Thursday, November 19, 2009

HTTSURLConnection with weblogic.

Hello, I ran into several situations where I need to make a HTTP connection to outside vendors or to a server in a local location to grab data. In most cases it needs to be encrypted. When we work with weblogic (my client runs in weblogic) we have to use the Weblogic libraries to resolve the SSL certificates. In many situations the local servers that connect to only had a demo certificate and we need code around to avoid the errors geneated by the demo certificates.

Here is some basic information about how to make a connection and to ignore the demo certificate warning. You only need to do eht custom hostname verifier if you want to avoid the demo certificate warning. In my case I have it configured so that in all test regions it does that and when we go to production it forces the certificate validation.

import weblogic.net.http.HttpsURLConnection;
import weblogic.security.SSL.HostnameVerifier;
import weblogic.security.SSL.TrustManager;
 
String target = "https://google.com";
URL url = new URL(target);
HttpsURLConnection httpConn = new HttpsURLConnection(url); 
 
SSLContext context = SSLContext.getInstance("https");
        context.setHostnameVerifier(new MyHostNameVerifier());
        context.setTrustManager(new MyTrustManager());
        httpConn.setSSLSocketFactory(context.getSocketFactory());
httpConn.setRequestProperty("Content-Length", String.valueOf(inputBytes.length));
        httpConn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        httpConn.setRequestMethod("POST");
        httpConn.setRequestProperty("Connection", "Keep-Alive");
        httpConn.setDoOutput(true);
        httpConn.setDoInput(true);
        httpConn.setUseCaches(false);

        OutputStream out = httpConn.getOutputStream();
        out.write(inputBytes);
        out.close();

        InputStreamReader isr = new InputStreamReader(httpConn.getInputStream());
        BufferedReader in = new BufferedReader(isr);

        String inputLine = "";
        StringBuffer inputBuffer = new StringBuffer();
        while ((inputLine = in.readLine()) != null) {
            inputBuffer.append(inputLine);
            inputBuffer.append('\n');
        }
        in.close();
 
 
 
// the following classes are used to trust all certificates: 
 
 
class MyHostNameVerifier implements HostnameVerifier {

  public boolean verify(String arg0, SSLSession arg1) {
   // TODO Auto-generated method stub
   return true;
  }
    }

    class MyTrustManager implements TrustManager {

  public boolean certificateCallback(
    java.security.cert.X509Certificate[] arg0, int arg1) {
   // TODO Auto-generated method stub
   return true;
  }
    } 
 

If you are using plain java you normally open the connection with url.openconnection. But inorder to use the Weblogic overloaded connection it is better to use HTTPSUrlConnection.open(url). This is only valid when you use the overloaded connection from weblogic.

No comments:

Post a Comment