HttpsURLConnection

darolla · by **darolla** » Wed Apr 15, 2009 7:21 am

Hi,

I need to open a HttpsURLConnection with my own certificate. I've
found this for Java (not Android) on http://forums.sun.com/thread.jspa?threa ... ID=1886339

Syntax: [ Download ] [ Hide ]

Using java Syntax Highlighting

 
        public static String readFromURL( String httpsUrl, String login, String password ) throws NoSuchAlgorithmException,  KeyManagementException, MalformedURLException, UnknownHostException, IOException {
 
                // Variabeln
 
                TrustManager[]          trustAllCerts;
 
                SSLContext                      sc;
 
                URL                                     url;
 
                HttpsURLConnection      connection;
 
                String                          s;
 
                String                          base64;
 
                BufferedReader          reader;
 
                StringBuffer            str;
 
                String                          line;
 
                trustAllCerts = new TrustManager[] { new X509TrustManagerImpl() };              
 
                // Let us create the factory where we can set some parameters for the connection
 
                sc = SSLContext.getInstance( "SSL" );
 
                sc.init( null, trustAllCerts, new SecureRandom() );
 
                // Create the socket connection and open it to the secure remote web server
 
                url = new URL( httpsUrl );
 
                HttpsURLConnection.setDefaultSSLSocketFactory( sc.getSocketFactory() );
 
                connection = (HttpsURLConnection)url.openConnection();
 
                // Once the connection is open to the remote server we have to replace the default HostnameVerifier
 
                // with one of our own since we want the client to bypass the peer and submitted host checks even
 
                // if they are not equal. If this routine were not here, then this client would claim that the submitted
 
                // host and the peer host are not equal.
 
                connection.setHostnameVerifier( new HostnameVerifierImpl() );
 
                // Make this URL connection available for input and output
 
                connection.setDoOutput( true );
 
                // Login
 
            s      = login + ":" + password;
 
            base64 = "Basic " + new BASE64Encoder().encode( s.getBytes() );                     
 
            connection.setRequestProperty( "Authorization", base64 );
 
            connection.connect();
 
            // vom Stream lesen und als String zurückgeben
 
        reader = new BufferedReader( new InputStreamReader( connection.getInputStream() ) );
 
        str    = new StringBuffer();
 
        while( (line = reader.readLine()) != null ) {
 
                str.append( line + "\n" );
 
        }
 
        return( str.toString() );           
 
        }
 
Parsed in 0.037 seconds,  using GeSHi 1.0.8.4

Syntax: [ Download ] [ Hide ]

Using java Syntax Highlighting

 
public class X509TrustManagerImpl implements X509TrustManager {
 
        // Log4J
 
        private static Logger logger = Logger.getLogger( X509TrustManagerImpl.class );
 
        /**
 
         * Return an array of certificate authority certificates which are trusted 
 
         * for authenticating peers.
 
         * @return <code>X509Certificate[]</code> - Return an array of certificate 
 
         * authority certificates which are trusted for authenticating peers.
 
         */
 
        public X509Certificate[] getAcceptedIssuers() {
 
                return( null );
 
        }
 
        /**
 
         * Given the partial or complete certificate chain provided by the peer, 
 
         * build a certificate path to a trusted root and return if it can be 
 
         * validated and is trusted for client SSL authentication based on the 
 
         * authentication type. The authentication type is determined by the 
 
         * actual certificate used. For instance, if RSAPublicKey is used, the 
 
         * authType should be "RSA". Checking is case-sensitive.
 
         * @param chain <code>X509Certificate[]</code> the peer certificate chain 
 
         * @param authType <code>String</code> the authentication type based on 
 
         * the client certificate
 
         */
 
        public void checkClientTrusted( X509Certificate[] chain, String authType ) {            
 
        }
 
        /**
 
         * Given the partial or complete certificate chain provided by the peer, 
 
         * build a certificate path to a trusted root and return if it can be 
 
         * validated and is trusted for server SSL authentication based on the 
 
         * authentication type. The authentication type is the key exchange 
 
         * algorithm portion of the cipher suites represented as a String, such 
 
         * as "RSA", "DHE_DSS". Note: for some exportable cipher suites, the key 
 
         * exchange algorithm is determined at run time during the handshake. For 
 
         * instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5, the authType should be 
 
         * RSA_EXPORT when an ephemeral RSA key is used for the key exchange, and 
 
         * RSA when the key from the server certificate is used. Checking is 
 
         * case-sensitive.
 
         * @param chain <code>X509Certificate[]</code> the peer certificate chain 
 
         * @param authType <code>String</code> the authentication type based on 
 
         * the client certificate
 
         */
 
        public void checkServerTrusted( X509Certificate[] chain, String authType ) {            
 
        }
 
}
 
Parsed in 0.033 seconds,  using GeSHi 1.0.8.4

Syntax: [ Download ] [ Hide ]

Using java Syntax Highlighting

 
public class HostnameVerifierImpl implements HostnameVerifier {
 
        // Log4J
 
        private static Logger logger = Logger.getLogger( HostnameVerifierImpl.class );
 
        /**
 
         * Verify that the host name is an acceptable match with the server's authentication scheme. 
 
