Meaningless Drivel is fun!*
The moose likes Sockets and Internet Protocols and the fly likes  java.net.UnknownHostException in SSL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark " java.net.UnknownHostException in SSL" Watch " java.net.UnknownHostException in SSL" New topic
Author

java.net.UnknownHostException in SSL

Nimish Patel
Ranch Hand

Joined: Jun 29, 2005
Posts: 84
Hi,

I am download online certificates (SSL -https) though code.code is given below.Its only working for "www.verisign.com".for other https site I am getting UnknownHostException.Might be It is proxy problem.

Could you please suggest me How to set proxy in this code ?


import java.net.*;
import java.security.Security;
import java.io.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;


public class AddServerCert {
public AddServerCert() {
}

public static void main(String[] args) throws Exception {
AddServerCert s = new AddServerCert();

// Define the connection for the Server we want
// to retrieve the certificates for
String site = "https://knetca1.place.lexmark.com/ca/lexcan.nsf";
int port = 443;

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");

// Configure our KeyStore/TrustManager/Certificate file
String keyStore = "d:/nim/LexmarkCertificates";
String keyStorePasswd = "";
String keyStoreAlias = "keystorealias";

// Without this we get
// "javax.net.ssl.SSLException: untrusted server cert chain"
//
// Creates a TrustManager that will allow us to
// connect to the site so we can download the
// Server's certificate
s.createTrustALLManager();

// Get the Server's certificate chain
javax.security.cert.X509Certificate[] xc =
s.getServerCert(site, port);

// Add the server's certificate chain to our
// certificate file
for (int i=0; i < xc.length; i++) {
s.addToKeyStore(
keyStore, (keyStorePasswd).toCharArray(),
keyStoreAlias, xc[i]);
}
}

/** This will create a TrustManager that will trust
* ALL certificates and install it as the default
* SSLSocketFactory TrustManager.
*
* <p>Use this function to replace the default
* TrustManager when you are connecting to an SSL
* site that the certificate is not trusted.
*/
public void createTrustALLManager() {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null,trustAllCerts,
new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(
sc.getSocketFactory());
} catch (Exception e) {
}
}

/** The trust ALL TrustManager. Used by createALLTrustManager()
* to replace the default SSLSocketFactory TrustManager.
*/
private TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
}
};


public javax.security.cert.X509Certificate[] getServerCert(
String hostname, int port) {
javax.security.cert.X509Certificate[] serverCerts = null;
try {
// Create client socket
SSLSocketFactory factory =
HttpsURLConnection.getDefaultSSLSocketFactory();


SSLSocket socket =
(SSLSocket)factory.createSocket(hostname,port);

// Without doing the handshake first we get
// "javax.net.ssl.SSLPeerUnverifiedException:
// peer not authenticated"
// Connect to the server
socket.startHandshake();

// Retrieve the server's certificate chain
serverCerts = socket.getSession().getPeerCertificateChain();

// Close the socket
socket.close();
} catch (Exception e) {
System.out.println("getServerCert(): Exception: "
+ e.toString() + "\n" + e.getMessage());
}
return serverCerts;
}



public boolean addToKeyStore(
String keystoreFile, char [] keystorePassword,
String alias, javax.security.cert.Certificate cert) {
try {
// Create an empty keystore
java.security.KeyStore keystore =
java.security.KeyStore.getInstance(
java.security.KeyStore.getDefaultType());

// Read in existing keystore data. This is need
// to initialize the KeyStore.
FileInputStream in = new FileInputStream(keystoreFile);
keystore.load(in, null);
in.close();


ByteArrayInputStream bais =
new ByteArrayInputStream(cert.getEncoded());
java.security.cert.CertificateFactory cf =
java.security.cert.CertificateFactory.getInstance(
"X.509");
java.security.cert.Certificate certP = null;
while (bais.available() > 0) {
certP = cf.generateCertificate(bais);
}

keystore.setCertificateEntry(
alias, certP);

// Save the new keystore contents
FileOutputStream out =
new FileOutputStream(keystoreFile);
keystore.store(out, keystorePassword);
out.close();
} catch (Exception e) {
System.out.println("addToKeyStore(): Exception: "
+ e.toString() + "\n" + e.getMessage());
return false;
}
return true;
}

}
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: java.net.UnknownHostException in SSL
 
Similar Threads
about HTTPS connection
This Weeks Giveaway
Want to access a secure site data with the use of URL class.
Problem with Intial Context with t3s protocal
https -- connects fine on windows / error on unix