Home > I O Error > Authsslprotocolsocketfactory Example Httpclient

Authsslprotocolsocketfactory Example Httpclient

Contents

It traps all the exceptions that I hit and tries to give helpful messages :). Two complicating factors made this a bit interesting. java.security.UnrecoverableKeyException: Cannot recover key When I botched the user private key certificate by supplying a keystore file with the wrong content, I hit this exception: org.apache.http.impl.client.DefaultRequestDirector handleResponse WARNING: Authentication error: Unable Stackoverflow offered pieces of code but not the full solution.

I'm reusing version 4.1.2 libraries provided by the Apache HttpComponents project. The controller thread attempts to create a new socket 325 * within the given limit of time. If socket constructor does not return until the 326 * timeout expires, the controller terminates and throws an {@link ConnectTimeoutException} 327 *

328 * 329 * KeyStore trustStore = KeyStore.getInstance(KeyStore .getDefaultType()); FileInputStream trustStream = new FileInputStream(truststoreFile); try { System.out.println("Loading server truststore from file " + truststoreFile.getPath()); trustStore.load(trustStream, truststorePassword.toCharArray()); System.out.println("Truststore certificate count: " + trustStore.size()); } catch (Exception official site

Authsslprotocolsocketfactory Example Httpclient

Watson Product Search Search None of the above, continue with my search Error reading certificate: java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big Technote (FAQ) Question Error reading certificate: java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. Initially I supplied the wrong server certificate, and I hit this exception: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated At least once I gave the wrong password for a keystore and this exception is This is the incantation I used to build a client keystore file in JKS format using the keytool command; again you have to approve import of the data: keytool -v -importkeystore

This is the .pem used for the Intermediate Certificate field. 1) Rename RapidSSL_CA_pkcs7_bundle.pem to RapidSSL_CA_pkcs7_bundle.pkcs7 2) Run this openssl command below from any system which has openssl installed. The client key was available in a PKCS12 (".p12") format and that was critical. password.toCharArray() : null); 209 } finally { 210 if (is != null) 211 is.close(); 212 } 213 return keystore; 214 } 215 216 Document information More support for: IBM BigFix family Software version: Version Independent Operating system(s): Platform Independent Reference #: 1640148 Modified date: 2013-06-18 Site availability Site assistance Contact and feedback Need support?

Maybe that's just the buzzword of choice these days, but the system seems to conform to Wikipedia's list of REST architecture constraints. Launching the program with this additional VM argument turns this off. To enable this, the caller must supply a * keystore file containing the expected user certificate. * * Built and tested using Apache HTTP Components version 4.1.2. * * Used http://blog.webspheretools.com/2011/12/25/common-ssl-certificate-errors/ I learned from googling that keytool can read a PKCS12 file and import its contents appropriately.

Otherwise SSL context initialization error will result. 180 * 181 * @param keystoreUrl URL of the keystore file. IMPORTANT: this implementation 184 * assumes that the same password is used to protect the key and the keystore itself. 185 * @param truststoreUrl URL of the truststore file. The * key is available in PCKS12 format. First, the server requires access via HTTPS, and for that it uses a self-signed server certificate.

Authsslprotocolsocketfactory Maven

All straightforward so far, right? https://community.oracle.com/thread/2170853 Reviewed the contents of this PKCS7 file with any text editor before and after the conversion: Before: ======= -----BEGIN PKCS7----- MIIHhwYJKoZIhvcNAQcCoIIHeDCCB3QCAQExADALBgkqhkiG9w0BBwGgggdaMIID 1TCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYw FAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwg Q0EwHhcNMTAwMjE5MjI0NTA1WhcNMjAwMjE4MjI0NTA1WjA8MQswCQYDVQQGEwJV . .. 1Dsf//DwyE7WQziwuTB9GNBVg6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTir lzQUqpbS66McFAhJtrvlke+DNusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGv mO5h8oQ/EqEAMQA= -----END PKCS7----- Authsslprotocolsocketfactory Example Httpclient To resolve this, do the following steps: Note: using this 3rd party SSL certificate "RapidSSL_CA_pkcs7_bundle.pem" as example. Authsslprotocolsocketfactory Javadoc But note that his only appears *if some other problem is also present*; it's not necessary when all the keystores and passwords are correct. -Dsun.security.ssl.allowUnsafeRenegotiation=true Putting all the pieces together yields