         * @param hostname <code>String</code> the host name
 
         * @param session <code>SSLSession</code> SSLSession used on the connection to hos 
 
         */
 
        public boolean verify( String hostname, SSLSession session ) {
 
                if( ! hostname.equals( session.getPeerHost() ) ) {
 
                        logger.warn( "Das Zertifikat " + session.getPeerHost() + " passt nicht zum Host " + hostname );
 
                }
 
                return true;
 
        }       
 
}
 
Parsed in 0.035 seconds,  using GeSHi 1.0.8.4

the problem inside android is, that base64encoder isnt integrated.

i've found a working one inside the jar: http://www.winterwell.com/software/jtwitter.php

but its still not working. ssl seems not to be inside android

can you help me on this?

I can send the exception later...

greetings
darolla

androidUser · by **androidUser** » Wed Apr 15, 2009 1:17 pm

Its very simple.

Try this,

String URL_UPDATE = "http://ipaddress:Port/axis2/services/StockQuoteService/update?symbol=demo&price="+inputPrice;

HttpUriRequest request = null;

DefaultHttpClient client = new DefaultHttpClient();

request = new HttpGet(URL_UPDATE);

try {

client.execute(request);

} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}

darolla · by **darolla** » Wed Apr 15, 2009 1:58 pm

well, thank you, but using the httpclient doesnt help me much. because I need input- and outputstreams to my servlet, and this only works with urlconnection. and beside this I need https over ssl.

greetings,
darolla

padde · by **padde** » Wed Apr 15, 2009 2:53 pm

First i have to say i have not tested this code.. its part of a huge app and i copy&pasted it from there..
i hope nothing is missing.. but i am quite sure that this will help.

First the connectionclient class

Syntax: [ Download ] [ Hide ]

Using java Syntax Highlighting

 
package de.connection;
 
import java.security.KeyManagementException;
 
import java.security.KeyStoreException;
 
import java.security.NoSuchAlgorithmException;
 
import java.security.UnrecoverableKeyException;
 
import org.apache.http.auth.AuthScope;
 
import org.apache.http.auth.Credentials;
 
import org.apache.http.conn.scheme.Scheme;
 
import org.apache.http.impl.client.BasicCredentialsProvider;
 
import org.apache.http.impl.client.DefaultHttpClient;
 
import org.apache.http.params.HttpConnectionParams;
 
public class ConnectionClient extends DefaultHttpClient {
 
    public ConnectionClient(Credentials cred) {
 
        super();
 
        setCredentials(cred);
 
        HttpConnectionParams.setConnectionTimeout(this.getParams(), 15000);
 
    }
 
    public ConnectionClient(Credentials cred, int port) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
 
        super();
 
        registerTrustAllScheme(port);
 
        setCredentials(cred);
 
    }
 
    private void registerTrustAllScheme(int port) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
 
        TrustAllSSLSocketFactory tasslf = new TrustAllSSLSocketFactory();
 
        Scheme sch = new Scheme("https", tasslf, port); 
 
        getConnectionManager().getSchemeRegistry().register(sch);       
 
    }
 
    private void setCredentials(Credentials cred) {
 
        BasicCredentialsProvider cP = new BasicCredentialsProvider(); 
 
        cP.setCredentials(AuthScope.ANY, cred); 
 
        setCredentialsProvider(cP);
 
    }
 
}       
 
Parsed in 0.041 seconds,  using GeSHi 1.0.8.4

Trust all Manager

Syntax: [ Download ] [ Hide ]

Using java Syntax Highlighting

 
package de.connection;
 
import java.security.cert.CertificateException;
 
import java.security.cert.X509Certificate;
 
import javax.net.ssl.X509TrustManager;
 
public class TrustAllManager implements X509TrustManager {
 
    public void checkClientTrusted(X509Certificate[] cert, String authType) throws CertificateException { } 
 
    public void checkServerTrusted(X509Certificate[] cert, String authType) throws CertificateException { } 
 
    public X509Certificate[] getAcceptedIssuers() { return null; } 
 
}
 
Parsed in 0.037 seconds,  using GeSHi 1.0.8.4

Trust All SSL Socket Factory

Syntax: [ Download ] [ Hide ]

Using java Syntax Highlighting

 
package de.connection;
 
import java.io.IOException;
 
import java.net.InetAddress;
 
import java.net.Socket;
 
import java.security.KeyManagementException;
 
import java.security.KeyStoreException;
 
import java.security.NoSuchAlgorithmException;
 
import java.security.UnrecoverableKeyException;
 
import javax.net.ssl.SSLContext;
 
import javax.net.ssl.TrustManager;
 
import org.apache.http.conn.scheme.SocketFactory;
 
