I am just integrating Frimi payment gateway .In first step am trying to generate access tokes ,and after generating tokes payment link will be called .
But am getting error :- SSLException: Connection closed by peer.
public void TokenGenerationProcess() {
class WaitingforResponse extends AsyncTask<Void, Void, String> {
ProgressDialog progressDialog;
#Override
protected void onPreExecute() {
super.onPreExecute();
// progressDialog = ProgressDialog.show(getActivity().getBaseContext(), "Waiting for Token Generation...", "Please Wait...", false, false);
}
#Override
protected String doInBackground(Void... params) {
OkHttpClient client = new OkHttpClient.Builder()
.connectTimeout(10, TimeUnit.SECONDS)
.writeTimeout(10, TimeUnit.SECONDS)
.readTimeout(60, TimeUnit.SECONDS)
.build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
String json = "";
RequestBody body = RequestBody.create(mediaType, json);
/* https://ideabiz?grant_type=password&username=99R_User&password=99R_User&scope=SANDBOX
https://igrant_type=refresh_token&refresh_token="+Message+"&scope=SANDBOX */
// Message="d6a5be5f5455c87c21442ba3d5201c8c";
Request request = new Request.Builder()
.url("https://uatapi.nationstrust.com:8243/token?grant_type=client_credentials")
.addHeader("content-type", "application/x-www-form-urlencoded")
.addHeader("authorization", "Basic N000SDNmU3RtVERuZmZ1R0JNMlBGR1FXdmtFYTpEQUFJcEprVUhjdXBwcEx4dkRPSkFYZjNwMmth")
.post(body)
.build();
//Bearer aUFVMWFRd2Vpb2txQUI2VTFkajBFZWRkTTBZYTpEMzZfbU9GM2ZlYkFEaWRiMGp0ZUZCN2xGUUlh")
try {
okhttp3.Response response = client.newCall(request).execute();
String test = response.body().string();
if (response.isSuccessful()) {
/* int success = response.code();
Headers responseHeaders = response.headers();
for (int i = 0; i < responseHeaders.size(); i++) {
System.out.println(responseHeaders.name(i) + ": " + responseHeaders.value(i));
}
System.out.println(test);
/// {"scope":"default","token_type":"bearer","expires_in":3600,"refresh_token":"2d23c431f25e10e5abcd16bea931d0a","access_token":"b0bffddb2be384c53135cadf0f565c2"}
try {
JSONObject jsonObject = new JSONObject(test);
Log.e(" scope", "" + jsonObject.get("scope"));
Log.e(" token_type", "" + jsonObject.get("token_type"));
Log.e(" expires_in", "" + jsonObject.get("expires_in"));
Log.e(" refresh_token", "" + jsonObject.get("refresh_token"));
Log.e(" access_token", "" + jsonObject.get("access_token"));
// Message = (String) jsonObject.get("refresh_token");
String access_token = (String) jsonObject.get("access_token");
String refresh_token = (String) jsonObject.get("refresh_token");
PersistenceManager.saveRefreshToken(getApplicationContext(), refresh_token);
PersistenceManager.saveSessionId(getApplicationContext(), access_token);
PersistenceManager.saveTime(getApplicationContext(), String.valueOf(System.currentTimeMillis()));
*/ // reference= (String) jsonObject.get("Refno");
} else {
System.out.println(test);
}
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
#Override
protected void onPostExecute(String s) {
super.onPostExecute(s);
// progressDialog.dismiss();
}
}
WaitingforResponse WaitingforResponse = new WaitingforResponse();
WaitingforResponse.execute();
}
See Stacktrace below:
// here I have posted full code what I am trying to generate access tokes.
