Need help to use TLSv1.2 in java 1.4

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

Need help to use TLSv1.2 in java 1.4

Gaurav Tawale
Hi Team,

We have a webapplication which uses java 1.4.

We need to call HTTPS webervice but server needs TLSv1.2 but java 1.4 does provide.

BC provides TLSv1.2 .Could you please send me sample java programme for this.I did not get find any sample programme on Google.

Thanks,
Gaurav Tawale
Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Gaurav Tawale
I am looking for java programme which uses TLSv1.2 in Java 1.4.

I am calling webservice using HTTPURLConnection which accepts TLSv1.2 only.

I have added required certificates in cacrts(truststore).

Thanks,
Gaurav Tawale

On 22 Jun 2017 16:14, "Gaurav Tawale" <[hidden email]> wrote:
Hi Team,

We have a webapplication which uses java 1.4.

We need to call HTTPS webervice but server needs TLSv1.2 but java 1.4 does provide.

BC provides TLSv1.2 .Could you please send me sample java programme for this.I did not get find any sample programme on Google.

Thanks,
Gaurav Tawale
Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Daniel Manley
Hi Gaurav,

We have done it and it works like a charm.  this was the source code I used as a base and I adapted it for our use of SSLSocketFactory (creating a child class called TLSSocketFactory, which creates an instance of TLSSocket, which wrapped and managed a subclass of DefaultTlsClient, etc:

https://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle

import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;

public class TLSSocketFactory extends SSLSocketFactory implements SecureProtocolSocketFactory {

All of this being used with apache http client.  If this doesn't help, I could probably share some specific code with you.  Lemme know.

Dan
 
On 2017-06-22 11:28 AM, Gaurav Tawale wrote:
I am looking for java programme which uses TLSv1.2 in Java 1.4.

I am calling webservice using HTTPURLConnection which accepts TLSv1.2 only.

I have added required certificates in cacrts(truststore).

Thanks,
Gaurav Tawale

On 22 Jun 2017 16:14, "Gaurav Tawale" <[hidden email]> wrote:
Hi Team,

We have a webapplication which uses java 1.4.

We need to call HTTPS webervice but server needs TLSv1.2 but java 1.4 does provide.

BC provides TLSv1.2 .Could you please send me sample java programme for this.I did not get find any sample programme on Google.

Thanks,
Gaurav Tawale

Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Gaurav Tawale
Hi Daniel,

Your reply gave me some hope . Thank you.


It seems that you have not used java 1.4 .I can see some code like generics in List which java 1.4 does not support.

If possible can you please share your source code of this and also if you have written in Java 1.4 share that code as well.

Thanks,
Gaurav Tawale

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
Hi Gaurav,

We have done it and it works like a charm.  this was the source code I used as a base and I adapted it for our use of SSLSocketFactory (creating a child class called TLSSocketFactory, which creates an instance of TLSSocket, which wrapped and managed a subclass of DefaultTlsClient, etc:

https://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle

import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;

public class TLSSocketFactory extends SSLSocketFactory implements SecureProtocolSocketFactory {

All of this being used with apache http client.  If this doesn't help, I could probably share some specific code with you.  Lemme know.

Dan
 
On 2017-06-22 11:28 AM, Gaurav Tawale wrote:
I am looking for java programme which uses TLSv1.2 in Java 1.4.

I am calling webservice using HTTPURLConnection which accepts TLSv1.2 only.

I have added required certificates in cacrts(truststore).

Thanks,
Gaurav Tawale

On 22 Jun 2017 16:14, "Gaurav Tawale" <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;gtawale@gmail.com&#39;);" target="_blank">gtawale@...> wrote:
Hi Team,

We have a webapplication which uses java 1.4.

We need to call HTTPS webervice but server needs TLSv1.2 but java 1.4 does provide.

BC provides TLSv1.2 .Could you please send me sample java programme for this.I did not get find any sample programme on Google.

Thanks,
Gaurav Tawale

Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Daniel Manley
Correct -- we had to downgrade those samples from JDK16 to get ride of annotations and generics.   Ok - here ya go...


import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;

import javax.net.ssl.SSLSocketFactory;

import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.log4j.Logger;

// this is a class that encapsulates reading in system properties.  in our app
// it's in a different package, but I've kept the import here to be explicit
import config.ApplicationConfig;

public class TLSSocketFactory extends SSLSocketFactory implements SecureProtocolSocketFactory {

    private static final Logger log = Logger.getLogger(TLSSocketFactory.class);

    ApplicationConfig applicationConfig;

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }

    protected Socket _createSocket(Socket socket, String host) throws IOException {
        return new TLSSocket(applicationConfig, socket, host);
    }

    public void setApplicationConfig(ApplicationConfig pcfg) {
        applicationConfig = pcfg;
    }

    public String[] getDefaultCipherSuites() {
        return null;
    }

    public String[] getSupportedCipherSuites() {
        return null;
    }

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

}

/////////////////////////////////////
/////////////////////////////////////


import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.SecureRandom;

import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;

import org.apache.log4j.Logger;
import org.bouncycastle.crypto.tls.TlsClientProtocol;

import config.ApplicationConfig;

public class TLSSocket extends SSLSocket
{
    private static final Logger log = Logger.getLogger(TLSSocket.class);
    boolean handshook = false;
    protected java.security.cert.Certificate[] peerCerts;
    protected TlsClientProtocol tlsClientProtocol;
    protected String host;
    protected ApplicationConfig applicationConfig;
    protected Socket socket;

    public TLSSocket(ApplicationConfig cfg, Socket scket, String hst) throws IOException {
        host = hst;
        applicationConfig = cfg;
        socket = scket;
        tlsClientProtocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new SecureRandom());
    }
   
    public boolean isConnected() {
        return handshook;
    }

    public InputStream getInputStream() throws IOException {
        startHandshake();
        return tlsClientProtocol.getInputStream();
    }

    public OutputStream getOutputStream() throws IOException {
        startHandshake();
        return tlsClientProtocol.getOutputStream();
    }

    public synchronized void close() throws IOException {
        if ( ! tlsClientProtocol.isClosed() ) {
            tlsClientProtocol.close();
        }
        if ( ! socket.isClosed() ) {
            socket.close();
        }
    }

