Ola pessoal,
Ha algum tempo venho tentando conectar a um website atraves de SSL. A aplicacao rodara em WebSphere 5.0 com Jdk 1.3. Mesmo com a ajuda do pessoal do forum e de outras comunidades pela internet, ainda nao consegui resolver o problema.
Criei uma aplicacao de teste que reproduz fielmente o problema (Quando executada na JRE do WebSphere 5.0 - baixe aqui: http://rapidshare.com/files/137585755/JRE_IBM.zip.html).
O erro que recebo ao conectar a URL https:www.ftc.gov eh o seguinte:C:\Temp\SSLTestIBM_SIMPLE_2\build\classes>c:\JRE_IBM\jre\bin\java.exe ssltest.SS
LTest https://www.ftc.gov
javax.net.ssl.SSLHandshakeException: bad certificate
at com.ibm.jsse.bh.a(Unknown Source)
at com.ibm.jsse.bh.startHandshake(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.b.n(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.p.connect(Unknown Source)
at com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(Unknown Source)
at ssltest.SSLTest.testConnection(SSLTest.java:138)
at ssltest.SSLTest.main(SSLTest.java:31)
Error: javax.net.ssl.SSLHandshakeException: bad certificate
Starting (https://www.ftc.gov) OK
Provider (https://www.ftc.gov) OK
Certificates (https://www.ftc.gov) OK
SSL (https://www.ftc.gov) OK
Tentei adicionar o certificado (em anexo) deste website na aplicacao (peguei atraves so Browser), mas nao consegui fazer funcionar.
O codigo que produz o problema eh esse:
package ssltest;
import java.io.*;
import java.net.*;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import com.ibm.net.ssl.SSLContext;
import com.ibm.net.ssl.TrustManager;
import com.ibm.net.ssl.TrustManagerFactory;
import com.ibm.net.ssl.X509TrustManager;
import com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
/**
*
* @author pen_fold
*/
public class SSLTest {
/**
* @param args the command line arguments
*/
public static void main(String[] args) {
SSLTest objSSLTest = new SSLTest();
if (args.length > 0)
objSSLTest.testConnection(args[0]);
else {
objSSLTest.testConnection("https://www.ftc.gov");
System.out.println("\n\n *************************************** \n\n");
/*
objSSLTest.testConnection("https://www.sun.com");
System.out.println("\n\n *************************************** \n\n");
objSSLTest.testConnection("https://www.verisign.com");
System.out.println("\n\n *************************************** \n\n");
objSSLTest.testConnection("https://www.microsoft.com");
System.out.println("\n\n *************************************** \n\n");
objSSLTest.testConnection("http://www.google.com");
System.out.println("\n\n *************************************** \n\n");*/
}
}
private void testConnection(String strUrl) {
String strDebug = "";
strDebug += "Starting ("+ strUrl +") OK\n";
System.setProperty ("java.protocol.handler.pkgs", "com.ibm.net.ssl.internal.www.protocol"); //add https protocol handler
java.security.Security.addProvider ( new com.ibm.jsse.JSSEProvider()); //dynamic registration of IBMJSSE provider
strDebug += "Provider ("+ strUrl +") OK\n";
TrustManager[] arrTrustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {}
public boolean isClientTrusted(X509Certificate[] arg0) {
// TODO Auto-generated method stub
return true;
}
public boolean isServerTrusted(X509Certificate[] arg0) {
// TODO Auto-generated method stub
return true;
}
}, null
};
//Extra certificate
/*
try {
KeyStore ks= KeyStore.getInstance("JKS"); // Filetype?
TrustManagerFactory tmf = TrustManagerFactory.getInstance("IbmX509");
ks.load(null, null);
CertificateFactory cf= CertificateFactory.getInstance("X.509");
X509Certificate cert=
(X509Certificate) cf.generateCertificate(
new FileInputStream("www.ftc.gov.crt"));
ks.setCertificateEntry(cert.getSubjectDN().getName(), cert);
tmf.init(ks);
TrustManager[] trustManagers = tmf.getTrustManagers();
arrTrustAllCerts[1] = trustManagers[0];
} catch (IOException ex) {
System.out.println("Error 1");
ex.printStackTrace();
} catch (NoSuchAlgorithmException ex) {
System.out.println("Error 2");
ex.printStackTrace();
} catch (CertificateException ex) {
System.out.println("Error 3");
ex.printStackTrace();
} catch (KeyStoreException ex) {
System.out.println("Error 4");
ex.printStackTrace();
}*/
strDebug += "Certificates ("+ strUrl +") OK\n";
SSLContext objSSLContext;
try {
objSSLContext = SSLContext.getInstance("SSL");
objSSLContext.init(null, arrTrustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(objSSLContext.getSocketFactory());
strDebug += "SSL ("+ strUrl +") OK\n";
URL objUrl = new URL(strUrl);
HttpURLConnection objConnection = (HttpURLConnection) objUrl.openConnection();
objConnection.setDoOutput(true);
objConnection.connect();
strDebug += "Connection ("+ strUrl +") OK\n";
BufferedReader objBufferReader = new BufferedReader(new InputStreamReader(objConnection.getInputStream()));
String strResponse = null;
while ((strResponse = objBufferReader.readLine()) != null)
System.out.println(strResponse);
objConnection.disconnect();
strDebug += "Disconnection ("+ strUrl +") OK\n";
}catch(UnknownHostException UHex)
{
UHex.printStackTrace();
System.out.println("UnknownHostException: " + UHex);
}catch(Exception ex)
{
ex.printStackTrace();
System.out.println("Error: " + ex);
}finally {
System.out.println(strDebug);
}
}
}
O erro eh de facil reproducao (se rodado com a JRE da IBM - baixe no link).
Se alguem puder me ajudar a resolver esse problema ficarei muito agradecido, pois ja nao sei mais o que tentar.
Obrigado