When you need to support self-signed SSL certificates in your Apache HttpClient based application you can use the contributed EasySSLProtocolSocketFactory as described in the HttpClient docs.
- Apache Httpclient Ssl Data
- Apache Httpclient Ssl
- Apache Httpclient Ssl Example
- Apache Httpclient Ssl Verification
- Apache Httpclient Download
Apache Httpclient Ssl Data
Apache HttpClient - Custom SSL Context, Apache HttpClient - Custom SSL Context - Using Secure Socket Layer, you can establish a secured connection between the client and server. It helps to Instantiate an object of type org.apache.commons.httpclient.protocol.Protocol. The new instance would be created with a valid URI protocol scheme (https in. Apache HttpClient - Proxy Authentication - In this chapter, we will learn how to create a HttpRequest authenticated using username and password and tunnel it through a proxy to a target host, using an ex.
Instead of using HttpClient’s HostConfiguration object directly you’d modify its protocol socket factory in your code like so:
2 4 6 8 10 12 14 16 | if(config.isAllowSelfSignedCertificates()){ ProtocolSocketFactory factory=newEasySSLProtocolSocketFactory(); URI uri=newURI(config.getBaseUrl()); if(port-1){ } Protocol easyHttps=newProtocol(uri.getScheme(),factory,port); hostConfiguration.setHost(uri.getHost(),port,easyHttps); thrownewIOException('could not parse URI '+config.getBaseUrl(),e); } |
Somewhere you’d instantiate a HttpClient object. Then you get its host config through HttpClient#getHostConfiguration() – I stored this in the hostConfiguration variable. The if, the config variable, checking for port, etc. is all my own code and has nothing to do with HttpClient directly.
There is one caveat, though! Never use absolute URIs against the HttpClient 3.x with the EasySSLProtocolSocketFactory in place! If you did you’d get the dreaded
I found that the HttpClient 3.x has the following code in its executeMethod() method:
- Apache HttpClient Resources
- Selected Reading
Using Secure Socket Layer, you can establish a secured connection between the client andserver. It helps to safeguard sensitive information such as credit card numbers, usernames, passwords, pins, etc.
You can make connections more secure by creating your own SSL context using the HttpClient library.
Follow the steps given below to customize SSLContext using HttpClient library −
Step 1 - Create SSLContextBuilder object
SSLContextBuilder is the builder for the SSLContext objects. Create its object using the custom() method of the SSLContexts class.
Step 2 - Load the Keystore
In the path Java_home_directory/jre/lib/security/, you can find a file named cacerts. Save this as your key store file (with extension .jks). Load the keystore file and, its password (which is changeit by default) using the loadTrustMaterial() method of the SSLContextBuilder class.
Step 3 - build an SSLContext object
An SSLContext object represents a secure socket protocol implementation. Build an SSLContext using the build() method.
Step 4 - Creating SSLConnectionSocketFactory object
SSLConnectionSocketFactory is a layered socket factory for TSL and SSL connections. Using this, you can verify the Https server using a list of trusted certificates and authenticate the given Https server.
You can create this in many ways. Depending on the way you create an SSLConnectionSocketFactory object, you can allow all hosts, allow only self-signedcertificates, allow only particular protocols, etc.
To allow only particular protocols, create SSLConnectionSocketFactory object by passing an SSLContext object, string array representing the protocols need to be supported, string array representing the cipher suits need to be supported and a HostnameVerifier object to its constructor.
To allow all hosts, create SSLConnectionSocketFactory object by passing a SSLContext object and a NoopHostnameVerifier object.
Step 5 - Create an HttpClientBuilder object
Create an HttpClientBuilder object using the custom() method of the HttpClients class.
Step 6 - Set the SSLConnectionSocketFactory object
Set the SSLConnectionSocketFactory object to the HttpClientBuilder using the setSSLSocketFactory() method.
Step 7 - Build the CloseableHttpClient object
Build the CloseableHttpClient object by calling the build() method.
Step 8 - Create an HttpGet object
The HttpGet class represents the HTTP GET request which retrieves the information ofthe given server using a URI.
Apache Httpclient Ssl
Create a HTTP GET request by instantiating the HttpGet class by passing a string representing the URI.
Apache Httpclient Ssl Example
Step 9 - Execute the request
Execute the request using the execute() method.
Apache Httpclient Ssl Verification
Example
Following example demonstrates the customization of the SSLContrext −
Output
Apache Httpclient Download
On executing, the above program generates the following output.