/please help..help would be greatly appreciated
//Please use this it will work
OkHttpClient client = null;
try {
client = new OkHttpClient.Builder()
.connectTimeout(120, TimeUnit.SECONDS)
.writeTimeout(120, TimeUnit.SECONDS)
.readTimeout(120, TimeUnit.SECONDS)
.sslSocketFactory(new Tls12SocketFactory(), provideX509TrustManager())
.build();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
//add this method
public X509TrustManager provideX509TrustManager() {
try {
TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
factory.init((KeyStore) null);
TrustManager[] trustManagers = factory.getTrustManagers();
return (X509TrustManager) trustManagers[0];
} catch (NoSuchAlgorithmException | KeyStoreException exception) {
Log.e(getClass().getSimpleName(), "not trust manager available", exception);
}
return null;
}
//create another java class
public class Tls12SocketFactory extends SSLSocketFactory {
private SSLSocketFactory internalSSLSocketFactory;
public Tls12SocketFactory() throws KeyManagementException, NoSuchAlgorithmException {
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, null, null);
internalSSLSocketFactory = context.getSocketFactory();
}
#Override
public String[] getDefaultCipherSuites() {
return internalSSLSocketFactory.getDefaultCipherSuites();
}
#Override
public String[] getSupportedCipherSuites() {
return internalSSLSocketFactory.getSupportedCipherSuites();
}
#Override
public Socket createSocket() throws IOException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket());
}
#Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose));
}
#Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
}
#Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort));
}
#Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
}
#Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
}
private Socket enableTLSOnSocket(Socket socket) {
if(socket != null && (socket instanceof SSLSocket)) {
((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
}
return socket;
}
}
Your are not building the call the right way, this is how you should do it.
OkHttpClient client = new OkHttpClient.Builder()
.connectTimeout(10, TimeUnit.SECONDS)
.writeTimeout(10, TimeUnit.SECONDS)
.readTimeout(60, TimeUnit.SECONDS)
.build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "grant_type=client_credentials");
Request request = new Request.Builder()
.url("https://uatapi.nationstrust.com:8243/token")
.post(body)
.addHeader("content-type", "application/x-www-form-urlencoded")
.addHeader("authorization", "Basic N000SDNmU3RtVERuZmZ1R0JNMlBGR1FXdmtFYTpEQUFJcEprVUhjdXBwcEx4dkRPSkFYZjNwMmth")
.build();
try {
Response response = client.newCall(request).execute();
String test = response.body().string();
if (response.isSuccessful()) {
System.out.println(test);
} else {
System.out.println(response.code() +" : "+ response.message());
}
} catch (Exception e) {
e.printStackTrace();
}
Your JSON response will look like this:
{
"access_token": "7389a302-82f9-3fa9-b7a3-fefa45d2de32",
"scope": "am_application_scope default",
"token_type": "Bearer",
"expires_in": 500
}
Edit:
This however does not explain why you are getting the ssl exception. I would need more information to figure that out. What Android OS version is the device are you running your app on. If you are WiFi consider using your mobile network instead.
Further Edit:
I see you running version 4.4.2 try run a device with OS version 5.1 upwards. You'll find the problem might go away. If that doesn't make a difference try add this code on your code, make sure it executes before the call is made.
public static void initializeSSLContext(Context mContext) {
try {
SSLContext.getInstance("TLSv1.2");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
try {
ProviderInstaller.installIfNeeded(mContext.getApplicationContext());
} catch (GooglePlayServicesRepairableException e) {
e.printStackTrace();
} catch (GooglePlayServicesNotAvailableException e) {
e.printStackTrace();
}
}
If that doesn't help, you clearly have a problem with your server's ssl certificates. Try get your server admin to assist.
Related
public String sendAPICall(String portalApiUrl, String reviewAppsAuthKey) {
try {
HttpRequest request = HttpRequest.newBuilder()
.uri(new URI(portalApiUrl + CHECK_ORG_ATT_EXP))
.setHeader(AUTH_REVIEW_API_KEY, reviewAppsAuthKey)
.setHeader(CONTENT_TYPE, APPLICATION_JSON)
.GET()
.build();
HttpClient httpClient = HttpClient.newHttpClient();
HttpResponse<String> response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
if (response.statusCode() == HttpStatus.OK.value()) {
LOGGER.info(API_SUCCESS);
return API_SUCCESS;
}
} catch (URISyntaxException e) {
LOGGER.error(API_FAIL_URI, e.getMessage());
} catch (InterruptedException e) {
LOGGER.error(API_FAIL_INTER, e.getMessage());
} catch (IOException e) {
LOGGER.error(API_FAIL_IO, e.getMessage());
}
return API_FAILURE;
}
}
Junit :
#Test
public void sendAPICallTest() throws IOException, InterruptedException {
Checkorg test = getCheckOrg();
String portalApiUrl = JUNIT_PORTAL_URL;
String reviewAppsAuthKey = JUNIT_AUTH_KEY;
String message = test.sendAPICall(portalApiUrl, reviewAppsAuthKey);
assertEquals(Checkorg.API_SUCCESS, message);
}
How to mock the HTTP Client in Test Class.
