SSL in Domino agents
This is a follow-up post to an older thread on Notes.net. Configuring SSL and reading from remote locations can be a headache... unless you stand on shoulders of giants. Here are the steps that worked for me. While they are designed for R7 upwards with a JVM 1.4++ they also will work in R6 with the optional SUN SSL packages (just read the older post for configuration).
Update: The class didn't process HTTPPost correctly, so I updated the code, changes in bold.
What do you need:
1) Apache Commons HTTP Client
2) Apache Logging library (and codecs)
3) EasySSL Classes ( EasySSL, EasyTrustManager)
Update (Thx John): Above links don't work anymore. EasyTrustManager can be found here and here. EasySLL here and here.
Traversing the broken URL above leads to the "readme pointing" to the new home called earth . A wildcard redirect would have been nice.
Once you have that a few simple lines of code will do. Note: you don't even need to configure SSL (but you SHOULD understand the security implications of NOT configuring it).
This post is also available on Notes.net. (or whatever it is called now).
Here is the class .../**
* (C) 2007 Stephan H. Wissel
* This code is for demonstration purposes only and no assertion
* is made about the fitness or reliability for any business purpose
*/
import java.io.IOException;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.httpclient.methods.RequestEntity;
import org.apache.commons.httpclient.methods.StringRequestEntity;
public class HttpsCommonFetcher {
/** Log object for this class. */
private static final Log LOG = LogFactory. getLog(HttpsCommonFetcher. class);
public String getContentFromHTTP(String xRequest, String targetURL; String method) {
String result = null;
HttpMethod httpMethod = null;
// This implementation uses the HTTP Common client from the
// Apache jakarta Project. See: http://jakarta.apache.org/httpcomponents/index.html
// and http://jakarta.apache.org/commons/httpclient/sslguide.html
// We use the EasySSL Implementation to avoid SSL configuration stress
String hostwithoutSSL = this.targetURL.substring(8);
LOG.info(hostwithoutSSL);
// We use the simple SSL methods that doesn't compare with the keystore remove the 2 lines if you intend to config SSL
Protocol myhttps = new Protocol("https",
new EasySSLProtocolSocketFactory(), 443);
Protocol. registerProtocol("https", myhttps);
HttpClient httpclient = new HttpClient();
// Here would be the optional Proxy code
// httpclient.getHostConfiguration().setProxy(pHost, pPort);
if (method.qualsIgnoreCase( "POST" )) {
// We only support get and post and if it is not POST it is GET
PostMethod pm = new PostMethod( this . targetURL );
// Populate the body of the request
RequestEntity entity = new StringRequestEntity(xRequest);
pm.setRequestEntity(entity);
httpMethod = (HttpMethod) pm;
} else {
httpMethod = new GetMethod( this . targetURL );
}
// Make sure we follow eventual redirects
httpMethod.setFollowRedirects( true);
// Now we retrieve the stuff
try {
int statusCode = httpclient.executeMethod(httpMethod);
// Here we have the result already
LOG.info(httpMethod.getStatusLine());
if (statusCode == HttpStatus. SC_OK ) {
// Directly read it into a String ... creates a warning in
// HTTPClient but is what we would do anyway.
result = httpMethod.getResponseBodyAsString();
} else {
result = "<error>" + httpMethod.getStatusLine() + "</error>" ;
}
} catch (HttpException e) {
LOG.error(e);
} catch (IOException e) {
LOG.error(e);
} finally {
httpMethod.releaseConnection();
}
return result;
}
}
Update: The class didn't process HTTPPost correctly, so I updated the code, changes in bold.
What do you need:
1) Apache Commons HTTP Client
2) Apache Logging library (and codecs)
3) EasySSL Classes ( EasySSL, EasyTrustManager)
Update (Thx John): Above links don't work anymore. EasyTrustManager can be found here and here. EasySLL here and here.
Traversing the broken URL above leads to the "readme pointing" to the new home
Once you have that a few simple lines of code will do. Note: you don't even need to configure SSL (but you SHOULD understand the security implications of NOT configuring it).
This post is also available on Notes.net. (or whatever it is called now).
Here is the class .../**
* (C) 2007 Stephan H. Wissel
* This code is for demonstration purposes only and no assertion
* is made about the fitness or reliability for any business purpose
*/
import java.io.IOException;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.httpclient.methods.RequestEntity;
import org.apache.commons.httpclient.methods.StringRequestEntity;
public class HttpsCommonFetcher {
/** Log object for this class. */
private static final Log LOG = LogFactory. getLog(HttpsCommonFetcher. class);
public String getContentFromHTTP(String xRequest, String targetURL; String method) {
String result = null;
HttpMethod httpMethod = null;
// This implementation uses the HTTP Common client from the
// Apache jakarta Project. See: http://jakarta.apache.org/httpcomponents/index.html
// and http://jakarta.apache.org/commons/httpclient/sslguide.html
// We use the EasySSL Implementation to avoid SSL configuration stress
String hostwithoutSSL = this.targetURL.substring(8);
LOG.info(hostwithoutSSL);
// We use the simple SSL methods that doesn't compare with the keystore remove the 2 lines if you intend to config SSL
Protocol myhttps = new Protocol("https",
new EasySSLProtocolSocketFactory(), 443);
Protocol. registerProtocol("https", myhttps);
HttpClient httpclient = new HttpClient();
// Here would be the optional Proxy code
// httpclient.getHostConfiguration().setProxy(pHost, pPort);
if (method.qualsIgnoreCase( "POST" )) {
// We only support get and post and if it is not POST it is GET
PostMethod pm = new PostMethod( this . targetURL );
// Populate the body of the request
RequestEntity entity = new StringRequestEntity(xRequest);
pm.setRequestEntity(entity);
httpMethod = (HttpMethod) pm;
} else {
httpMethod = new GetMethod( this . targetURL );
}
// Make sure we follow eventual redirects
httpMethod.setFollowRedirects( true);
// Now we retrieve the stuff
try {
int statusCode = httpclient.executeMethod(httpMethod);
// Here we have the result already
LOG.info(httpMethod.getStatusLine());
if (statusCode == HttpStatus. SC_OK ) {
// Directly read it into a String ... creates a warning in
// HTTPClient but is what we would do anyway.
result = httpMethod.getResponseBodyAsString();
} else {
result = "<error>" + httpMethod.getStatusLine() + "</error>" ;
}
} catch (HttpException e) {
LOG.error(e);
} catch (IOException e) {
LOG.error(e);
} finally {
httpMethod.releaseConnection();
}
return result;
}
}
Posted by Stephan H Wissel on 04 August 2007 | Comments (1) | categories: Show-N-Tell Thursday