Win a copy of TDD for a Shopping Website LiveProject this week in the Testing forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

java.net.UnknownHostException in SSL

 
Ranch Hand
Posts: 84
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am download online certificates (SSL -https) though code.code is given below.Its only working for "www.verisign.com".for other https site I am getting UnknownHostException.Might be It is proxy problem.

Could you please suggest me How to set proxy in this code ?


import java.net.*;
import java.security.Security;
import java.io.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;


public class AddServerCert {
public AddServerCert() {
}

public static void main(String[] args) throws Exception {
AddServerCert s = new AddServerCert();

// Define the connection for the Server we want
// to retrieve the certificates for
String site = "https://knetca1.place.lexmark.com/ca/lexcan.nsf";
int port = 443;

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");

// Configure our KeyStore/TrustManager/Certificate file
String keyStore = "d:/nim/LexmarkCertificates";
String keyStorePasswd = "";
String keyStoreAlias = "keystorealias";

// Without this we get
// "javax.net.ssl.SSLException: untrusted server cert chain"
//
// Creates a TrustManager that will allow us to
// connect to the site so we can download the
// Server's certificate
s.createTrustALLManager();

// Get the Server's certificate chain
javax.security.cert.X509Certificate[] xc =
s.getServerCert(site, port);

// Add the server's certificate chain to our
// certificate file
for (int i=0; i < xc.length; i++) {
s.addToKeyStore(
keyStore, (keyStorePasswd).toCharArray(),
keyStoreAlias, xc[i]);
}
}

/** This will create a TrustManager that will trust
* ALL certificates and install it as the default
* SSLSocketFactory TrustManager.
*
* <p>Use this function to replace the default
* TrustManager when you are connecting to an SSL
* site that the certificate is not trusted.
*/
public void createTrustALLManager() {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null,trustAllCerts,
new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(
sc.getSocketFactory());
} catch (Exception e) {
}
}

/** The trust ALL TrustManager. Used by createALLTrustManager()
* to replace the default SSLSocketFactory TrustManager.
*/
private TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
}
};


public javax.security.cert.X509Certificate[] getServerCert(
String hostname, int port) {
javax.security.cert.X509Certificate[] serverCerts = null;
try {
// Create client socket
SSLSocketFactory factory =
HttpsURLConnection.getDefaultSSLSocketFactory();


SSLSocket socket =
(SSLSocket)factory.createSocket(hostname,port);

// Without doing the handshake first we get
// "javax.net.ssl.SSLPeerUnverifiedException:
// peer not authenticated"
// Connect to the server
socket.startHandshake();

// Retrieve the server's certificate chain
serverCerts = socket.getSession().getPeerCertificateChain();

// Close the socket
socket.close();
} catch (Exception e) {
System.out.println("getServerCert(): Exception: "
+ e.toString() + "\n" + e.getMessage());
}
return serverCerts;
}



public boolean addToKeyStore(
String keystoreFile, char [] keystorePassword,
String alias, javax.security.cert.Certificate cert) {
try {
// Create an empty keystore
java.security.KeyStore keystore =
java.security.KeyStore.getInstance(
java.security.KeyStore.getDefaultType());

// Read in existing keystore data. This is need
// to initialize the KeyStore.
FileInputStream in = new FileInputStream(keystoreFile);
keystore.load(in, null);
in.close();


ByteArrayInputStream bais =
new ByteArrayInputStream(cert.getEncoded());
java.security.cert.CertificateFactory cf =
java.security.cert.CertificateFactory.getInstance(
"X.509");
java.security.cert.Certificate certP = null;
while (bais.available() > 0) {
certP = cf.generateCertificate(bais);
}

keystore.setCertificateEntry(
alias, certP);

// Save the new keystore contents
FileOutputStream out =
new FileOutputStream(keystoreFile);
keystore.store(out, keystorePassword);
out.close();
} catch (Exception e) {
System.out.println("addToKeyStore(): Exception: "
+ e.toString() + "\n" + e.getMessage());
return false;
}
return true;
}

}
 
I'm doing laundry! Look how clean this tiny ad is:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic