I need to post to an HTTPS server. That's all I need to do and I am not
very familiar with Java programming. What is that path of minimal effort
for me to get this done?
I hear about JSSE, SSLeay, OPENSSL, etc. etc. But I am not sure if
I need them all.
All I need to do is:
post to an https server and dump the result into a file on regular
intervals.
Thanks.
Si
If your HTTPS server enforces client authentication you will
need to generate a keypair and get the public key certified by
a CA that the server knows about. If no client authentication
is enforced you don't need a key or certificate.
Connecting via a secure socket is just about as easy as any
other socket but the syntax will vary depending on the toolkit
you choose. Most toolkits will include sample programs and
your application sounds easy to implement based on a trivial
"show-me-the-secure-page" example.
If you implement your client as an applet downloaded from the
secure site or as an application you don't need to deal with
signing. Otherwise look under "migraine" in your dictionary...
Good luck
"Sasan Iman" <si...@el.nec.com> wrote in message
news:39B6C2DD...@el.nec.com...
------------------------------------------------------------------------------
import java.security.*;
import java.net.*;
import java.io.*;
import com.sun.net.ssl.*;
import java.security.KeyStore;
import com.sun.net.ssl.HttpsURLConnection;
import javax.net.ssl.*;
import javax.security.cert.*;
import java.security.cert.CertificateFactory;
import hostVerifier;
/*
* This example illustrates using a URL to access resources
* on a secure site.
*
* To use Sun's reference implementation of HTTPS protocol, Please set
* the following Java system property:
*
* java.protocol.handler.pkgs = com.sun.net.ssl.internal.www.protocol
*
* If you are running inside a firewall, please also set the following
* Java system properties to the appropriate value:
*
* https.proxyHost = <secure proxy server hostname>
* https.proxyPort = <secure proxy server port>
*
*/
public class SSLPostUrl {
public static void main(String[] args) {
try {
// System.setProperty ("javax.net.debug", "all"); // Active this line to
get debug info.
System.setProperty ("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
SSLSocketFactory factory = null;
SSLContext ctx;
KeyManagerFactory kmf;
TrustManagerFactory tmf;
KeyStore ks;
// If the server you want to connect to need a client authification
// set this block to your need.
char[] passphrase = "your password".toCharArray();
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream("your certificate.p12"), passphrase);
kmf.init(ks, passphrase);
// If the server you want to connect to have it is certificate or the
chain,
// the flag "criticality=true", then load the public certificate of the web
server.
//
// You have to choice:
// 1- Load directly the server certificate.
KeyStore ksSvr = KeyStore.getInstance("JKS");
ksSvr.load(null, null);
java.security.cert.CertificateFactory cf =
CertificateFactory.getInstance("X.509");
java.security.cert.Certificate serverCert =
cf.generateCertificate(new FileInputStream("server certificate.cer"));
ksSvr.setCertificateEntry("server", serverCert);
//
// OR
// 2- Load a keystore that already contain the web certificate.
// ksSvr.load(new FileInputStream("d:\\pascal\\ssl\\pascal.key"),
passphrase);
tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ksSvr);
// The SSLContext is use to automatically accept server certitificate
// and to automatically send YOUR certificate if required.
ctx = SSLContext.getInstance("TSLv1");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
factory = ctx.getSocketFactory();
// Try one of those URL if you want.
// URL url = new URL("https://www.verisign.com/");
// URL url = new URL("https://www.fortify.net/sslcheck.html");
HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
https.setSSLSocketFactory(factory);
https.setRequestMethod("POST");
https.setDoInput(true);
https.setDoOutput(true);
// In this example we send a text file by the POST.
https.setRequestProperty("Content-type", "text/plain");
// You may obtionnally need to create a class that implement the
// HostNameVerifier interface in the case that the CN field of the server
// certificate is different than the hostname of th URL.
// https.setHostnameVerifier(new myOwnHostVerifier());
// By requesting an OutputStream, this will automatically initiated the
connection
// and by the fact the SSL handshake.
DataOutputStream out = new DataOutputStream(https.getOutputStream());
// open the source of data e.g. a file
DataInputStream file = new DataInputStream(
new BufferedInputStream(new FileInputStream("file to send.txt")));
// Pump the data down the output stream. This information will be
// buffered locally before being sent so as the connection can work
// out the content length before sending.
int c;
while ((c=file.read()) != -1)
out.writeByte(c);
// Open a InputStream to read the response.
BufferedReader in = new BufferedReader(new
InputStreamReader(https.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
------------------------------------------------------------------------------
Sasan Iman wrote :
------------------------------------------------------------------------------
ksSvr.setCertificateEntry("server", serverCert);
in.close();
out.close();
Sasan Iman wrote :
> Please let me know if you can help with the following question. Or if you
In article <39BE2403...@hydro.qc.ca>,
Pascal Lambert <Lambert...@hydro.qc.ca> wrote:
> Hear is a simple program that do what you try to do.
> It use JSSE 1.0.1 of Sun.
>
This is exactly my problem. I expect the user to have JRE 1.2
installed, but JSSE is not part of it and I do not want the user to
have to download JSSE and install it by hand. Is there any way to use
SSL Sockets transparently with the standart JRE 1.2 Installation?
--Caspar
Sent via Deja.com http://www.deja.com/
Before you buy.