Thank you
As per your comment:
how can we test this method for success if we can't mock
you can use spy for that :
#Test
public void sendAPICallTest() throws IOException, InterruptedException {
Checkorg test = getCheckOrg();
String portalApiUrl = JUNIT_PORTAL_URL;
String reviewAppsAuthKey = JUNIT_AUTH_KEY;
Checkorg mockedTest = Mockito.spy(test);
Mockito.when(mockedTest.sendAPICall(portalApiUrl,reviewAppsAuthKey)).thenReturn("API Call Success");
String message = mockedTest.sendAPICall(portalApiUrl, reviewAppsAuthKey);
assertEquals(Checkorg.API_SUCCESS, message);
}
This can be a quick workaround if HttpClient mocking is not feasible.
I'm trying to connect VSTS through REST in JAVA but always getting connect time out. Using this code I'm able to connect with http but always getting error when trying to connect with https. Will be posting the error in comments. Getting this error -> com.sun.jersey.api.client.ClientHandlerException: java.net.SocketTimeoutException: connect timed out
public class RESTInvoker {
public static class ConnectionFactory implements HttpURLConnectionFactory
{
SSLContext sslContext;
public ConnectionFactory() {
}
#Override
public HttpURLConnection getHttpURLConnection(URL url) throws
IOException {
initializeProxy();
HttpURLConnection con = (HttpURLConnection) url.openConnection();
if (con instanceof HttpsURLConnection) {
System.out.println("The valus is....");
HttpsURLConnection httpsCon = (HttpsURLConnection)
url.openConnection();
httpsCon.setHostnameVerifier(getHostnameVerifier());
httpsCon.setSSLSocketFactory(getSslContext().getSocketFactory());
return httpsCon;
} else {
return con;
}
}
public SSLContext getSslContext() {
try {
sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[] { new
SecureTrustManager() }, new SecureRandom());
} catch (NoSuchAlgorithmException ex) {
//
Logger.getLogger(ConnectionFactory.class.getName()).log(Level.SEVERE, null,
ex);
} catch (KeyManagementException ex) {
//
Logger.getLogger(ConnectionFactory.class.getName()).log(Level.SEVERE, null,
ex);
}
return sslContext;
}
private HostnameVerifier getHostnameVerifier() {
return new HostnameVerifier() {
#Override
public boolean verify(String hostname, javax.net.ssl.SSLSession
sslSession) {
return true;
}
};
}
public static void main(String[] args) {
String username = "xxx";
String token = "xxx";
String tfsurl = "xxx";
String collectionName = "xxx";
String prjName = "xxxx";
byte[] encodedBytes = Base64.getEncoder().encode(token.getBytes());
System.out.println(encodedBytes);
String ab = "https://" + username + ":" + encodedBytes + "#" +
tfsurl
+ "/Inforce%20Portal/_apis/wit/wiql?api-version=4.0";
// Client client =Client.create();
System.out.println(ab);
try {
String input = "{\"query\":\"Select [System.Id], [System.Title],
[System.State] From WorkItems\"}";
URLConnectionClientHandler cc = new
URLConnectionClientHandler(new ConnectionFactory());
Client client = new Client(cc);
WebResource webResource = client.resource("https://" + username + ":" + token + "#" + tfsurl + "/"
+ prjName + "/_apis/wit/wiql?api-version=4.0");
ClientResponse response = null;
response=webResource.type("application/json").accept("application/json").post(ClientResp
onse.class,
input);
String data = "";
try {
data = response.getEntity(String.class);
System.out.println(data);
} catch (Exception e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
} catch (Exception e) {
e.printStackTrace();
}
}
class SecureTrustManager implements X509TrustManager {
#Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
#Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
#Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public boolean isClientTrusted(X509Certificate[] arg0) {
return true;
}
public boolean isServerTrusted(X509Certificate[] arg0) {
return true;
}
}
}
}
According to your description, it seems that it is not related to your code.
I recommend that you could check the TFS server whether there is a Https binding.
If there is no Https bindings, please have a try to add the corrosponding Https binds
There are several examples out there [1][2] of how to configure HTTPS in Java/Groovy to ignore SSL certificate errors. In short they all create a custom TrustManager, add it to an SSLContext and then install the resulting SocketFactory as the default connection factory for HTTPS connections. And of course they comes with all the requisite warnings about MITM attacks and how dangerous this is.