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
 
import org.apache.http.conn.ssl.SSLSocketFactory;
 
public class TrustAllSSLSocketFactory extends SSLSocketFactory {
 
    private javax.net.ssl.SSLSocketFactory factory; 
 
    public TrustAllSSLSocketFactory() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
 
        super(null);
 
            try { 
 
                SSLContext sslcontext = SSLContext.getInstance("TLS"); 
 
                sslcontext.init(null, new TrustManager[] { new TrustAllManager() }, null); 
 
                factory = sslcontext.getSocketFactory();
 
                setHostnameVerifier(new AllowAllHostnameVerifier());                    
 
            } catch(Exception ex) { } 
 
    } 
 
    public static SocketFactory getDefault() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException { return new TrustAllSSLSocketFactory(); } 
 
    public Socket createSocket() throws IOException { return factory.createSocket(); } 
 
    public Socket createSocket(Socket socket, String s, int i, boolean flag) throws IOException { return factory.createSocket(socket, s, i, flag); } 
 
    public Socket createSocket(InetAddress inaddr, int i, InetAddress inaddr1, int j) throws IOException { return factory.createSocket(inaddr, i, inaddr1, j); } 
 
    public Socket createSocket(InetAddress inaddr, int i) throws IOException { return factory.createSocket(inaddr, i); } 
 
    public Socket createSocket(String s, int i, InetAddress inaddr, int j) throws IOException { return factory.createSocket(s, i, inaddr, j); } 
 
    public Socket createSocket(String s, int i) throws IOException { return factory.createSocket(s, i); } 
 
    public String[] getDefaultCipherSuites() { return factory.getDefaultCipherSuites(); } 
 
    public String[] getSupportedCipherSuites() { return factory.getSupportedCipherSuites(); } 
 
}
 
Parsed in 0.045 seconds,  using GeSHi 1.0.8.4

and here an example how to use this...

Syntax: [ Download ] [ Hide ]

Using java Syntax Highlighting

 
ConnectionClient con = returnConn("https://www.sercuresite.com:1234", "testuser", "secredpassword");
 
private ConnectionClient returnConn(URI uri, String user, String pass) {
 
    ConnectionClient conn = null;
 
    try {               
 
        UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user, pass);
 
        if(uri.getScheme() == "https") {
 
            if(uri.getPort() == -1)
 
                conn = new ConnectionClient(creds, 443);
 
            else
 
                conn = new ConnectionClient(creds, uri.getPort());
 
        } else conn = new ConnectionClient(creds);
 
    } catch (KeyManagementException e) {
 
    } catch (NoSuchAlgorithmException e) {
 
    } catch (KeyStoreException e) {
 
    } catch (UnrecoverableKeyException e) {}
 
    return conn;
 
}
 
Parsed in 0.038 seconds,  using GeSHi 1.0.8.4

Greets
Padde

The Spirit · by **The Spirit** » Wed Apr 22, 2009 8:42 am

what app is this code part of?
do you have a link to the complete source code?
would be great

padde · by **padde** » Wed Apr 22, 2009 10:51 am

That app is from me and i could give you parts of source
but not all because its part of my diploma and written for
a company that might want to sell the app in the future.

Greets
Padde

The Spirit · by **The Spirit** » Wed Apr 22, 2009 11:26 am

hi.
it´s ok. thanks for info

darolla · by **darolla** » Fri Sep 04, 2009 4:28 pm

padde wrote:That app is from me and i could give you parts of source
but not all because its part of my diploma and written for
a company that might want to sell the app in the future.

Greets
Padde

I am writing on my bachelor thesis. how far are you?

greetings,
darolla

padde · by **padde** » Fri Sep 04, 2009 4:52 pm

I have to start again because i had an car accident that took me about 2 months to fully recover.
Sadly i have to write about a different topic.. so actually i could open the code.. but its not realy finished
and not that nice to look at *g*

My new thesis is about webservices and connecting them with mobile devices.. sure as hell i take android
for the mobile part

Basically i describe the developmend of an app from the idea up to the implementation
and then some evaluation etc. .. u know the boring thesis stuff

darolla · by **darolla** » Fri Sep 04, 2009 5:14 pm

hell yeah. I hope you are feeling better now. I am so sorry.

just because I am wrinting my 2nd thesis, too.

but in my case it was justice that f*cked me up...

well, i've 2 weeks left.

and the stupid company i was working for put their servers behind https.

right now I am unable to connect android with the servers.

and i really get nuts on that ssl topic right now.

so for every help i would be so glad...

darolla · by **darolla** » Fri Sep 04, 2009 7:15 pm

this topic is finally solved:

solution is here: http://www.anddev.org/viewtopic.php?p=26514

greetings,
darolla

HttpsURLConnection

HttpsURLConnection

Who is online