    public void addHandshakeCompletedListener(HandshakeCompletedListener arg0) {
    }

    public boolean getEnableSessionCreation() {
        return false;
    }

    public String[] getEnabledCipherSuites() {
        return null;
    }

    public String[] getEnabledProtocols() {
        return null;
    }

    public boolean getNeedClientAuth() {
        return false;
    }

    public SSLSession getSession() {
        return new TLSSession(this);
    }

    public String[] getSupportedProtocols() {
        return null;
    }

    public boolean getUseClientMode() {
        return false;
    }

    public boolean getWantClientAuth() {
        return false;
    }

    public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) {
    }

    public void setEnableSessionCreation(boolean arg0) {
    }

    public void setEnabledCipherSuites(String[] arg0) {
    }

    public void setEnabledProtocols(String[] arg0) {
    }

    public void setNeedClientAuth(boolean arg0) {
    }

    public void setUseClientMode(boolean arg0) {
    }

    public void setWantClientAuth(boolean arg0) {
    }

    public String[] getSupportedCipherSuites() {
        return null;
    }

    public void startHandshake() throws IOException {
        // only do this once per instance
        if (handshook) {
            log.debug("already handshook");
            return;
        }

        CustomTLSClient client = new CustomTLSClient(this);
        tlsClientProtocol.connect(client);
        log.debug("successfully handshook");
        log.debug("TLS client version [" + client.getClientVersion() + "]");
        handshook = true;
    } // end startHandshake()
}

/////////////////////////////////////
/////////////////////////////////////


import java.security.Principal;

import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;

/**
 * Code adapted from http://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle
 */
public class TLSSession implements SSLSession
{
    TLSSocket socket;
   
    public TLSSession(TLSSocket socket) {
        this.socket = socket;
    }
   
    public int getApplicationBufferSize() {
        return 0;
    }

    public String getCipherSuite() {
        throw new UnsupportedOperationException();
    }

    public long getCreationTime() {
        throw new UnsupportedOperationException();
    }

    public byte[] getId() {
        throw new UnsupportedOperationException();
    }

    public long getLastAccessedTime() {
        throw new UnsupportedOperationException();
    }

    public java.security.cert.Certificate[] getLocalCertificates() {
        throw new UnsupportedOperationException();
    }

    public Principal getLocalPrincipal() {
        throw new UnsupportedOperationException();
    }

    public int getPacketBufferSize() {
        throw new UnsupportedOperationException();
    }

    public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
        return null;
    }

    public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
        return socket.peerCerts;
    }

    public String getPeerHost() {
        throw new UnsupportedOperationException();
    }

    public int getPeerPort() {
        return 0;
    }

    public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
        return null;
    }

    public String getProtocol() {
        throw new UnsupportedOperationException();
    }

    public SSLSessionContext getSessionContext() {
        throw new UnsupportedOperationException();
    }

    public Object getValue(String arg0) {
        throw new UnsupportedOperationException();
    }

    public String[] getValueNames() {
        throw new UnsupportedOperationException();
    }

    public void invalidate() {
        throw new UnsupportedOperationException();
    }

    public boolean isValid() {
        throw new UnsupportedOperationException();
    }

    public void putValue(String arg0, Object arg1) {
        throw new UnsupportedOperationException();
    }

    public void removeValue(String arg0) {
        throw new UnsupportedOperationException();
    }
}

/////////////////////////////////////
/////////////////////////////////////

import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.Hashtable;

import org.apache.log4j.Logger;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.ExtensionType;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsECCUtils;

/**
 * Code adapted from http://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle
 */
public class CustomTLSClient extends DefaultTlsClient
{
    private static final Logger log = Logger.getLogger(CustomTLSClient.class);

    TLSSocket socket;
   
    public CustomTLSClient(TLSSocket socket) {
        this.socket = socket;
    }
   
    public Hashtable getClientExtensions() throws IOException {
        Hashtable clientExtensions = super.getClientExtensions();
        if (clientExtensions == null) {
            clientExtensions = new Hashtable();
        }

        // Add host_name
        byte[] host_name = socket.host.getBytes();

        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
        final DataOutputStream dos = new DataOutputStream(baos);
        dos.writeShort(host_name.length + 3);
        dos.writeByte(0); //
        dos.writeShort(host_name.length);
        dos.write(host_name);
        dos.close();
        clientExtensions.put(new Integer(ExtensionType.server_name), baos.toByteArray());
        return clientExtensions;
    }

    protected boolean allowUnexpectedServerExtension(Integer extensionType, byte[] extensionData)
            throws IOException {
        log.debug("checking on allowing this extensionType: " + extensionType);
        switch (extensionType.intValue()) {
            case ExtensionType.ec_point_formats:
                /*
                 * Exception added based on field reports that some servers
                 * send Supported Point Format Extension even when not
                 * negotiating an ECC cipher suite. If present, we still
                 * require that it is a valid ECPointFormatList.
                 */
                TlsECCUtils.readSupportedPointFormatsExtension(extensionData);
                return true;
            default:
                return super.allowUnexpectedServerExtension(extensionType, extensionData);
        }
    }

    public TlsAuthentication getAuthentication() throws IOException {
        return new CustomTLSAuthentication(socket);
    }

}

/////////////////////////////////////
/////////////////////////////////////


import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;

import java.security.cert.CertificateExpiredException;

import org.apache.log4j.Logger;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsCredentials;

/**
 * Code adapted from http://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle
 */
public class CustomTLSAuthentication implements TlsAuthentication
{

    private static final Logger log = Logger.getLogger(CustomTLSAuthentication.class);

    TLSSocket socket;
   
    public CustomTLSAuthentication(TLSSocket socket) {
        this.socket = socket;
    }
   
    public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate serverCertificate)
            throws IOException {

        try {
            KeyStore ks = loadKeyStore();

            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            List certs = new LinkedList();
            boolean trustedCertificate = false;
            org.bouncycastle.asn1.x509.Certificate[] serverCerts = serverCertificate
                    .getCertificateList();
            log.debug("serverCerts chain [" + Arrays.asList(serverCerts) + "]");
            for (int i = 0; i < serverCerts.length; i++) {
                org.bouncycastle.asn1.x509.Certificate c = serverCerts[i];
                java.security.cert.Certificate cert = cf
                        .generateCertificate(new ByteArrayInputStream(c.getEncoded()));
                certs.add(cert);

