Ajouter un commentaire

mer, 06/12/2006 - 12:41
demo2000
[Problème Certfocat] Connexion au Serveur HTTPS via proxy

Bonjour,

Je suis entrain de developper un client java qui se connecte a une servlet (web service) en HTTPS / SSL , mon application passe par le proxy.

package sslproject;
 
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.MalformedURLException;
import java.net.URL;
import javax.net.ssl.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
 
 
 
public class HtpsConnection {
	public static String urlHost ="https://X.X.X.X:443/PathServle";
	
	public static void main (String[] args) throws IOException {
		System.out.println(getPage(urlHost).toString());
	}
	
	public static StringBuffer getPage(String urlString)
	{
   	public static String  proxyPwd = "proxyPWD";
	public static String proxyUser = "proxyUSER";
	public static String proxyHost = "proxyIP";
	public static int    proxyPort = port_proxy;
        
        System.getProperties().put("javax.net.debug", "ssl" );
	System.getProperties().put("https.proxySet", "true");
        System.getProperties().put("https.proxyHost", proxyHost);
        System.getProperties().put("https.proxyPort", proxyPort);
        
        
        TrustManager[] trustAllCerts = new TrustManager[]{
			new X509TrustManager() {
			public boolean checkClientTrusted(java.security.cert.X509Certificate[] chain){
			return true;
			}
			public boolean isServerTrusted(java.security.cert.X509Certificate[] chain){
			return true;
			}
			public boolean isClientTrusted(java.security.cert.X509Certificate[] chain){
			return true;
			}
			public java.security.cert.X509Certificate[] getAcceptedIssuers() {
			return null;
			}
			public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
			public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
			}
			
		};
 
        try
        {
	        SSLContext sc = SSLContext.getInstance("SSL");
	        sc.init(null, trustAllCerts, null);
	        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        }
        catch(NoSuchAlgorithmException nsae)
        {}
        catch(KeyManagementException kme)
        {
        	kme.printStackTrace();
        }
        
        try
		{
			HttpsURLConnection connec = null;
			URL url = new URL(urlString);
			connec = (HttpsURLConnection)url.openConnection();
			connec.setDoInput(true);
            connec.setUseCaches(false);
            
            String authentication = proxyUser + ":" + proxyPwd;
            String encodedPassword = "Basic " + new sun.misc.BASE64Encoder().encode(authentication.getBytes());
            connec.setRequestProperty("Proxy-Authorization", encodedPassword);
            //connec.setRequestProperty("X-TestHeader", "value");
            
            connec.setRequestMethod("POST");
            connec.setDoOutput(true);
 
            String msg;
            
            msg= "---"+"\r\n";
           
            int statusCode = connec.getResponseCode();
            
            //System.err.println("Certificats  --->"+connec.getServerCertificates());
            System.err.println("HEADER --->"+connec.getHeaderFields());
            
            StringBuffer pageContents = new StringBuffer();
            if(statusCode==HttpsURLConnection.HTTP_OK)
            {
				System.err.println("Connected ...!");
 
				BufferedReader in = new BufferedReader(new InputStreamReader(connec.getInputStream()));
 
				PrintWriter out = new PrintWriter(connec.getOutputStream(), true );
            	out.println(msg);
            	
				String curLine = in.readLine();
				 while(curLine!=null)
				 {
					pageContents.append(curLine);
					curLine = in.readLine();
				 }
            }
            return pageContents;
		}
		catch(MalformedURLException mue)
		{
			mue.printStackTrace();
		}
		catch(IOException ioe)
		{
			ioe.printStackTrace();
		}
		
		return null;
	}
}

Voilà la réponse :

Quote:

HEADER --->{[HTTP/1.1 500 Internal Server Error], Content-Length=[101], Connection=[Close], Date=[Fri, 01 Dec 2006 11:38:11 GMT], Content-Type=[text/html]}

Pour avoir plus de details sur le problème, sous unix/linx j'ai executer la command wget :

Quote:

root@becane:~#wget X.X.X.X 443
...
Connecting to X.X.X.X:443... connected.
ERROR: Certificate verification error for X.X.X.X : unable to get local issuer certificate
ERROR: certificate common name `X.X.X.X' doesn't match requested host name `X.X.X.X:443'.
To connect to X.X.X.X:443 insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
--17:19:09-- http://443/
=> `index.html.1'
Resolving 443... 0.0.1.187
Connecting to 443|0.0.1.187|:80... failed: Invalid argument.
FINISHED --17:19:09--
Downloaded: 0 bytes in 0 files

Apparament j'ai un problème de certificat !

Est ce que quelqu'un peux m'expliquer comment creer/utiliser ces certificats ?!

Ect ce que je dois seulement creer mon propre certificat et me connecter ? mais comment ?

Des exemples de code sa serai sympa.

Merci d'avance

Plus d'information sur les formats de texte

Filtered HTML

Plain text

CAPTCHA
Cette question permet de vérifier que vous n'êtes pas un robot spammeur :-) 
 W     W  Y   Y  DDD   X   X  K  K 
 W     W   Y Y   D  D   X X   K K  
 W  W  W    Y    D  D    X    KK   
  W W W     Y    D  D   X X   K K  
   W W      Y    DDD   X   X  K  K