpClient instance. Used like this, your code is
leaking open socket connections, leaving them to mercy
of the garbage collector.
> I noticed that it initialises the keystore only the first time it connects
> to any site and until i restart my program it wont initialize the keystore
> again. Meaning even if the method saves the new certificate in the
keystore
> the program seems to refer to the old keystore and not the updated one.
Exactly. The keystore is loaded once from the file to memory, then the
data in memory is used. I assume it is possible to update the keystore
explicitly at runtime, or to instantiate a new SSL context with the
modified keystore. Please refer to the SSL and JSSE documentation.
> I tried using AuthSSLProtocolSocketFactory but it throws a error
>
> java.security.KeyStoreException: No private keys found in keystore!
>
> And when I modify the keystore and add a new key I created via keytool I
get
> the message
>
> java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
There are several different and incompatible formats for key stores.
You probably use the wrong one, or fail to tell the correct format
when loading the keystore. AuthSSLProtocolSocketFactory is meant to
be adapted to your specific needs, so you should dive into the code
and fix it until it works for you.
Have a look at not-yet-commons-ssl, it might help you with the
different keystore formats:
http://juliusdavies.ca/commons-ssl/
hope that helps,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
