Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using BouncyCastle for a simple HTTPS query

Tags:

java

https

ssl

jce

bouncycastle

Here's a simplified version of the code I'm using to perform simple HTTPS requests:

// Assume the variables host, file and postData have valid String values

final URL url = new URL("https", host, file);
final HttpURLConnection connection = (HttpURLConnection) url.openConnection();

connection.setRequestMethod("POST");
connection.setDoInput(true);
connection.setDoOutput(true);
connection.setRequestProperty("Content-length", String.valueOf(postData.length()));

final DataOutputStream output = new DataOutputStream(connection.getOutputStream());
output.writeBytes(postData);
output.close();

final InputStream input = new DataInputStream(connection.getInputStream());

for (int c = input.read(); c != -1; c = input.read()) {
  System.out.print((char) c);
}

System.out.println();

input.close();

This used to work well for connecting to our server (and still does if I use http as the protocol) until recently when some security upgrades were done.

Now it's giving me the "Could not generate DH keypair" and "Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)" errors mentioned in this question:

Java: Why does SSL handshake give 'Could not generate DH keypair' exception?

Turns out it's a known bug in Java and the recommendation is to use BouncyCastle's JCE implementation.

My question is... how do I use BouncyCastle for something like this? Or are there more alternatives?

Disclaimer: I have very little knowledge of and interest in cryptology and the underlying technology that makes HTTPS queries possible. Rather, I'd prefer to focus on my application logic and let various libraries take care of low level issues.

I checked out the BouncyCastle website and documentation and Googled to find out more about JCE etc, but all in all it's quite overwhelming and I haven't been able to find any simple code examples for doing something like the above code.

like image 853
mjomble Avatar asked Nov 17 '11 17:11

mjomble

1 Answers

The following sample code uses jdk1.6.0_45 and bcprov-jdk15on-153.jar to perform simple https query:

import java.io.IOException;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.Socket;

import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsClientProtocol;
import org.bouncycastle.crypto.tls.TlsCredentials;

public class TestHttpClient {
    // Reference: http://boredwookie.net/index.php/blog/how-to-use-bouncy-castle-lightweight-api-s-tlsclient/
    //            bcprov-jdk15on-153.tar\src\org\bouncycastle\crypto\tls\test\TlsClientTest.java
    public static void main(String[] args) throws Exception {
        java.security.SecureRandom secureRandom = new java.security.SecureRandom();
        Socket socket = new Socket(java.net.InetAddress.getByName("www.google.com"), 443);
        TlsClientProtocol protocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(),secureRandom);
        DefaultTlsClient client = new DefaultTlsClient() {
            public TlsAuthentication getAuthentication() throws IOException {
                TlsAuthentication auth = new TlsAuthentication() {
                    // Capture the server certificate information!
                    public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate serverCertificate) throws IOException {
                    }

                    public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                        return null;
                    }
                };
                return auth;
            }
        };
        protocol.connect(client);

        java.io.OutputStream output = protocol.getOutputStream();
        output.write("GET / HTTP/1.1\r\n".getBytes("UTF-8"));
        output.write("Host: www.google.com\r\n".getBytes("UTF-8"));
        output.write("Connection: close\r\n".getBytes("UTF-8")); // So the server will close socket immediately.
        output.write("\r\n".getBytes("UTF-8")); // HTTP1.1 requirement: last line must be empty line.
        output.flush();

        java.io.InputStream input = protocol.getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(input));
        String line;
        while ((line = reader.readLine()) != null)
        {
            System.out.println(line);
        }
    }
}
like image 138
oraclesoon Avatar answered Sep 28 '22 17:09

oraclesoon
Sign in to Comment

Related questions

Swing shows empty tooltips, how to disable this?
Simple Java Graphing API for use in Vaadin Web App
How to replace content of grid cell in SWT GridLayout?
How to write the "to the power" and some text like as shown in Java or Android?
Single line JTextArea
Keep highlite list item with SimpleCursorAdapter
Send mail from JSF page using beans
division of bigdecimal by integer
Advanced array sorting/re-arranging in Java
Comparison between GWT and Spring MVC
Java Encrypted Memory Class Loader
Same names of enum and variable
programming Spring MVC controller and jsp for HttpDelete
How to open browser after the run button clicked in Intellij Idea CE?
Java code coverage without instrumentation
Does android work with JRE 7?
JAXB unmarshal returning null values for attributes
List all sequences in HsqlDB 1.8
How best to specify a Protobuf for use with Netty (preferably using the built-in protobuf support)
Does anyone use Java-config for Spring framework now?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!