Mercurial > hg > Blog
annotate content/Java/commons-httpclient-vs-self-signed-certs.md @ 98:1d9382b0329b
Specify the syntax on markdown blocks to avoid broken output that has class=err
| author | Dirk Olmes <dirk@xanthippe.ping.de> |
|---|---|
| date | Thu, 19 Dec 2019 10:04:33 +0100 |
| parents | ba3f2e5c6950 |
| children |
| rev | line source |
|---|---|
|
18
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
1 Title: Apache commons-httpclient vs. self signed certificates |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
2 Date: 2013-10-03 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
3 Tags: httpclient |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
4 Lang: en |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
5 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
6 Recently I tried to retrieve HTML pages from a host that was using self signed HTTPS certificates. I used the excellent [Apache commons httpclient](http://hc.apache.org/httpcomponents-client-4.2.x/index.html) for the job. Their [tutorial](http://hc.apache.org/httpcomponents-client-4.2.x/tutorial/html/) is quite extensive and even gives examples about some customizations that can be made in the context of SSL. But being a good open source documentation, the tutorial only tells you the tiny details of tweaking individual settings, leaving the big picture for you to figure out. |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
7 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
8 So how does all the talk about socket factories and SSLContext and friends go together with your [HttpClient](http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/HttpClient.html)? |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
9 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
10 Let's assume you already have a HttpClient instance at hand: |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
11 |
|
98
1d9382b0329b
Specify the syntax on markdown blocks to avoid broken output that has class=err
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
18
diff
changeset
|
12 :::java |
|
18
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
13 HttpClient client = new DefaultHttpClient(); |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
14 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
15 Now let's configure all the socket factories and stuff that's required to make HTTPS traffic with self signed certificates work: |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
16 |
|
98
1d9382b0329b
Specify the syntax on markdown blocks to avoid broken output that has class=err
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
18
diff
changeset
|
17 :::java |
|
18
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
18 TrustStrategy trustStrategy = new TrustSelfSignedStrategy(); |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
19 X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
20 SchemeSocketFactory socketFactory = new SSLSocketFactory(trustStrategy, hostnameVerifier); |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
21 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
22 And now let's put it all together: |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
23 |
|
98
1d9382b0329b
Specify the syntax on markdown blocks to avoid broken output that has class=err
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
18
diff
changeset
|
24 :::java |
|
18
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
25 Scheme https = new Scheme("https", 443, socketFactory); |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
26 SchemeRegistry registry = client.getConnectionManager().getSchemeRegistry(); |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
27 registry.register(https); |