Using the https protocol with a URLConnection

Ingredients:

• Apache/SSL providing certificates signed by my Certificate Authority.
• IBM 1.3 JDK Linux port.

• Java Secure Socket Extension JSSE from Sun. Last version I saw was 1.0.1.
• JDK 1.2 or 1.3.

Method:

• I used IBM's 1.3 (beta) Linux port. You can use Sun's 1.2 version but JSSE doesn't want to play with IBM's 1.1.8 port.
  
  
• Install the files jcert.jar, jnet.jar and jsse.jar from JSSE to your class path, or conveniently, place them in .../jre/lib/ext where they will be found by the Java runtime.

 
• Set up a certificate file with the keytool utility.

I set up my own 'Certificate Authority' so I could sign certificates for my own Apache/SSL web server. Thus the certificate coming from my web server has been signed by me with my CA certificate being the root certificate. The root certificate is the ultimate authority and needs to be in the list of known and approved root certificates.

This approved certificate list is provided by three files in the Java certificate setup:

.../jre/lib/security/cacerts (comes with the JRE and has various root certs for CAs like Verisign)
.../jre/lib/security/jssecacerts (a file specifically for the JSSE)
and file given by the Java property "javax.net.ssl.trustStore"


You need to add your root certificate to the cacerts or the jssecacerts file or provide your own file.

Use a command like: keytool ...

I tried adding the certificate (generated originally by openssl during the set up of my Apache/SSL web server) to the cacerts file using the keytool utility from Sun's 1.2 JDK but it failed with an error about an invalid signature. After mucking about I eventually settled with my own certificate file (keystore?) by using the IBM 1.3 keytool utility (it didn't complain, it just went ahead and worked).
 

• Add the line:

  security.provider.2=com.sun.net.ssl.internal.ssl.Provider to
  the file: .../jre/lib/security/java.security

or alternatively:

add to your Java source: java.security.Security.addProvider(new com.sun.net.ssl.Provider())

The first method adds the security provider statically, where the second does it dynamically at run-time.
 

• To your code, add the property: java.protocol.handler.pkgs

with the value: com.sun.net.ssl.internal.www.protocol
 
• If you are using your own certificate file, then you need to set the property: javax.net.ssl.trustStore with the full pathname to your certificate file, e.g.: /home/peterlg/certificates/myjavacerts

 
• Make yourself a URL with the https protocol, open it up and let 'er rip.

Example:

public class TestHttps {

    // here we're using the https protocol
    String updateSourceURL = "https://www.connect4.com.au/index.html";

    public static void main(String argv[]) throws Exception {

        Properties prop  = new Properties();

        // set the protocol handler
        prop.put("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");

        // my JRE barfs if this is not set
        prop.put("user.timezone","GMT+10:00");

        // I'm using my own certificate store
        // If you have your certificate in one of the standard places (cacerts or
        // jssecacerts) then ignore this line.
        prop.put("javax.net.ssl.trustStore","/home/peterlg/certificates/myjavacerts");

        // use these next two for going through a proxy server
        // prop.put("https.proxyHost","pxysvr.myorg.com");
        // prop.put("https.proxyPort","80"); // or try 443

        // set our properties now
        System.setProperties(prop);

        // we don't need this if we set the .../jre/lib/security/java.security file
        java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

        // do the URL thing like normal...
        URL url = new URL(updateSourceURL);
        URLConnection urlConnection = url.openConnection();
        BufferedReader in =
            new BufferedReader(
                new InputStreamReader(urlConnection.getInputStream()));

        String inputLine;
        String text = "";

        while ((inputLine = in.readLine()) != null) {
            text = text + inputLine + "\n";
            }

        System.out.println(text);
}
 

Errors:

Unsupported ... SSL ...
...stuff...

Exception in thread "..." java.net.SocketException: SSL implementation not available
    ...
    at java.net.SocketException.(SocketException.java:38)
    at javax.net.ssl.DefaultSSLSocketFactory.createSocket([DashoPro-V1.2-120198])
    ...
    at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([DashoPro-V1.2-120198])

This may indicate that the URL provided is malformed. No https:? Non-existant URL?