                String alias = ks.getCertificateAlias(cert);
                if (alias != null) {
                    log.debug("Trusted server cert under alias ["+alias+"]: " + c.getSubject().toString());
                    if (cert instanceof java.security.cert.X509Certificate) {
                        try {
                            ((java.security.cert.X509Certificate) cert).checkValidity();
                            trustedCertificate = true;
                            log.debug("Certificate is active for current date");
                        } catch (CertificateExpiredException cee) {
                            log.debug("Certificate is expired");
                        } catch (Exception e) {
                            log.debug("Certificate isn't valid for reason ["+e.getClass().getName()+"] ["+e.getMessage()+"]");
                        }
                    }
                } else {
                    log.debug("Unknown cert but we're going to ignore that: "
                            + c.getSubject().toString());
                }

            }
            if (!trustedCertificate) {
                // if we didn't want to trust the server, we could
                // signal that here with an exception
                // throw new CertificateException("Unknown cert " + serverCertificate);
                log.debug("We don't have any cacerts to match host ["+socket.host+"]; policy is to trust anyhow");
            }
            socket.peerCerts = (java.security.cert.Certificate[]) certs
                    .toArray(new java.security.cert.Certificate[0]);
        } catch (Exception ex) {
            // logging exception here because IOException doesn't have
            // a constructor that will take this exception as a cause parameter
            log.debug("failed to validate server certificate chain", ex);
            throw new IOException(ex.getMessage());
        }

    }

    public TlsCredentials getClientCredentials(CertificateRequest arg0) throws IOException {
        return null;
    }

    /**
     * load up app's trust store.
     *
     * @return
     * @throws Exception
     */
    protected KeyStore loadKeyStore() throws Exception {
        FileInputStream trustStoreFis = null;
        try {
            String sysTrustStore = null;
            File trustStoreFile = null;

            KeyStore localKeyStore = null;

            sysTrustStore = socket.applicationConfig.getProperty(PIConstants.TRUSTSTORE_FILE_PROPERTY);

            if (StringUtil.isBlankStr(sysTrustStore)) {
                throw new IllegalArgumentException("missing truststore file property value");
            }

            trustStoreFile = new File(sysTrustStore);
            trustStoreFis = _getFileInputStream(trustStoreFile);

            if (trustStoreFis != null) {
                sysTrustStore = trustStoreFile.getPath();
            } else {
                throw new IllegalArgumentException("truststore file wasn't found ["+sysTrustStore+"]");
            }

            localKeyStore = KeyStore.getInstance("jks");

            String trustStorePassword = socket.applicationConfig.getProperty(PIConstants.TRUSTSTORE_PASSWORD_PROPERTY);
            if ( trustStorePassword == null ) {
                trustStorePassword = "";
            }

            char[] passwordBytes = trustStorePassword.toCharArray();
            localKeyStore.load(trustStoreFis, passwordBytes);

            // set all of the bytes of the password to 0 to forcefully blank it out
            for (int i = 0; i < passwordBytes.length; i++) {
                passwordBytes[i] = 0;
            }

            return (KeyStore) localKeyStore;
        } finally {
            if (trustStoreFis != null) {
                trustStoreFis.close();
            }
        }
    }

    private FileInputStream _getFileInputStream(File paramFile) throws Exception {
        if (paramFile.exists()) {
            return new FileInputStream(paramFile);
        }
        return null;
    }

       
}





On 2017-06-22 11:59 AM, Gaurav Tawale wrote:
Hi Daniel,

Your reply gave me some hope . Thank you.


It seems that you have not used java 1.4 .I can see some code like generics in List which java 1.4 does not support.

If possible can you please share your source code of this and also if you have written in Java 1.4 share that code as well.

Thanks,
Gaurav Tawale

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
Hi Gaurav,

We have done it and it works like a charm.  this was the source code I used as a base and I adapted it for our use of SSLSocketFactory (creating a child class called TLSSocketFactory, which creates an instance of TLSSocket, which wrapped and managed a subclass of DefaultTlsClient, etc:

https://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle

import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;

public class TLSSocketFactory extends SSLSocketFactory implements SecureProtocolSocketFactory {

All of this being used with apache http client.  If this doesn't help, I could probably share some specific code with you.  Lemme know.

Dan
 
On 2017-06-22 11:28 AM, Gaurav Tawale wrote:
I am looking for java programme which uses TLSv1.2 in Java 1.4.

I am calling webservice using HTTPURLConnection which accepts TLSv1.2 only.

I have added required certificates in cacrts(truststore).

Thanks,
Gaurav Tawale

On 22 Jun 2017 16:14, "Gaurav Tawale" <<a moz-do-not-send="true" href="javascript:_e(%7B%7D,'cvml','gtawale@gmail.com');" target="_blank">gtawale@...> wrote:
Hi Team,

We have a webapplication which uses java 1.4.

We need to call HTTPS webervice but server needs TLSv1.2 but java 1.4 does provide.

BC provides TLSv1.2 .Could you please send me sample java programme for this.I did not get find any sample programme on Google.

Thanks,
Gaurav Tawale


Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Daniel Manley
there's no downgrading required from my pasted code.  it *is* java 1.4 code.

here's the apache client code in a nutshell -- please note that we specify TLS-based connections with URL prefix tls:// so that we don't mess with legacy connection code and socket factories...

so --- HttpClient will ask the registered Protocol (i.e. tls://) how to open a socket via a socket factory.  So you setup the socket factory first, register the custom protocol and ask HttpClient to connect to something like tls://example.com/tls/server  -- i.e. this is so that https://another.example.com/ssl/server doesn't get forced to use the TLS code as well.

private static final String PROTOCOL_HTTP = "http";
private static final String PROTOCOL_HTTPS = "https";
private static final String PROTOCOL_TLS = "tls";

this.connection = new HttpClient();

// special TLS socket factory so that we can handshake with TLS1.2
// **** getTLSSockerFactory source code below...
SSLSocketFactory ssf = getTLSSocketFactory(ctx);

