问题描述:

Im trying to connect to https://www.google.com using the following apache example code:

/**

* This example demonstrates how to create secure connections with a custom SSL

* context.

* http://www.apache.org/licenses/LICENSE-2.0

*/

public class ClientCustomSSL {

public final static void main(String[] args) throws Exception {

DefaultHttpClient httpclient = new DefaultHttpClient();

try {

KeyStore trustStore = KeyStore.getInstance(KeyStore

.getDefaultType());

FileInputStream instream = new FileInputStream(new File(

"my.keystore"));

try {

trustStore.load(instream, "123456".toCharArray());

} finally {

try {

instream.close();

} catch (Exception ignore) {

}

}

SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);

Scheme sch = new Scheme("https", 443, socketFactory);

httpclient.getConnectionManager().getSchemeRegistry().register(sch);

HttpGet httpget = new HttpGet("https://www.google.com");

System.out.println("executing request" + httpget.getRequestLine());

HttpResponse response = httpclient.execute(httpget);

HttpEntity entity = response.getEntity();

System.out.println("----------------------------------------");

System.out.println(response.getStatusLine());

if (entity != null) {

System.out.println("Response content length: "

+ entity.getContentLength());

}

EntityUtils.consume(entity);

} finally {

// When HttpClient instance is no longer needed,

// shut down the connection manager to ensure

// immediate deallocation of all system resources

httpclient.getConnectionManager().shutdown();

}

}

}

Im getting this error message:

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)

at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)

at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)

at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)

at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)

at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)

at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)

at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)

at ClientCustomSSL.main(ClientCustomSSL.java:71)

-keytool -list shows the following:

Keystore-Typ: JKS

Keystore-Provider: SUN

Keystore enthält 3 Einträge

low, 19.03.2012, trustedCertEntry,

Zertifikat-Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2

root, 19.03.2012, trustedCertEntry,

Zertifikat-Fingerprint (SHA1): C1:95:6D:C8:A7:DF:B2:A5:A5:69:34:DA:09:77:8E:3A:11:02:33:58

mid, 19.03.2012, trustedCertEntry,

Zertifikat-Fingerprint (SHA1): EC:07:10:03:D8:F5:A3:7F:42:C4:55:7F:65:6A:AE:86:65:FA:4B:02

I saved the all 3 certs (google.com and upper) in my browser by clicking the adressbar->to file and importet it with keytool -import -trustcacerts -alias xx -file xxxx.cer

what am i doing wrong`?

thanks in advance

相关阅读:
Top