That yielded the following exception. I find the Java keytool fairly inscrutable but that's prolly because I'm not a crypto person. May be null if HTTPS server 186 * authentication is not to be used. 187 * @param truststorePassword Password to unlock the truststore. 188 */ 189 public Please drop me a line if it helps you.

 package of.your.choice; import java.io.File; import java.io.FileInputStream; import java.net.URI; import java.security.KeyStore; import java.security.UnrecoverableKeyException; import javax.net.ssl.SSLException; import javax.net.ssl.SSLPeerUnverifiedException; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import  

You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in Apache offers example code to demonstrate caching a self-signed certificate so that was no sigificant problem. password.toCharArray() : null); 224 return kmfactory.getKeyManagers(); 225 } 226 227 private static TrustManager[] createTrustManagers(final KeyStore keystore) throws KeyStoreException, 228 NoSuchAlgorithmException { 229 if (keystore == See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 20 package org.apache.commons.httpclient.contrib.ssl; 21

The second requirement, presenting a user certificate to the server, was a bit tricker. Save This Page Home » apache-cxf-2.2.7 » org.apache.commons.httpclient.contrib » ssl » [javadoc | source] 1 /** 2 * Licensed to the Apache Because this file holds the server info, the proper term is a *truststore*, which is the term used in the Apache HttpClient javadoc.

May be null if HTTPS client 182 * authentication is not to be used. 183 * @param keystorePassword Password to unlock the keystore.

Either a keystore or truststore file 179 * must be given. It should resolve the issue. System.err .println("Get failed, possible missing or invalid certificate: " + ex.toString()); return; } catch (SSLException sx) { // Renegotiation must be allowed in certain JDK versions via the // JVM argument Currently, the code that parses certificate bundles expects a flat list of PEM-encoded of X509 certificates.

However, the port 443 is not listening on the MDM Extender. Without this https.jks file, the SSL service can't start up and port 443 won't be listening. The keystore must show that it has a "trustedCertEntry." This is the incantation I used to build a server truststore file in Java Keystore ("JKS") format using the keytool command that Submit feedback to IBM Support 1-800-IBM-7378 (USA) Directory of worldwide contacts Contact Privacy Terms of use Accessibility

KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); FileInputStream keyStream = new FileInputStream(keystoreFile); try { System.out.println("Loading client keystore from file " + keystoreFile.getPath()); keyStore.load(keyStream, keystorePassword.toCharArray()); System.out.println("Keystore certificate count: " + keyStore.size()); } catch (Exception ex) A blog post by Tim Sawyer was extremely helpful in pointing out that this scenario requires both a *keystore* and a *truststore*, but I still struggled to get the keystore and socketFactory = new SSLSocketFactory(keyStore, privateKeyPassword, trustStore); } catch (UnrecoverableKeyException ke) { System.err .println("Failed to create SSLSocketFactory, possible wrong password on client private key"); return; } // This is the default port And just to make it fun, the javadoc for the critical constructor in the SSLSocketFactory class is utterly free of any description, and the parameter names are barely helpful.

Supposedly other versions don't have this problem but I have not yet tested them. In the jetty.log, it had the following error: [2013-05-23 14:13:58 PDT] ERROR [com.bigfix.mdm.JettyLauncher] - Error configuring service for IOS: org.mortbay.util.MultiException[java.io.FileNotFoundException: C:\Program Files (x86)\BigFix Enterprise\Management Extender\MDM Provider\private\https.jks (The system cannot find the