// need to make sure we're using the URL protocol to match the socket factory
urlStr = urlStr.replaceAll("^"+PROTOCOL_HTTPS, PROTOCOL_TLS);
int intPort = 443;

Protocol tlsProtocol = new Protocol(PROTOCOL_TLS, ssf, intPort);

Protocol.registerProtocol(protocol, tlsProtocol);

// hard coded 60 seconds for this sample code
int timeoutMillis = 60000;

connection.setConnectionTimeout(timeoutMillis);
connection.setTimeout(timeoutMillis);

HttpClientParams hcp = new HttpClientParams();
hcp.setConnectionManagerTimeout(timeoutMillis);
connection.setParams(hcp);

HttpConnectionManager hcm = connection.getHttpConnectionManager();
HttpConnectionManagerParams hcmp = hcm.getParams();
hcmp.setConnectionTimeout(timeoutMillis);
hcmp.setSoTimeout(timeoutMillis);
hcm.setParams(hcmp);
connection.setHttpConnectionManager(hcm);

// For GET, append arguments to the URLstr
if (new GetMethod().getName().equals(sp.httpMethodName)) {
    sp.url += "?" + payloadData.toString();
}

if ( this.httpMethod == null ) {
    // see method source below...
    this.httpMethod = createHTTPMethodInstance(sp.httpMethodName, sp.url);
}

HttpMethodParams methodParams = new HttpMethodParams();
methodParams.setParameter(HttpMethodParams.RETRY_HANDLER, new NoRetryHandler());
methodParams.setSoTimeout(timeoutMillis);
httpMethod.setParams(methodParams);

if ( new PostMethod().getName().equals(sp.httpMethodName) ||
     new PatchMethod().getName().equals(sp.httpMethodName) ) {
    String content = payloadData.toString();

    // Set the content-length
    ((EntityEnclosingMethod)httpMethod).setRequestContentLength(content.length());
    ((EntityEnclosingMethod)httpMethod).setRequestBody(content);
}

int responseCode = connection.executeMethod(httpMethod);

String serverResponse = httpMethod.getResponseBodyAsString();


/////////////////////
/////////////////////

protected HttpMethod createHTTPMethodInstance(String httpMethodName, String url) throws TransportationException {
    if (new PostMethod().getName().equalsIgnoreCase(httpMethodName)) {
        return new PostMethod(url);
    } else if (new PatchMethod().getName().equalsIgnoreCase(httpMethodName)) {
        return new PatchMethod(url);
    } else if (new GetMethod().getName().equalsIgnoreCase(httpMethodName)) {
        return new GetMethod(url);
    } else {
        throw new TransportationException("unknown http method: ["+httpMethodName+"]");
    }
}


/////////////////////
/////////////////////

public static SSLSocketFactory getTLSSocketFactory(ExecutionContext ctx)
{
    log.debug("Entered getTLSSocketFactory");

    String tsfName = "default";

    TLSSocketFactory tsf = null;
    if ( tsfCache.containsKey(tsfName) ) {
        tsf = (TLSSocketFactory)tsfCache.get(tsfName);
    }

    if (tsf == null) {
        if ( ctx == null ) {
            throw new IllegalArgumentException("ctx can't be null");
        }

        ApplicationConfig cfg = ctx.getApplicationContext().getConfig();

        tsf = new TLSSocketFactory();
        tsf.setApplicationConfig(cfg);

        log.debug("Obtained TLSSocketFactory (" + tsf + " )");

        tsfCache.put(tsfName, tsf);
    } else {
        log.debug("Found an already-cached TSF for ["+tsfName+"]");
    }

    log.debug("returning TLSSocketFactory (" + tsf + ")");

    return tsf;
}   



On 2017-06-22 01:03 PM, Gaurav Tawale wrote:
Hi Daniel,

Thanks for sharing your files. I have integrated those files in my code.

Could you please share your file in which you have written webservice calling code.

I am just worried how to downgrade TSLSocketConnectionFactory to java 1.4


Thanks,
Gaurav Tawale



Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Daniel Manley
In reply to this post by Daniel Manley
ok - that makes sense.... you need to implement one of these from
TLSSocketFactory to satisfy what URLConnection does.  maybe put a
system.out in each to see which is called in your scenario. --

     public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException {
         throw new UnsupportedOperationException();
     }

     public Socket createSocket(String host, int port) throws
IOException, UnknownHostException {
         throw new UnsupportedOperationException();
     }

     public Socket createSocket(String host, int port, InetAddress
localAddress, int localPort)
             throws IOException, UnknownHostException {
         throw new UnsupportedOperationException();
     }

     public Socket createSocket(InetAddress host, int port) throws
IOException {
         throw new UnsupportedOperationException();
     }

     public Socket createSocket(InetAddress address, int port,
InetAddress localAddress, int localPort)
             throws IOException {
         throw new UnsupportedOperationException();
     }

I only implemented the single one used by HttpClient:

     public Socket createSocket(String host, int port, InetAddress
localAddress, int localPort,
             HttpConnectionParams params) throws IOException,
UnknownHostException {
         log.debug("Creating a new TLSSocket for " + host + ":" + port);
         return _createSocket(new Socket(host, port), host);
     }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:

> I got java Lang.unsupportedOperationException
>
> TLSSocketFactory.java 48
>
>
> I have an object of HTTPsURLConnection object.
>
> urlConnection.setSSLSocketFactory(new TLSSocketFactory());
>
>


Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Gaurav Tawale
sorry before reading your mail . I made some changes.

Now I am getting Runtimeexception
Export restrictions:this JSSE  implementation is non-pluggable


Thanks,
Gaurav Tawale


On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
ok - that makes sense.... you need to implement one of these from TLSSocketFactory to satisfy what URLConnection does.  maybe put a system.out in each to see which is called in your scenario. --

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

I only implemented the single one used by HttpClient:

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:
I got java Lang.unsupportedOperationException

TLSSocketFactory.java 48


I have an object of HTTPsURLConnection object.

urlConnection.setSSLSocketFactory(new TLSSocketFactory());



Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Daniel Manley
interesting ... have you looked at this?  https://community.oracle.com/thread/1535402

quote:
From the release notes here:

http://java.sun.com/j2se/1.4.1/docs/relnotes/features.html#security

this quote:

"The JSSE implementation provided in this release includes strong cipher suites. However, due to U.S. export control restrictions, this release does not allow alternate "pluggable" SSL/TLS implementations to be used. For more information, please see the JSSE Reference Guide."

