Java Tip 96: Writing client programs using HTTPS How to use HTTPS protocol in standard URL classes
By Matt Towers
Abstract Using HTTPS (Hypertext Transfer Protocol Secure Security Hypertext Transfer Protocol) is not as simple as you think. If you have tried secure communication between Java clients and HTTPS servers, you may notice that the standard Java.Net.URL class does not support HTTPS protocols. This article will show you how to use JDK 1.2-Compatible virtual machine or Microsoft's JDK 1.1-Compatible JVIEW to overcome these restrictions.
If you have tried secure communication between Java clients and HTTPS (secure hypertext transfer protocol) servers, you may notice the standard
The Java.Net.url class does not support HTTPS protocols. The server solution solution is very simple. Because almost all web servers today use the HTTPS protocol to provide the mechanism of query data. Once your server is configured, any browser can simply specify the protocol in the URL address to HTTPS, you can safely perform information inquiry on your server. If you don't build an HTTPS server, you can test your client code in almost all HTTPS pages on the Internet. in
The data section gives a list, lists a server address that can be tested by you HTTPS communication.
However, from the perspective of the client, you can safely communicate with "S" after the familiar HTTP is backed up. This simplicity is full of confusion. In fact, the browser has done a lot of work in the background to ensure that there is no tampering or eavesdropping the request data you sent. However, the algorithm used by the HTTPS protocol is the patent owned by RSA Security (this condition is at least a few months). The encryption algorithm has been licensed by the browser manufacturer, but SUM Microsystems does not agree to bind it into a standard Java URL class implementation. This causes a MALFORMEDURLEXCEPTION exception if you specify the protocol as https when you create a URL object.
Fortunately, in order to solve this limitations, the Java Specifications are available for the URL class to select an instead of the street handle. However, when you use different virtual machines (Virtual Machine), the implementation method of this technology is also different. In Microsoft's JDK 1.1-Compatible Virtual Machine JVIEW, Microsoft Permits the encryption algorithm and provides an HTTPS flow handle as part of its Wininet package. The Sun recently released Java Secure Sockets Extension (JSSE) for its JDK 1.2-Compatible virtual machine, which is licensed in JSSE and provides an HTTPS flow handle. This article will specifically explain how to use JSSE and Microsoft Wininet package to implement HTTPS flow handles.
JDK 1.2-Compatible Virtual Machine Using HTTPS in JDK 1.2-Compatible virtual machine mainly depends on the Java Secure Sockets Extension (JSSE) version 1.0.1 version. You must install JSSE first and add it to the classpath of the client virtual machine to use this technology.
Once you have installed JSSE, you have to set a system properties to add a new security provider to the Security class object. There are several ways to complete this requirement. In view of the purpose of this article, a practical method is introduced here:
System.SetProperty ("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); security.addprovider (new com.sun.net.ssl.internal.ssl.Provider ))); After completing the above two function calls, running the MalforMedurLexception is no longer thrown when the code as follows:
URL URL = New URL ("https: // [Your Server]");
If you connect the standard SSL port 443, you can ignore this option to add a port number after the URL string. But if you connect the web server to use a non-standard port for SSL communication, you need to add this port number to the URL string after the URL string:
URL URL = New URL ("https: //]]]: 7002");
Some servers have possible SSL certificates without signature or illegal. If the URL of such servers is involved, you should pay attention to using this method. In this case, if you try to retrieve an input or output stream from the connection object of the URL (for example, running the following code), an SSLEXCEPTION is thus throws an "Untrusted Server Cer Chain." Message. If the server has legal and signature certificates, no exception will be thrown.
URL URL = New URL ("https: // [Your Server]"); URLConnection Con = Url.OpenConnection (); // sslexception thrown here if Server certificate is invalidcon.getInputStream ();
The most obvious way to solve the above problem is to get a signature certificate for your server. For this issue in Java Developer Connectin Forum, a work area is established to find their related information in this URL address: http://forum.java.sun.com/forum? 14 @@. 787ad8de.
Microsoft JVIEW is argued due to Microsoft and Sun's licensing issues using Java on the Windows platform, Microsoft's JVIEW virtual machine is now only based on JDK 1.1-Compliant. JSSE needs 1.2.2-compatible or the above version of the virtual machine, so the above method does not apply to a client running on the JVIEW. However, Microsoft also provides a sufficiently convenient HTTPS flow handle that will be part of the com.ms.Net.wininet package.
