Mercurial > hg > Blog
annotate content/Java/commons-httpclient-vs-self-signed-certs.md @ 18:ba3f2e5c6950
add a blog post on commons-httpclient
| author | Dirk Olmes <dirk@xanthippe.ping.de> |
|---|---|
| date | Thu, 03 Oct 2013 04:43:06 +0200 |
| parents | |
| children | 1d9382b0329b |
| rev | line source |
|---|---|
|
18
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
1 Title: Apache commons-httpclient vs. self signed certificates |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
2 Date: 2013-10-03 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
3 Tags: httpclient |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
4 Lang: en |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
5 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
6 Recently I tried to retrieve HTML pages from a host that was using self signed HTTPS certificates. I used the excellent [Apache commons httpclient](http://hc.apache.org/httpcomponents-client-4.2.x/index.html) for the job. Their [tutorial](http://hc.apache.org/httpcomponents-client-4.2.x/tutorial/html/) is quite extensive and even gives examples about some customizations that can be made in the context of SSL. But being a good open source documentation, the tutorial only tells you the tiny details of tweaking individual settings, leaving the big picture for you to figure out. |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
7 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
8 So how does all the talk about socket factories and SSLContext and friends go together with your [HttpClient](http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/HttpClient.html)? |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
9 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
10 Let's assume you already have a HttpClient instance at hand: |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
11 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
12 HttpClient client = new DefaultHttpClient(); |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
13 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
14 Now let's configure all the socket factories and stuff that's required to make HTTPS traffic with self signed certificates work: |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
15 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
16 TrustStrategy trustStrategy = new TrustSelfSignedStrategy(); |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
17 X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
18 SchemeSocketFactory socketFactory = new SSLSocketFactory(trustStrategy, hostnameVerifier); |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
19 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
20 And now let's put it all together: |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
21 |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
22 Scheme https = new Scheme("https", 443, socketFactory); |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
23 SchemeRegistry registry = client.getConnectionManager().getSchemeRegistry(); |
|
ba3f2e5c6950
add a blog post on commons-httpclient
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
24 registry.register(https); |