I've not encountered that problem.  this is probably due to me using apache http client which avoid this restriction somehow.  We originally switched to apache http client because the built-in Sun URL and socket implementations had bugs in timeout in connections such that threads would hang forever trying to connect to servers behind firewalls, etc.  timeout were ignored.

Dan

On 2017-06-22 02:01 PM, Gaurav Tawale wrote:
sorry before reading your mail . I made some changes.

Now I am getting Runtimeexception
Export restrictions:this JSSE  implementation is non-pluggable


Thanks,
Gaurav Tawale


On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
ok - that makes sense.... you need to implement one of these from TLSSocketFactory to satisfy what URLConnection does.  maybe put a system.out in each to see which is called in your scenario. --

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

I only implemented the single one used by HttpClient:

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:
I got java Lang.unsupportedOperationException

TLSSocketFactory.java 48


I have an object of HTTPsURLConnection object.

urlConnection.setSSLSocketFactory(new TLSSocketFactory());




Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Gaurav Tawale
Can you send me your httpclient class 

I will try that in my code. you said that your code is working.You are running ur project on java 1.4 .right?

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
interesting ... have you looked at this?  https://community.oracle.com/thread/1535402

quote:
From the release notes here:

http://java.sun.com/j2se/1.4.1/docs/relnotes/features.html#security

this quote:

"The JSSE implementation provided in this release includes strong cipher suites. However, due to U.S. export control restrictions, this release does not allow alternate "pluggable" SSL/TLS implementations to be used. For more information, please see the JSSE Reference Guide."

I've not encountered that problem.  this is probably due to me using apache http client which avoid this restriction somehow.  We originally switched to apache http client because the built-in Sun URL and socket implementations had bugs in timeout in connections such that threads would hang forever trying to connect to servers behind firewalls, etc.  timeout were ignored.

Dan

On 2017-06-22 02:01 PM, Gaurav Tawale wrote:
sorry before reading your mail . I made some changes.

Now I am getting Runtimeexception
Export restrictions:this JSSE  implementation is non-pluggable


Thanks,
Gaurav Tawale


On Thursday, June 22, 2017, Daniel Manley <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;daniel@manley.name&#39;);" target="_blank">daniel@...> wrote:
ok - that makes sense.... you need to implement one of these from TLSSocketFactory to satisfy what URLConnection does.  maybe put a system.out in each to see which is called in your scenario. --

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

I only implemented the single one used by HttpClient:

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:
I got java Lang.unsupportedOperationException

TLSSocketFactory.java 48


I have an object of HTTPsURLConnection object.

urlConnection.setSSLSocketFactory(new TLSSocketFactory());




Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Daniel Manley
I am running java 1.4 -- take a look at one of my previous replies that showed usage of HttpClient

basically this one:  https://www.bouncycastle.org/devmailarchive/msg15298.html

Dan

On 2017-06-22 02:53 PM, Gaurav Tawale wrote:
Can you send me your httpclient class 

I will try that in my code. you said that your code is working.You are running ur project on java 1.4 .right?

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
interesting ... have you looked at this?  https://community.oracle.com/thread/1535402

quote:
From the release notes here:

http://java.sun.com/j2se/1.4.1/docs/relnotes/features.html#security

this quote:

"The JSSE implementation provided in this release includes strong cipher suites. However, due to U.S. export control restrictions, this release does not allow alternate "pluggable" SSL/TLS implementations to be used. For more information, please see the JSSE Reference Guide."

I've not encountered that problem.  this is probably due to me using apache http client which avoid this restriction somehow.  We originally switched to apache http client because the built-in Sun URL and socket implementations had bugs in timeout in connections such that threads would hang forever trying to connect to servers behind firewalls, etc.  timeout were ignored.

Dan

On 2017-06-22 02:01 PM, Gaurav Tawale wrote:
sorry before reading your mail . I made some changes.

Now I am getting Runtimeexception
Export restrictions:this JSSE  implementation is non-pluggable


Thanks,
Gaurav Tawale


On Thursday, June 22, 2017, Daniel Manley <<a moz-do-not-send="true" href="javascript:_e(%7B%7D,'cvml','daniel@manley.name');" target="_blank">daniel@...> wrote:
ok - that makes sense.... you need to implement one of these from TLSSocketFactory to satisfy what URLConnection does.  maybe put a system.out in each to see which is called in your scenario. --

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

I only implemented the single one used by HttpClient:

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:
I got java Lang.unsupportedOperationException

TLSSocketFactory.java 48


I have an object of HTTPsURLConnection object.

urlConnection.setSSLSocketFactory(new TLSSocketFactory());





Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Gaurav Tawale
Hi Daniel,

My code is 

HTTPsURLConnection urlconnection=null;
URL url = new URL("HTTPS://***");// my webservice URL I put * instead of actual URL
urlconnection= url.openconnection();
//Added all the request properties in urlconnection

urlconnection.setSSLSocketFactory(new  TLSSocketFactory());

InputStream ins= urlconnection.getInputStream();

//getting exception on above line
getting Export restriction: this JSSE implementation is non pluggable.


Thanks,
Gaurav Tawale

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
I am running java 1.4 -- take a look at one of my previous replies that showed usage of HttpClient

basically this one:  https://www.bouncycastle.org/devmailarchive/msg15298.html

Dan

On 2017-06-22 02:53 PM, Gaurav Tawale wrote:
Can you send me your httpclient class 

I will try that in my code. you said that your code is working.You are running ur project on java 1.4 .right?

On Thursday, June 22, 2017, Daniel Manley <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;daniel@manley.name&#39;);" target="_blank">daniel@...> wrote:
interesting ... have you looked at this?  https://community.oracle.com/thread/1535402

quote:
From the release notes here:

http://java.sun.com/j2se/1.4.1/docs/relnotes/features.html#security

this quote:

"The JSSE implementation provided in this release includes strong cipher suites. However, due to U.S. export control restrictions, this release does not allow alternate "pluggable" SSL/TLS implementations to be used. For more information, please see the JSSE Reference Guide."