Indeed in my situation where I am writing a groovy script to be run inside of a Jenkins job, setting the default socket factory is nuts. It would have affects well beyond that of my script. So my question is, how do you accomplish this for a specific connection or specific HTTP client and not for all connections/clients? In other words, how to I localize such a change to just my transient piece of code?
public class BasicHttpClientFactory implements HttpClientFactory {
private String proxyHost;
private Integer proxyPort;
private boolean isSocksProxy = false;
HttpClient httpClient;
final Integer maxConnections = new Integer(10);
private static final Log logger = LogFactory.getLog(BasicHttpClientFactory.class);
#Override
public HttpClient createNewClient() {
SSLConnectionSocketFactory sslsf = null;
try {
SSLContextBuilder builder = SSLContexts.custom();
builder.loadTrustMaterial(null, new TrustStrategy() {
#Override
public boolean isTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
return true;
}
});
SSLContext sslContext = builder.build();
sslsf = new SSLConnectionSocketFactory(
sslContext, new X509HostnameVerifier() {
#Override
public void verify(String host, SSLSocket ssl)
throws IOException {
}
#Override
public void verify(String host, X509Certificate cert)
throws SSLException {
}
#Override
public void verify(String host, String[] cns,
String[] subjectAlts) throws SSLException {
}
#Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
} catch (KeyManagementException e) {
logger.error(e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
logger.error(e.getMessage(), e);
} catch (KeyStoreException e) {
logger.error(e.getMessage(), e);
}
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf)
.build();
PoolingHttpClientConnectionManager poolingConnManager = new PoolingHttpClientConnectionManager(registry);
poolingConnManager.setMaxTotal(maxConnections);
poolingConnManager.setDefaultMaxPerRoute(maxConnections);
ConnectionKeepAliveStrategy keepAliveStrategy = new ConnectionKeepAliveStrategy() {
#Override
public long getKeepAliveDuration(HttpResponse response, HttpContext context) {
return 60 * 1000;
}
};
if (proxyHost != null) {
HttpHost proxy = new HttpHost(proxyHost, proxyPort);
httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).setProxy(proxy).setConnectionManager(poolingConnManager).setKeepAliveStrategy(keepAliveStrategy).build();
}else {
httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).setConnectionManager(poolingConnManager).setKeepAliveStrategy(keepAliveStrategy).build();
}
return httpClient;
}
public void setProxyHost(String proxyHost) {
this.proxyHost = proxyHost;
}
public void setProxyPort(Integer proxyPort) {
this.proxyPort = proxyPort;
}
public void setSocksProxy(boolean isSocksProxy) {
this.isSocksProxy = isSocksProxy;
}
}
And interface :
import org.apache.http.client.HttpClient;
public interface HttpClientFactory {
public HttpClient createNewClient();
}
After that You could use :
HttpClient httpClient = new BasicHttpClientFactory().createNewClient();
If You need any ideas how to merge it into Your project, just post some info - maybe i'll come up with some ideas ;)
I'm trying to connect to a SharePoint url so I used the example code in httpcomponents-client-4.2.1\examples\org\apache\http\examples\client\ClientAuthentication.java but changed it to NTCredentials to ignore certificate problems. Apart from this the code is the same but outputs this:
executing requestGET url HTTP/1.1
----------------------------------------
HTTP/1.1 401 Unauthorized
Response content length: 0
Here is the full code
public class DocumentApprover {
static final String user = "user"; // your account name
static final String pass = "password"; // your password for the account
public static DefaultHttpClient wrapClient(DefaultHttpClient base) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
return new DefaultHttpClient(ccm, base.getParams());
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
/**
* #param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
DefaultHttpClient httpclient = wrapClient(new DefaultHttpClient());
try {
httpclient.getCredentialsProvider().setCredentials(
new AuthScope("host", 443),
new NTCredentials(user, pass, "workstation", "domain"));
HttpGet httpget = new HttpGet("url");
System.out.println("executing request" + httpget.getRequestLine());
HttpResponse response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (entity != null) {
System.out.println("Response content length: " + entity.getContentLength());
}
EntityUtils.consume(entity);
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
Why is it failing? If the credentials were wrong wouldn't I get a different error?
I'm really trying to better understand how a CONNECT HTTP request process is handled. I'm stuck at this point in my HttpServer that I'm building and was hoping others can help give me incite on how I should approach these next challenges. A little info on my code thus far . I have a class HTTPServer listening on a socket on port 8080 (initially its a non SSL socket). I have a a class called DefaultHttpRequestHandler that holds an instance of HTTPClient that handles all requests needing to be made by the server and a worker thread inside HttpServer handles dispatching all requests sent by browser to port 8080.