In the JVIEW environment, you can set an HTTPS flow handle as long as a simple static function is called for the URL class:
Url.SeturlStreamHandlerFactory (Newcom.ms.Net.wininet.wininetStreamHandlerFactory ());
After performing the above function call, then run the following code will not throw MalforMedurlexception:
URL URL = New URL ("https: // [Your Server]");
Use this method to pay attention to two points. First, according to the JDK document, the SeruRlstreamHandlerFactory function can only be called once on a virtual machine. The following call will generate Error. Second, as in the 1.2 Virtual Machine Solution, you must be cautious when using the URL of the server that points to no signature or illegal certificate. As previously described, it will be issued when the connection object of the URL address will be retrieved. However, Microsoft's flow handle throws a standard ioExceptiony exception, not SSLXCeption. URL URL = New URL ("https: // [Your Server]"); URLConnection Con = Url.OpenConnection (); // ioException thrown here if Server certificate is invalidcon.getInputStream ();
Again, the most obvious way to solve this problem is to communicate only with those servers with the signature and legal certificate. However, JVIEW also provides another option. You can call the setAllowUser InterAction (TRUE) function for the Connection object before retrieving the input and output streams to the URL connection target. JVIEW displays the message at runtime, warns the user that the server is illegal, and the user can choose whether to continue. Always remember, such messages are reasonable in desktop applications, but in addition to debugging, let your server pop-up messages will be unsailed.
Note: You can also call the setAllowUser InterAction () function in the JDK 1.2-CompAtible version of the virtual machine. However, on the Sun's 1.2 virtual machine (test the following code), even if the parameter of the function is set to TRUE, the message box is not displayed.
URL url = new URL ( "https: // [your server]"); URLConnection con = url.openConnection (); // causes the VM to display a dialog when connecting // to untrusted serverscon.setAllowUserInteraction (true); con .Getinputstream ();
In Windows NT4.0, Windows2000, and Windows 9x operating systems, the com.ms.Net.wininet package is installed under the classpath of the system default. In addition, according to Microsoft's JDK document, WininetStreamHandlerFactory is "... The Same Handler That ISTALLED BY DEFAULT WHEN RUNNING Applets." When running Applet, the same flow handle is also default.
Platform Independence Although the above two methods covers most Java clients that may run, your Java client may need to run correctly on JDK 1.1 and JDK 1.2-Compliant virtual machines. "Write once, run anywhere," Remember? It will naturally think that the two methods will be combined to perform the corresponding handle according to the running virtual machine. The following code shows a method of achieving this:
String strvendor = system.getProperty ("java.vendor"); string strVersion = system.getProperty ("java.version"); // Assumes a system version string of the form: // [major]. [Minor]. Release] (EG. 1.2.2) Double DVERSION = New Double (strVersion.substring (0, 3)); // if we are running in a ms environment, use the ms stream handler.if (-1 About Applets Perform an HTTPS-based communication in the applet, it seems to be natural expansion of the above. In fact, HTTPS communication in the applet is easier to implement in most cases. In the 4.0 or higher of Netscape Navigator and Internet Explorer, their respective virtual machines default license HTTPS protocol. Therefore, if you want to create an HTTPS connection in the Applet code, you can specify the protocol name as "https" when you create a URL instance. URL URL = New URL ("https: // [Your Server]"); If the client browser runs Sun's Java 2 plug-in, then some other restrictions will be encountered when you use HTTPS. A detailed discussion of using HTTPS in the Java 2 plug-in can be found on Sun Site (see the information at the end of this article). Conclusion The use of HTTPS protocols in applications is a way to get sufficient security in communication in communication. Unfortunately, more for law rather than technical reasons, it is not supported by the standard Java specification manual. In any case, with the production of JSSE and the use of Microsoft Com.ms.Net.Wininet package, only a few lines of code can be implemented on most of the platforms. About the author matt tower, claiming ebozo, recently left his position in Visio. Thereafter, an Internet company in Washington Seattle, PredictPoint.com, where there is a full-time Java development work. data The cross-platform implementation code described herein is implemented in a class called the HTTPSMessage class. HttpsMessage is a subclass of the HTTPMessage class. The author of the httpMessage class is the author of Jason Hunter, Java Servlet Programming (O'Reilly & Associates). In the second edition of the book he is about to publish, you can find the httpsmessage class. If you want to inherit this class, you must download and install the com.Oreily.Servlets package. This package and related sub-source code can be found on Hunter's site: http://www.servlets.com You can also download the compressed file for the HTTPSMessage source code: httpsMessage.zip The following is a web page address for testing HTTPS communication:
