Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to execute a https GET request from java

Tags:

java

https

get

I wrote a Java client which executes http GET requests without any problem. Now I want to modify this client in order to execute https GET requests.

import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;

private String executeGet(final String url, String proxy, int port)
        throws IOException, RequestUnsuccesfulException, InvalidParameterException {

    CloseableHttpClient httpclient = null;
    String ret = "";
    RequestConfig config;

    try {                       
        String hostname = extractHostname(url);
        logger.info("Hostname {}", hostname);

        HttpHost target = new HttpHost(hostname, 80, null);

        HttpHost myProxy = new HttpHost(proxy, port, "http");
        CredentialsProvider credsProvider = new BasicCredentialsProvider();
        credsProvider.setCredentials(
                AuthScope.ANY,
                new UsernamePasswordCredentials(USERNAME, PASSWORD));

        httpclient = HttpClients.custom().setDefaultCredentialsProvider(credsProvider).build();         
        config = RequestConfig.custom().setProxy(myProxy).build();


        HttpGet request = new HttpGet(url);
        request.setConfig(config);
        CloseableHttpResponse response = httpclient.execute(target, request);

        ...

I was expecting an easy modification like using HttpsGet instead of HttpGet but no, there is no HttpsGet class available.

What is the easiest way to modify this method in order to handle https GET requests?

like image 939
Luixv Avatar asked Oct 15 '14 22:10

Luixv


People also ask

How do I send a https request?

Under HTTP request settings: Enter a URL in the field provided. Select either Use HTTP GET or Use HTTP POST. Enter HTTPS instead of HTTP in the URL to send the information using HTTPS.


1 Answers

this is my quick and dirty https client in Java, that ignores invalid certificates and authenticates using BASIC

import java.io.IOException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

    public static HttpsURLConnection getConnection(boolean ignoreInvalidCertificate, String user, String pass, HttpRequestMethod httpRequestMethod, URL url) throws KeyManagementException, NoSuchAlgorithmException, IOException{
        SSLContext ctx = SSLContext.getInstance("TLS");
        if (ignoreInvalidCertificate){
            ctx.init(null, new TrustManager[] { new InvalidCertificateTrustManager() }, null);  
        }       
        SSLContext.setDefault(ctx);

        String authStr = user+":"+pass;
        String authEncoded = Base64.encodeBytes(authStr.getBytes());

        HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();

        connection.setRequestMethod("GET");
        connection.setDoOutput(true);
        connection.setRequestProperty("Authorization", "Basic " + authEncoded);     

        if (ignoreInvalidCertificate){
            connection.setHostnameVerifier(new InvalidCertificateHostVerifier());
        }

        return connection;
    }

--

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;

public class InvalidCertificateHostVerifier implements HostnameVerifier{
    @Override
    public boolean verify(String paramString, SSLSession paramSSLSession) {
        return true;
    }
}

--

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.X509TrustManager;

/**
 * ignore invalid Https certificate from OPAM
 * <p>see http://javaskeleton.blogspot.com.br/2011/01/avoiding-sunsecurityvalidatorvalidatore.html
 */
public class InvalidCertificateTrustManager implements X509TrustManager{
    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @Override
    public void checkServerTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString) throws CertificateException {

    }

    @Override
    public void checkClientTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString) throws CertificateException {
    }
}

maybe it's something you can start with.

of course, since you have the connection, you can retrieve the response contents using

InputStream content = (InputStream) connection.getInputStream();
like image 101
Leo Avatar answered Oct 09 '22 14:10

Leo