My question is the following:
When the CONNECT request comes in and is sent to DefaultHttpRequestHandler it gets passed to the handle(HttpRequest request, HttpResponse response,HttpContext context) method. At this point I peek at the request and if I see it is a CONNECT what next? I was thinking I then establish the SSL socket connection on port 8080 which was before a normal socket? or do I always hold two sockets one as a standard socket and one as ssl than switch to the ssl one. This part is really frustrating me very confused how to code this sucker!
DefaultHttpServer.java - the server
public class DefaultHttpServer {
public static void main(String[] args) throws Exception {
Thread t = new RequestListenerThread(8080);
t.setDaemon(false);
t.start();
//send a request to proxy server for testing
testSendReqFromClient() ;
}
public static void testSendReqFromClient() throws Exception
{
SSLContext sslCtx = SSLContext.getInstance("TLS");
// sslCtx.init(null,new TrustManager[] { new EasyX509TrustManager() }, null);
sslCtx.init(null, new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
System.out.println("getAcceptedIssuers =============");
return null;
}
public void checkClientTrusted(X509Certificate[] certs,
String authType) {
System.out.println("checkClientTrusted =============");
}
public void checkServerTrusted(X509Certificate[] certs,
String authType) {
System.out.println("checkServerTrusted =============");
}
#Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] arg0,
String arg1) throws CertificateException {
// TODO Auto-generated method stub
}
#Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] arg0,
String arg1) throws CertificateException {
// TODO Auto-generated method stub
}
} }, new SecureRandom());
Thread.sleep(5000);
SSLSocketFactory sf = new SSLSocketFactory(sslCtx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme https = new Scheme("https", 443, sf);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(https);
Scheme http = new Scheme("http", 80, PlainSocketFactory.getSocketFactory());
schemeRegistry.register(http);
BasicHttpRequest req = new BasicHttpRequest("GET","https://www.yahoo.com");
ThreadSafeClientConnManager tm = new ThreadSafeClientConnManager(schemeRegistry);
HttpClient httpClient = new DefaultHttpClient(tm);
ConnRouteParams.setDefaultProxy(req.getParams(), new HttpHost("localhost",8080,"http"));
httpClient.execute(new RequestWrapper(req));
}
}
DefaultRequestHandler.java - the client that sends requests to server from my proxy server
public class DefaultHttpRequestHandler implements HttpRequestHandler {
private static String sslType = "TLS";
private HttpClient httpClient = null;
private ThreadSafeClientConnManager tm;
public DefaultHttpRequestHandler() {
super();
init();
}
private void init() {
try {
SSLContext sslCtx = SSLContext.getInstance(sslType);
// sslCtx.init(null,new TrustManager[] { new EasyX509TrustManager() }, null);
sslCtx.init(null, new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
System.out.println("getAcceptedIssuers =============");
return null;
}
public void checkClientTrusted(X509Certificate[] certs,
String authType) {
System.out.println("checkClientTrusted =============");
}
public void checkServerTrusted(X509Certificate[] certs,
String authType) {
System.out.println("checkServerTrusted =============");
}
#Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] arg0,
String arg1) throws CertificateException {
// TODO Auto-generated method stub
}
#Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] arg0,
String arg1) throws CertificateException {
// TODO Auto-generated method stub
}
} }, new SecureRandom());
SSLSocketFactory sf = new SSLSocketFactory(sslCtx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme https = new Scheme("https", 443, sf);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(https);
Scheme http = new Scheme("http", 80, PlainSocketFactory.getSocketFactory());
schemeRegistry.register(http);
tm = new ThreadSafeClientConnManager(schemeRegistry);
//httpClient = new ContentEncodingHttpClient(tm);
httpClient = new DefaultHttpClient(tm);
httpClient.getParams().setParameter(ClientPNames.ALLOW_CIRCULAR_REDIRECTS, true);
//httpClient.getConnectionManager().getSchemeRegistry() .register(https);
} catch (Exception e) {
System.err.println(e.getMessage());
e.printStackTrace();
}
}
public void handle(HttpRequest request, HttpResponse response,
HttpContext context) throws HttpException, IOException {
System.out.println(request);
RequestLine reqLine = request.getRequestLine();
if(reqLine.getMethod().equalsIgnoreCase("CONNECT"))
{
response.setEntity(new BufferedHttpEntity(new StringEntity("HTTP/1.0 200 Connection established\r\nProxy-agent: proxy client\r\n\r\n")));
//do i switch the socket to sslsocketconnection in defaulthttpserver here?