I've not encountered that problem.  this is probably due to me using apache http client which avoid this restriction somehow.  We originally switched to apache http client because the built-in Sun URL and socket implementations had bugs in timeout in connections such that threads would hang forever trying to connect to servers behind firewalls, etc.  timeout were ignored.

Dan

On 2017-06-22 02:01 PM, Gaurav Tawale wrote:
sorry before reading your mail . I made some changes.

Now I am getting Runtimeexception
Export restrictions:this JSSE  implementation is non-pluggable


Thanks,
Gaurav Tawale


On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
ok - that makes sense.... you need to implement one of these from TLSSocketFactory to satisfy what URLConnection does.  maybe put a system.out in each to see which is called in your scenario. --

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

I only implemented the single one used by HttpClient:

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:
I got java Lang.unsupportedOperationException

TLSSocketFactory.java 48


I have an object of HTTPsURLConnection object.

urlConnection.setSSLSocketFactory(new TLSSocketFactory());





Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Gaurav Tawale
In reply to this post by Daniel Manley
Hi Daniel ,

I have gone thorugh your https client code but it has some variables which I did not find any reference like tsfcache.

Actualluly I am running my code in simple java programme. Using main method .

It will be helpful if you give me full code.
Thanks for your help

Gaurav

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
I am running java 1.4 -- take a look at one of my previous replies that showed usage of HttpClient

basically this one:  https://www.bouncycastle.org/devmailarchive/msg15298.html

Dan

On 2017-06-22 02:53 PM, Gaurav Tawale wrote:
Can you send me your httpclient class 

I will try that in my code. you said that your code is working.You are running ur project on java 1.4 .right?

On Thursday, June 22, 2017, Daniel Manley <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;daniel@manley.name&#39;);" target="_blank">daniel@...> wrote:
interesting ... have you looked at this?  https://community.oracle.com/thread/1535402

quote:
From the release notes here:

http://java.sun.com/j2se/1.4.1/docs/relnotes/features.html#security

this quote:

"The JSSE implementation provided in this release includes strong cipher suites. However, due to U.S. export control restrictions, this release does not allow alternate "pluggable" SSL/TLS implementations to be used. For more information, please see the JSSE Reference Guide."

I've not encountered that problem.  this is probably due to me using apache http client which avoid this restriction somehow.  We originally switched to apache http client because the built-in Sun URL and socket implementations had bugs in timeout in connections such that threads would hang forever trying to connect to servers behind firewalls, etc.  timeout were ignored.

Dan

On 2017-06-22 02:01 PM, Gaurav Tawale wrote:
sorry before reading your mail . I made some changes.

Now I am getting Runtimeexception
Export restrictions:this JSSE  implementation is non-pluggable


Thanks,
Gaurav Tawale


On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
ok - that makes sense.... you need to implement one of these from TLSSocketFactory to satisfy what URLConnection does.  maybe put a system.out in each to see which is called in your scenario. --

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

I only implemented the single one used by HttpClient:

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:
I got java Lang.unsupportedOperationException

TLSSocketFactory.java 48


I have an object of HTTPsURLConnection object.

urlConnection.setSSLSocketFactory(new TLSSocketFactory());





Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Daniel Manley
In reply to this post by Gaurav Tawale
right -- I replied earlier with that forum link with people discussing that you can't plug in new JSSE code (bouncycastle) into Sun-based URLConnection code.  You'll have to use something like apache's HttpClient.

Dan

On 2017-06-23 5:23 AM, Gaurav Tawale wrote:
Hi Daniel,

My code is 

HTTPsURLConnection urlconnection=null;
URL url = new URL("HTTPS://***");// my webservice URL I put * instead of actual URL
urlconnection= url.openconnection();
//Added all the request properties in urlconnection

urlconnection.setSSLSocketFactory(new  TLSSocketFactory());

InputStream ins= urlconnection.getInputStream();

//getting exception on above line
getting Export restriction: this JSSE implementation is non pluggable.


Thanks,
Gaurav Tawale

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
I am running java 1.4 -- take a look at one of my previous replies that showed usage of HttpClient

basically this one:  https://www.bouncycastle.org/devmailarchive/msg15298.html

Dan

On 2017-06-22 02:53 PM, Gaurav Tawale wrote:
Can you send me your httpclient class 

I will try that in my code. you said that your code is working.You are running ur project on java 1.4 .right?

On Thursday, June 22, 2017, Daniel Manley <<a href="javascript:_e(%7B%7D,'cvml','daniel@manley.name');" target="_blank" moz-do-not-send="true">daniel@...> wrote:
interesting ... have you looked at this?  https://community.oracle.com/thread/1535402

quote:
From the release notes here:

http://java.sun.com/j2se/1.4.1/docs/relnotes/features.html#security

this quote:

"The JSSE implementation provided in this release includes strong cipher suites. However, due to U.S. export control restrictions, this release does not allow alternate "pluggable" SSL/TLS implementations to be used. For more information, please see the JSSE Reference Guide."

I've not encountered that problem.  this is probably due to me using apache http client which avoid this restriction somehow.  We originally switched to apache http client because the built-in Sun URL and socket implementations had bugs in timeout in connections such that threads would hang forever trying to connect to servers behind firewalls, etc.  timeout were ignored.

Dan

On 2017-06-22 02:01 PM, Gaurav Tawale wrote:
sorry before reading your mail . I made some changes.

Now I am getting Runtimeexception
Export restrictions:this JSSE  implementation is non-pluggable


Thanks,
Gaurav Tawale


On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
ok - that makes sense.... you need to implement one of these from TLSSocketFactory to satisfy what URLConnection does.  maybe put a system.out in each to see which is called in your scenario. --

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

I only implemented the single one used by HttpClient:

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:
I got java Lang.unsupportedOperationException

TLSSocketFactory.java 48


I have an object of HTTPsURLConnection object.

urlConnection.setSSLSocketFactory(new TLSSocketFactory());






Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Daniel Manley
In reply to this post by Gaurav Tawale
Hey Gaurav,

right -- just keep pairing down the code to strip out these variables.  tsfcache, for instance, is a static cache of tls factories because they are too expensive to create for each new connection.  and yes, that cache probably hold just one instance.  it was modeled on our other factory cache, etc etc etc....

unfortunately, I can't provide a complete independent working sample right now.  I won't have time until next week.  keep pairing down the code and remove variables and cruft I created and you'll get a working sample.  if you're still stuck by next week, let me know.

