[Problème Certfocat] Connexion au Serveur HTTPS via proxy

1 post / 0 new

mer, 06/12/2006 - 12:41

demo2000

Bonjour,

Je suis entrain de developper un client java qui se connecte a une servlet (web service) en HTTPS / SSL , mon application passe par le proxy.

package sslproject;
 
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.MalformedURLException;
import java.net.URL;
import javax.net.ssl.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
 
 
 
public class HtpsConnection {
	public static String urlHost ="https://X.X.X.X:443/PathServle";
	
	public static void main (String[] args) throws IOException {
		System.out.println(getPage(urlHost).toString());
	}
	
	public static StringBuffer getPage(String urlString)
	{
   	public static String  proxyPwd = "proxyPWD";
	public static String proxyUser = "proxyUSER";
	public static String proxyHost = "proxyIP";
	public static int    proxyPort = port_proxy;
        
        System.getProperties().put("javax.net.debug", "ssl" );
	System.getProperties().put("https.proxySet", "true");
        System.getProperties().put("https.proxyHost", proxyHost);
        System.getProperties().put("https.proxyPort", proxyPort);
        
        
        TrustManager[] trustAllCerts = new TrustManager[]{
			new X509TrustManager() {
			public boolean checkClientTrusted(java.security.cert.X509Certificate[] chain){
			return true;
			}
			public boolean isServerTrusted(java.security.cert.X509Certificate[] chain){
			return true;
			}
			public boolean isClientTrusted(java.security.cert.X509Certificate[] chain){
			return true;
			}
			public java.security.cert.X509Certificate[] getAcceptedIssuers() {
			return null;
			}
			public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
			public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
			}
			
		};
 
        try
        {
	        SSLContext sc = SSLContext.getInstance("SSL");
	        sc.init(null, trustAllCerts, null);
	        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        }
        catch(NoSuchAlgorithmException nsae)
        {}
        catch(KeyManagementException kme)
        {
        	kme.printStackTrace();
        }
        
        try
		{
			HttpsURLConnection connec = null;
			URL url = new URL(urlString);
			connec = (HttpsURLConnection)url.openConnection();
			connec.setDoInput(true);
            connec.setUseCaches(false);
            
            String authentication = proxyUser + ":" + proxyPwd;
            String encodedPassword = "Basic " + new sun.misc.BASE64Encoder().encode(authentication.getBytes());
            connec.setRequestProperty("Proxy-Authorization", encodedPassword);
            //connec.setRequestProperty("X-TestHeader", "value");
            
            connec.setRequestMethod("POST");
            connec.setDoOutput(true);
 
            String msg;
            
            msg= "---"+"\r\n";
           
            int statusCode = connec.getResponseCode();
            
            //System.err.println("Certificats  --->"+connec.getServerCertificates());
            System.err.println("HEADER --->"+connec.getHeaderFields());
            
            StringBuffer pageContents = new StringBuffer();
            if(statusCode==HttpsURLConnection.HTTP_OK)
            {
				System.err.println("Connected ...!");
 
				BufferedReader in = new BufferedReader(new InputStreamReader(connec.getInputStream()));
 
				PrintWriter out = new PrintWriter(connec.getOutputStream(), true );
            	out.println(msg);
            	
				String curLine = in.readLine();
				 while(curLine!=null)
				 {
					pageContents.append(curLine);
					curLine = in.readLine();
				 }
            }
            return pageContents;
		}
		catch(MalformedURLException mue)
		{
			mue.printStackTrace();
		}
		catch(IOException ioe)
		{
			ioe.printStackTrace();
		}
		
		return null;
	}
}

Voilà la réponse :

Quote:

HEADER --->{[HTTP/1.1 500 Internal Server Error], Content-Length=[101], Connection=[Close], Date=[Fri, 01 Dec 2006 11:38:11 GMT], Content-Type=[text/html]}

Pour avoir plus de details sur le problème, sous unix/linx j'ai executer la command wget :

Quote:

root@becane:~#wget X.X.X.X 443
...
Connecting to X.X.X.X:443... connected.
ERROR: Certificate verification error for X.X.X.X : unable to get local issuer certificate
ERROR: certificate common name `X.X.X.X' doesn't match requested host name `X.X.X.X:443'.
To connect to X.X.X.X:443 insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
--17:19:09-- http://443/
=> `index.html.1'
Resolving 443... 0.0.1.187
Connecting to 443|0.0.1.187|:80... failed: Invalid argument.
FINISHED --17:19:09--
Downloaded: 0 bytes in 0 files

Apparament j'ai un problème de certificat !

Est ce que quelqu'un peux m'expliquer comment creer/utiliser ces certificats ?!

Ect ce que je dois seulement creer mon propre certificat et me connecter ? mais comment ?

Des exemples de code sa serai sympa.

Merci d'avance