}
else
{
try {
HttpResponse clientResponse = null;
HttpEntity entity = null;
clientResponse = httpClient.execute(new RequestWrapper(request));
entity = clientResponse.getEntity();
if (entity != null) {
response.setEntity(new BufferedHttpEntity(entity));
}
} catch (Exception e) {
System.err.println(e.getMessage());
e.printStackTrace();
}
}
}
}
RequestListenerThread - This is run method inside my httpserver that handles dispatching requests
class RequestListenerThread extends Thread {
private static ServerSocket sslServersocket = null;
private static ServerSocket serversocket = null;
static ServerSocketFactory ssocketFactory = null;
private final HttpParams params;
private final HttpService httpService;
Selector selector ;
public RequestListenerThread(int port) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("privateKey2.store"), "whitehatsec123".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "whitehatsec123".toCharArray());
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(), null, null);
ssocketFactory = context.getServerSocketFactory();
//serversocket = ssocketFactory.createServerSocket(port);
serversocket = new ServerSocket(port);
this.params = new SyncBasicHttpParams();
this.params.setBooleanParameter(ClientPNames.HANDLE_REDIRECTS, true).setIntParameter(CoreConnectionPNames.SO_TIMEOUT, 50000)
.setIntParameter(CoreConnectionPNames.SOCKET_BUFFER_SIZE,
8 * 1024)
.setBooleanParameter(
CoreConnectionPNames.STALE_CONNECTION_CHECK, false)
.setBooleanParameter(CoreConnectionPNames.TCP_NODELAY, true)
.setParameter(CoreProtocolPNames.ORIGIN_SERVER,
"HttpComponents/1.1");
// Set up the HTTP protocol processor
HttpProcessor httpproc = new ImmutableHttpProcessor(
new HttpResponseInterceptor[] { new ResponseDate(),
new ResponseServer(), new ResponseContent(),
new ResponseConnControl() });
// Set up request handlers
HttpRequestHandlerRegistry reqistry = new HttpRequestHandlerRegistry();
reqistry.register("*", new DefaultHttpRequestHandler());
// Set up the HTTP service
this.httpService = new HttpService(httpproc,
new DefaultConnectionReuseStrategy(),
new DefaultHttpResponseFactory(), reqistry, this.params);
}
public void run()
{
System.out.println("Listening on port "
+ serversocket.getLocalPort());
while (!Thread.interrupted())
{
try
{
// Set up HTTP connection
Socket socket = serversocket.accept();
DefaultHttpServerConnection conn = new DefaultHttpServerConnection();
System.out.println("Incoming connection from "
+ socket.getInetAddress());
conn.bind(socket, this.params);
// Start worker thread
Thread t = new WorkerThread(this.httpService, conn);
t.setDaemon(true);
t.start();
} catch (InterruptedIOException ex) {
break;
} catch (IOException ex) {
System.err
.println("I/O error initialising connection thread: "
+ ex.getMessage());
ex.printStackTrace();
break;
}
}
}
}
class WorkerThread extends Thread {
private final HttpService httpservice;
private final HttpServerConnection conn;
public WorkerThread(final HttpService httpservice,
final HttpServerConnection conn) {
super();
this.httpservice = httpservice;
this.conn = conn;
}
public void run() {
System.out.println("New connection thread");
HttpContext context = new BasicHttpContext(null);
try {
while (!Thread.interrupted() && this.conn.isOpen()) {
this.httpservice.handleRequest(this.conn, context);
}
} catch (ConnectionClosedException ex) {
System.err.println("Client closed connection");
} catch (IOException ex) {
System.err.println("I/O error: " + ex.getMessage());
ex.printStackTrace();
} catch (HttpException ex) {
System.err.println("Unrecoverable HTTP protocol violation: "
+ ex.getMessage());
} finally {
try {
this.conn.shutdown();
} catch (IOException ignore) {
}
}
}
}
A proxy receiving a CONNECT request (and accepting it) doesn't do any SSL/TLS initialisation or processing (if it did, it would be a potential MITM attacker). It merely relays all the traffic between the target HTTPS host and the initial client back and forth.
More detailed in these answers perhaps:
SSL (https) error on my custom proxy server
CONNECT request to a forward HTTP proxy over an SSL connection?
What you would need is to be able to get hold of the underlying socket (or input/output streams) and write every byte you read on the other side.