Dan


On 2017-06-23 7:18 AM, Gaurav Tawale wrote:
Hi Daniel ,

I have gone thorugh your https client code but it has some variables which I did not find any reference like tsfcache.

Actualluly I am running my code in simple java programme. Using main method .

It will be helpful if you give me full code.
Thanks for your help

Gaurav

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
I am running java 1.4 -- take a look at one of my previous replies that showed usage of HttpClient

basically this one:  https://www.bouncycastle.org/devmailarchive/msg15298.html

Dan

On 2017-06-22 02:53 PM, Gaurav Tawale wrote:
Can you send me your httpclient class 

I will try that in my code. you said that your code is working.You are running ur project on java 1.4 .right?

On Thursday, June 22, 2017, Daniel Manley <<a href="javascript:_e(%7B%7D,'cvml','daniel@manley.name');" target="_blank" moz-do-not-send="true">daniel@...> wrote:
interesting ... have you looked at this?  https://community.oracle.com/thread/1535402

quote:
From the release notes here:

http://java.sun.com/j2se/1.4.1/docs/relnotes/features.html#security

this quote:

"The JSSE implementation provided in this release includes strong cipher suites. However, due to U.S. export control restrictions, this release does not allow alternate "pluggable" SSL/TLS implementations to be used. For more information, please see the JSSE Reference Guide."

I've not encountered that problem.  this is probably due to me using apache http client which avoid this restriction somehow.  We originally switched to apache http client because the built-in Sun URL and socket implementations had bugs in timeout in connections such that threads would hang forever trying to connect to servers behind firewalls, etc.  timeout were ignored.

Dan

On 2017-06-22 02:01 PM, Gaurav Tawale wrote:
sorry before reading your mail . I made some changes.

Now I am getting Runtimeexception
Export restrictions:this JSSE  implementation is non-pluggable


Thanks,
Gaurav Tawale


On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
ok - that makes sense.... you need to implement one of these from TLSSocketFactory to satisfy what URLConnection does.  maybe put a system.out in each to see which is called in your scenario. --

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

I only implemented the single one used by HttpClient:

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:
I got java Lang.unsupportedOperationException

TLSSocketFactory.java 48


I have an object of HTTPsURLConnection object.

urlConnection.setSSLSocketFactory(new TLSSocketFactory());






Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Gaurav Tawale
Hi Daniel,

If possible,
Could you please provide working code for httpclient.

I am struggling with HTtpurlconnection .



Thanks,
Gaurav Tawale

On Friday, June 23, 2017, Daniel Manley <[hidden email]> wrote:
Hey Gaurav,

right -- just keep pairing down the code to strip out these variables.  tsfcache, for instance, is a static cache of tls factories because they are too expensive to create for each new connection.  and yes, that cache probably hold just one instance.  it was modeled on our other factory cache, etc etc etc....

unfortunately, I can't provide a complete independent working sample right now.  I won't have time until next week.  keep pairing down the code and remove variables and cruft I created and you'll get a working sample.  if you're still stuck by next week, let me know.

Dan


On 2017-06-23 7:18 AM, Gaurav Tawale wrote:
Hi Daniel ,

I have gone thorugh your https client code but it has some variables which I did not find any reference like tsfcache.

Actualluly I am running my code in simple java programme. Using main method .

It will be helpful if you give me full code.
Thanks for your help

Gaurav

On Thursday, June 22, 2017, Daniel Manley <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;daniel@manley.name&#39;);" target="_blank">daniel@...> wrote:
I am running java 1.4 -- take a look at one of my previous replies that showed usage of HttpClient

basically this one:  https://www.bouncycastle.org/devmailarchive/msg15298.html

Dan

On 2017-06-22 02:53 PM, Gaurav Tawale wrote:
Can you send me your httpclient class 

I will try that in my code. you said that your code is working.You are running ur project on java 1.4 .right?

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
interesting ... have you looked at this?  https://community.oracle.com/thread/1535402

quote:
From the release notes here:

http://java.sun.com/j2se/1.4.1/docs/relnotes/features.html#security

this quote:

"The JSSE implementation provided in this release includes strong cipher suites. However, due to U.S. export control restrictions, this release does not allow alternate "pluggable" SSL/TLS implementations to be used. For more information, please see the JSSE Reference Guide."

I've not encountered that problem.  this is probably due to me using apache http client which avoid this restriction somehow.  We originally switched to apache http client because the built-in Sun URL and socket implementations had bugs in timeout in connections such that threads would hang forever trying to connect to servers behind firewalls, etc.  timeout were ignored.

Dan

On 2017-06-22 02:01 PM, Gaurav Tawale wrote:
sorry before reading your mail . I made some changes.

Now I am getting Runtimeexception
Export restrictions:this JSSE  implementation is non-pluggable


Thanks,
Gaurav Tawale


On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
ok - that makes sense.... you need to implement one of these from TLSSocketFactory to satisfy what URLConnection does.  maybe put a system.out in each to see which is called in your scenario. --

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

I only implemented the single one used by HttpClient:

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:
I got java Lang.unsupportedOperationException

TLSSocketFactory.java 48


I have an object of HTTPsURLConnection object.

urlConnection.setSSLSocketFactory(new TLSSocketFactory());






Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Gaurav Tawale
Thanks Daniel. Thanks for your help.

I am able to integrate httpmethod in my code.

Thanks,
Saurav Tawale

On Monday, June 26, 2017, Gaurav Tawale <[hidden email]> wrote:
Hi Daniel,

If possible,
Could you please provide working code for httpclient.

I am struggling with HTtpurlconnection .



Thanks,
Gaurav Tawale

On Friday, June 23, 2017, Daniel Manley <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;daniel@manley.name&#39;);" target="_blank">daniel@...> wrote:
Hey Gaurav,

right -- just keep pairing down the code to strip out these variables.  tsfcache, for instance, is a static cache of tls factories because they are too expensive to create for each new connection.  and yes, that cache probably hold just one instance.  it was modeled on our other factory cache, etc etc etc....

unfortunately, I can't provide a complete independent working sample right now.  I won't have time until next week.  keep pairing down the code and remove variables and cruft I created and you'll get a working sample.  if you're still stuck by next week, let me know.

Dan


On 2017-06-23 7:18 AM, Gaurav Tawale wrote:
Hi Daniel ,

I have gone thorugh your https client code but it has some variables which I did not find any reference like tsfcache.

Actualluly I am running my code in simple java programme. Using main method .

It will be helpful if you give me full code.
Thanks for your help

Gaurav

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
I am running java 1.4 -- take a look at one of my previous replies that showed usage of HttpClient

basically this one:  https://www.bouncycastle.org/devmailarchive/msg15298.html

Dan

On 2017-06-22 02:53 PM, Gaurav Tawale wrote:
Can you send me your httpclient class 

I will try that in my code. you said that your code is working.You are running ur project on java 1.4 .right?

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
interesting ... have you looked at this?  https://community.oracle.com/thread/1535402

quote:
From the release notes here:

http://java.sun.com/j2se/1.4.1/docs/relnotes/features.html#security

this quote:

"The JSSE implementation provided in this release includes strong cipher suites. However, due to U.S. export control restrictions, this release does not allow alternate "pluggable" SSL/TLS implementations to be used. For more information, please see the JSSE Reference Guide."

I've not encountered that problem.  this is probably due to me using apache http client which avoid this restriction somehow.  We originally switched to apache http client because the built-in Sun URL and socket implementations had bugs in timeout in connections such that threads would hang forever trying to connect to servers behind firewalls, etc.  timeout were ignored.

Dan

On 2017-06-22 02:01 PM, Gaurav Tawale wrote:
sorry before reading your mail . I made some changes.

Now I am getting Runtimeexception
Export restrictions:this JSSE  implementation is non-pluggable


Thanks,
Gaurav Tawale


On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
ok - that makes sense.... you need to implement one of these from TLSSocketFactory to satisfy what URLConnection does.  maybe put a system.out in each to see which is called in your scenario. --

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

I only implemented the single one used by HttpClient:

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:
I got java Lang.unsupportedOperationException

TLSSocketFactory.java 48


I have an object of HTTPsURLConnection object.

urlConnection.setSSLSocketFactory(new TLSSocketFactory());






Reply | Threaded
Open this post in threaded view
|

Re: Need help to use TLSv1.2 in java 1.4

Daniel Manley
hey Saurav,

that's great news!  glad you were able to get it working.  Cheers!

Dan


On 2017-06-26 11:23 AM, Gaurav Tawale wrote:
Thanks Daniel. Thanks for your help.

I am able to integrate httpmethod in my code.

Thanks,
Saurav Tawale

On Monday, June 26, 2017, Gaurav Tawale <[hidden email]> wrote:
Hi Daniel,

If possible,
Could you please provide working code for httpclient.

I am struggling with HTtpurlconnection .



Thanks,
Gaurav Tawale

On Friday, June 23, 2017, Daniel Manley <<a href="javascript:_e(%7B%7D,'cvml','daniel@manley.name');" target="_blank" moz-do-not-send="true">daniel@...> wrote:
Hey Gaurav,

right -- just keep pairing down the code to strip out these variables.  tsfcache, for instance, is a static cache of tls factories because they are too expensive to create for each new connection.  and yes, that cache probably hold just one instance.  it was modeled on our other factory cache, etc etc etc....

unfortunately, I can't provide a complete independent working sample right now.  I won't have time until next week.  keep pairing down the code and remove variables and cruft I created and you'll get a working sample.  if you're still stuck by next week, let me know.

Dan


On 2017-06-23 7:18 AM, Gaurav Tawale wrote:
Hi Daniel ,

I have gone thorugh your https client code but it has some variables which I did not find any reference like tsfcache.

Actualluly I am running my code in simple java programme. Using main method .

It will be helpful if you give me full code.
Thanks for your help

Gaurav

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
I am running java 1.4 -- take a look at one of my previous replies that showed usage of HttpClient

basically this one:  https://www.bouncycastle.org/devmailarchive/msg15298.html

Dan

On 2017-06-22 02:53 PM, Gaurav Tawale wrote:
Can you send me your httpclient class 

I will try that in my code. you said that your code is working.You are running ur project on java 1.4 .right?

On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
interesting ... have you looked at this?  https://community.oracle.com/thread/1535402

quote:
From the release notes here:

http://java.sun.com/j2se/1.4.1/docs/relnotes/features.html#security

this quote:

"The JSSE implementation provided in this release includes strong cipher suites. However, due to U.S. export control restrictions, this release does not allow alternate "pluggable" SSL/TLS implementations to be used. For more information, please see the JSSE Reference Guide."

I've not encountered that problem.  this is probably due to me using apache http client which avoid this restriction somehow.  We originally switched to apache http client because the built-in Sun URL and socket implementations had bugs in timeout in connections such that threads would hang forever trying to connect to servers behind firewalls, etc.  timeout were ignored.

Dan

On 2017-06-22 02:01 PM, Gaurav Tawale wrote:
sorry before reading your mail . I made some changes.

Now I am getting Runtimeexception
Export restrictions:this JSSE  implementation is non-pluggable


Thanks,
Gaurav Tawale


On Thursday, June 22, 2017, Daniel Manley <[hidden email]> wrote:
ok - that makes sense.... you need to implement one of these from TLSSocketFactory to satisfy what URLConnection does.  maybe put a system.out in each to see which is called in your scenario. --

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort)
            throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
            throws IOException {
        throw new UnsupportedOperationException();
    }

I only implemented the single one used by HttpClient:

    public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
            HttpConnectionParams params) throws IOException, UnknownHostException {
        log.debug("Creating a new TLSSocket for " + host + ":" + port);
        return _createSocket(new Socket(host, port), host);
    }



On 2017-06-22 01:43 PM, Gaurav Tawale wrote:
I got java Lang.unsupportedOperationException

TLSSocketFactory.java 48


I have an object of HTTPsURLConnection object.

urlConnection.setSSLSocketFactory(new TLSSocketFactory());