Menu
What are the differences if I try to connect to an "https" using HttpURLConnection and HttpsURLConnection?
I was able to connect to "https" using both HttpURLConnection and HttpsURLConnection so I am confused. I thought I can only establish a connection to an "https" if I used HttpsURLConnection?
Below are some of my questions:
SSLSocketFactory and HostnameVerifier on my HttpURLConnection while connecting to an "https", what SSLSocketFactory and HostnameVerifier am I using?
991
HttpsURLConnection extends HttpURLConnection with support for https-specific features. A URLConnection with support for HTTP-specific features.
Therefore, if you want to create an HTTPS connection from within your applet code, simply specify HTTPS as your protocol when creating an instance of the URL class: URL url = new URL("https://[your server]");
The method is used to enable streaming of a HTTP request body without internal buffering, when the content length is not known in advance. It sets whether HTTP redirects (requests with response code) should be automatically followed by HttpURLConnection class.
URLConnection is the base class. HttpURLConnection is a derived class which you can use when you need the extra API and you are dealing with HTTP or HTTPS only. HttpsURLConnection is a 'more derived' class which you can use when you need the 'more extra' API and you are dealing with HTTPS only.
I just wrote some code as a test (see all the way below). What ends up happening is the URL.openConnection() call will give you back a libcore.net.http.HttpsURLConnectionImpl class.
This is an implementation of HttpsURLConnection but HttpsURLConnection inherits from HttpURLConnection. So you're seeing polymorphism at work.
Looking further into the debugger it appears that the class is using the default factory methods.
hostnameVerifier = javax.net.ssl.DefaultHostnameVerifier
sslSocketFactory = org.apache.harmony.xnet.provider.jsse.OpenSSLSocketFactoryImpl
Based on this it looks like the default behaviors are being used. I don't know if that means if you're trusting everything but you are definitely establishing an HTTPS connection.
The documentation kinda hints at the connection will auto-trust CAs that are well known but not self-signed. (see below) I did not test this but they have example code on how to accomplish that here.
If an application wants to trust Certificate Authority (CA) certificates that are not part of the system, it should specify its own X509TrustManager via a SSLSocketFactory set on the HttpsURLConnection.
Runnable r = new Runnable() { public void run() { try { URL test = new URL("https://www.google.com/"); HttpURLConnection connection = (HttpURLConnection) test.openConnection(); InputStream is = connection.getInputStream(); StringWriter sw = new StringWriter(); String value = new java.util.Scanner(is).useDelimiter("\\A").next(); Log.w("GOOGLE", value); } catch(Exception e) { Log.e("Test", e.getMessage()); } } }; Thread t = new Thread(r); t.start(); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
