File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

java.net.UnknownHostException in SSL

 
Nimish Patel
Ranch Hand
Posts: 84
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am download online certificates (SSL -https) though code.code is given below.Its only working for "www.verisign.com".for other https site I am getting UnknownHostException.Might be It is proxy problem.

Could you please suggest me How to set proxy in this code ?


import java.net.*;
import java.security.Security;
import java.io.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;


public class AddServerCert {
public AddServerCert() {
}

public static void main(String[] args) throws Exception {
AddServerCert s = new AddServerCert();

// Define the connection for the Server we want
// to retrieve the certificates for
String site = "https://knetca1.place.lexmark.com/ca/lexcan.nsf";
int port = 443;

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");

// Configure our KeyStore/TrustManager/Certificate file
String keyStore = "d:/nim/LexmarkCertificates";
String keyStorePasswd = "";
String keyStoreAlias = "keystorealias";

// Without this we get
// "javax.net.ssl.SSLException: untrusted server cert chain"
//
// Creates a TrustManager that will allow us to
// connect to the site so we can download the
// Server's certificate
s.createTrustALLManager();

// Get the Server's certificate chain
javax.security.cert.X509Certificate[] xc =
s.getServerCert(site, port);

// Add the server's certificate chain to our
// certificate file
for (int i=0; i < xc.length; i++) {
s.addToKeyStore(
keyStore, (keyStorePasswd).toCharArray(),
keyStoreAlias, xc[i]);
}
}

/** This will create a TrustManager that will trust
* ALL certificates and install it as the default
* SSLSocketFactory TrustManager.
*
* <p>Use this function to replace the default
* TrustManager when you are connecting to an SSL
* site that the certificate is not trusted.
*/
public void createTrustALLManager() {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null,trustAllCerts,
new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(
sc.getSocketFactory());
} catch (Exception e) {
}
}

/** The trust ALL TrustManager. Used by createALLTrustManager()
* to replace the default SSLSocketFactory TrustManager.
*/
private TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
}
};


public javax.security.cert.X509Certificate[] getServerCert(
String hostname, int port) {
javax.security.cert.X509Certificate[] serverCerts = null;
try {
// Create client socket
SSLSocketFactory factory =
HttpsURLConnection.getDefaultSSLSocketFactory();


SSLSocket socket =
(SSLSocket)factory.createSocket(hostname,port);

// Without doing the handshake first we get
// "javax.net.ssl.SSLPeerUnverifiedException:
// peer not authenticated"
// Connect to the server
socket.startHandshake();

// Retrieve the server's certificate chain
serverCerts = socket.getSession().getPeerCertificateChain();

// Close the socket
socket.close();
} catch (Exception e) {
System.out.println("getServerCert(): Exception: "
+ e.toString() + "\n" + e.getMessage());
}
return serverCerts;
}



public boolean addToKeyStore(
String keystoreFile, char [] keystorePassword,
String alias, javax.security.cert.Certificate cert) {
try {
// Create an empty keystore
java.security.KeyStore keystore =
java.security.KeyStore.getInstance(
java.security.KeyStore.getDefaultType());

// Read in existing keystore data. This is need
// to initialize the KeyStore.
FileInputStream in = new FileInputStream(keystoreFile);
keystore.load(in, null);
in.close();


ByteArrayInputStream bais =
new ByteArrayInputStream(cert.getEncoded());
java.security.cert.CertificateFactory cf =
java.security.cert.CertificateFactory.getInstance(
"X.509");
java.security.cert.Certificate certP = null;
while (bais.available() > 0) {
certP = cf.generateCertificate(bais);
}

keystore.setCertificateEntry(
alias, certP);

// Save the new keystore contents
FileOutputStream out =
new FileOutputStream(keystoreFile);
keystore.store(out, keystorePassword);
out.close();
} catch (Exception e) {
System.out.println("addToKeyStore(): Exception: "
+ e.toString() + "\n" + e.getMessage());
return false;
}
return true;
}

}
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic