Unwanted use of weblogic.net.http.HttpURLConnection - Weblogic

This is a discussion on Unwanted use of weblogic.net.http.HttpURLConnection - Weblogic ; The following problem is ruining an otherwise nice Memorial Day weekend. I'm working in Visual Age on a piece of code that has nothing to do with WebLogic, though I do have the WebLogic integration kit installed: System.setProperty( "java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); ...

+ Reply to Thread
Results 1 to 3 of 3

Unwanted use of weblogic.net.http.HttpURLConnection

  1. Default Unwanted use of weblogic.net.http.HttpURLConnection

    The following problem is ruining an otherwise nice Memorial Day weekend.

    I'm working in Visual Age on a piece of code that has nothing to do with
    WebLogic, though I do have the WebLogic integration kit installed:

    System.setProperty( "java.protocol.handler.pkgs",
    "com.sun.net.ssl.internal.www.protocol");
    java.security.Security.addProvider(new
    com.sun.net.ssl.internal.ssl.Provider());

    java.net.URL oUrl;
    try
    {

    urlString =3D URLUtil.normalizeURL(urlString);
    oUrl =3D new java.net.URL(urlString);

    ContentData initialContentData =3D new ContentData();

    InputStreamReader b =3D new InputStreamReader(oUrl.openStream());

    ......


    I'm using the Java JSSE kit to allow me to access https secure websites.
    However, when I run the above code I get the following error stack trace
    (please see additional text after the error message -- sorry it is so long)

    java.io.IOException: Certificate not valid:
    fingerprint =3D 115632b0c42739458d5cf441895f1c72, not before =3D Wed Nov 0=
    9
    18:54:17 EST 1994, not after =3D Fri Dec 31 18:54:17 EST 1999, holder =3D C=
    =3DUS
    O=3DRSA Data Security, Inc. OU=3DSecure Server Certification Authority , is=
    suer
    =3D C=3DUS O=3DRSA Data Security, Inc. OU=3DSecure Server Certification Aut=
    hority ,
    key =3D modulus length=3D126 exponent length=3D3
    java.lang.Throwable(java.lang.String)
    java.lang.Exception(java.lang.String)
    java.io.IOException(java.lang.String)
    void weblogic.security.SSL.SSLCertificate.verify()
    void weblogic.security.SSL.SSLCertificate.input(java.io.InputStream)
    void weblogic.security.SSL.Handshake.input(java.io.InputStream)
    weblogic.security.SSL.Handshake
    weblogic.security.SSL.SSLSocket.getHandshake()
    void weblogic.security.SSL.SSLSocket.clientInit()
    void weblogic.security.SSL.SSLSocket.initialize(java.net.Socket, boolean,
    weblogic.security.SSL.SSLParams)
    weblogic.security.SSL.SSLSocket(java.net.InetAddress, int,
    weblogic.security.SSL.SSLParams)
    void weblogic.net.http.HttpsClient.openServer(java.lang.String, int)
    void weblogic.net.http.HttpsClient.openServer()
    weblogic.net.http.HttpClient(java.net.URL)
    weblogic.net.http.HttpsClient(java.net.URL)
    weblogic.net.http.HttpClient weblogic.net.http.HttpClient.New(java.net.URL=
    )
    void weblogic.net.http.HttpURLConnection.connect()
    java.io.InputStream weblogic.net.http.HttpURLConnection.getInputStream()
    java.io.InputStream java.net.URL.openStream()
    com.boxcarsoftware.jcs.ContentResultList
    com.boxcarsoftware.econtent.http.HttpFetcher.getDocumentList()
    void com.boxcarsoftware.jcs.EContentFetcher.work()
    void com.boxcarsoftware.jcs.EContentConnectionWorker.run()
    void java.lang.Thread.run()

    I understand that the complaint is that my certificate is old. My question
    is why does it care? I am not specifing ANY weblogic-related classes to my
    knowledge -- in fact I've gone out of my way to explicitly call the
    java.net.URL class. Mysteriously (at least to me) you will see weblogic
    classes being called under the covers of the URL class.

    Can anyone tell me why? This code is NOT part of an EJB -- it is running a=
    s
    regular java code.


    Thanks very much






  2. Default Re: Unwanted use of weblogic.net.http.HttpURLConnection

    Try it like this:

    URL url =3D new URL(null, "https://...",
    new com.sun.net.ssl.internal.www.protocol.https.Handler());

    HttpsURLConnection conn =3D (HttpsURLConnection) url.openConnection();

    EJF <newsid2000@yahoo.com> wrote:
    > The following problem is ruining an otherwise nice Memorial Day weekend.


    > I'm working in Visual Age on a piece of code that has nothing to do with
    > WebLogic, though I do have the WebLogic integration kit installed:


    > System.setProperty( "java.protocol.handler.pkgs",
    > "com.sun.net.ssl.internal.www.protocol");
    > java.security.Security.addProvider(new
    > com.sun.net.ssl.internal.ssl.Provider());


    > java.net.URL oUrl;
    > try
    > {


    > urlString =3D URLUtil.normalizeURL(urlString);
    > oUrl =3D new java.net.URL(urlString);


    > ContentData initialContentData =3D new ContentData();


    > InputStreamReader b =3D new InputStreamReader(oUrl.openStream());


    > .....



    > I'm using the Java JSSE kit to allow me to access https secure websites.
    > However, when I run the above code I get the following error stack trace
    > (please see additional text after the error message -- sorry it is so lon=

    g)

    > java.io.IOException: Certificate not valid:
    > fingerprint =3D 115632b0c42739458d5cf441895f1c72, not before =3D Wed Nov=

    09
    > 18:54:17 EST 1994, not after =3D Fri Dec 31 18:54:17 EST 1999, holder =3D=

    C=3DUS
    > O=3DRSA Data Security, Inc. OU=3DSecure Server Certification Authority , =

    issuer
    > =3D C=3DUS O=3DRSA Data Security, Inc. OU=3DSecure Server Certification A=

    uthority ,
    > key =3D modulus length=3D126 exponent length=3D3
    > java.lang.Throwable(java.lang.String)
    > java.lang.Exception(java.lang.String)
    > java.io.IOException(java.lang.String)
    > void weblogic.security.SSL.SSLCertificate.verify()
    > void weblogic.security.SSL.SSLCertificate.input(java.io.InputStream)
    > void weblogic.security.SSL.Handshake.input(java.io.InputStream)
    > weblogic.security.SSL.Handshake
    > weblogic.security.SSL.SSLSocket.getHandshake()
    > void weblogic.security.SSL.SSLSocket.clientInit()
    > void weblogic.security.SSL.SSLSocket.initialize(java.net.Socket, boolean=

    ,
    > weblogic.security.SSL.SSLParams)
    > weblogic.security.SSL.SSLSocket(java.net.InetAddress, int,
    > weblogic.security.SSL.SSLParams)
    > void weblogic.net.http.HttpsClient.openServer(java.lang.String, int)
    > void weblogic.net.http.HttpsClient.openServer()
    > weblogic.net.http.HttpClient(java.net.URL)
    > weblogic.net.http.HttpsClient(java.net.URL)
    > weblogic.net.http.HttpClient weblogic.net.http.HttpClient.New(java.net.U=

    RL)
    > void weblogic.net.http.HttpURLConnection.connect()
    > java.io.InputStream weblogic.net.http.HttpURLConnection.getInputStream()
    > java.io.InputStream java.net.URL.openStream()
    > com.boxcarsoftware.jcs.ContentResultList
    > com.boxcarsoftware.econtent.http.HttpFetcher.getDocumentList()
    > void com.boxcarsoftware.jcs.EContentFetcher.work()
    > void com.boxcarsoftware.jcs.EContentConnectionWorker.run()
    > void java.lang.Thread.run()


    > I understand that the complaint is that my certificate is old. My questi=

    on
    > is why does it care? I am not specifing ANY weblogic-related classes to =

    my
    > knowledge -- in fact I've gone out of my way to explicitly call the
    > java.net.URL class. Mysteriously (at least to me) you will see weblogic
    > classes being called under the covers of the URL class.


    > Can anyone tell me why? This code is NOT part of an EJB -- it is running=

    as
    > regular java code.



    > Thanks very much


    --=20
    Dimitri


  3. Default Re: Unwanted use of weblogic.net.http.HttpURLConnection

    Dimitri,

    Thanks very much -- that solved it. I wasn't aware of this URL
    constructor. As I look at the javaDoc, I now see there are quite a few
    options with regard to creation of a URL. I'm still not clear why the
    WebLogic stuff seems to barge in (I've found that my example actually works
    before I do an unrelated JNDI lookup, but not after), but I've posted in
    interest.security on that one.

    Thanks again for your help.
    "Dimitri Rakitine" <dr@dima.dhs.org> wrote in message
    news:3b11c0ae@newsgroups.bea.com...
    > Try it like this:
    >
    > URL url =3D new URL(null, "https://...",
    > new com.sun.net.ssl.internal.www.protocol.https.Handler());
    >
    > HttpsURLConnection conn =3D (HttpsURLConnection) url.openConnection();
    >
    > EJF <newsid2000@yahoo.com> wrote:
    > > The following problem is ruining an otherwise nice Memorial Day weekend=

    ..
    >
    > > I'm working in Visual Age on a piece of code that has nothing to do wit=

    h
    > > WebLogic, though I do have the WebLogic integration kit installed:

    >
    > > System.setProperty( "java.protocol.handler.pkgs",
    > > "com.sun.net.ssl.internal.www.protocol");
    > > java.security.Security.addProvider(new
    > > com.sun.net.ssl.internal.ssl.Provider());

    >
    > > java.net.URL oUrl;
    > > try
    > > {

    >
    > > urlString =3D URLUtil.normalizeURL(urlString);
    > > oUrl =3D new java.net.URL(urlString);

    >
    > > ContentData initialContentData =3D new ContentData();

    >
    > > InputStreamReader b =3D new InputStreamReader(oUrl.openStream());

    >
    > > .....

    >
    >
    > > I'm using the Java JSSE kit to allow me to access https secure websites=

    ..
    > > However, when I run the above code I get the following error stack trac=

    e
    > > (please see additional text after the error message -- sorry it is so

    long)
    >
    > > java.io.IOException: Certificate not valid:
    > > fingerprint =3D 115632b0c42739458d5cf441895f1c72, not before =3D Wed N=

    ov 09
    > > 18:54:17 EST 1994, not after =3D Fri Dec 31 18:54:17 EST 1999, holder =

    =3D
    C=3DUS
    > > O=3DRSA Data Security, Inc. OU=3DSecure Server Certification Authority =

    ,
    issuer
    > > =3D C=3DUS O=3DRSA Data Security, Inc. OU=3DSecure Server Certification

    Authority ,
    > > key =3D modulus length=3D126 exponent length=3D3
    > > java.lang.Throwable(java.lang.String)
    > > java.lang.Exception(java.lang.String)
    > > java.io.IOException(java.lang.String)
    > > void weblogic.security.SSL.SSLCertificate.verify()
    > > void weblogic.security.SSL.SSLCertificate.input(java.io.InputStream)
    > > void weblogic.security.SSL.Handshake.input(java.io.InputStream)
    > > weblogic.security.SSL.Handshake
    > > weblogic.security.SSL.SSLSocket.getHandshake()
    > > void weblogic.security.SSL.SSLSocket.clientInit()
    > > void weblogic.security.SSL.SSLSocket.initialize(java.net.Socket,

    boolean,
    > > weblogic.security.SSL.SSLParams)
    > > weblogic.security.SSL.SSLSocket(java.net.InetAddress, int,
    > > weblogic.security.SSL.SSLParams)
    > > void weblogic.net.http.HttpsClient.openServer(java.lang.String, int)
    > > void weblogic.net.http.HttpsClient.openServer()
    > > weblogic.net.http.HttpClient(java.net.URL)
    > > weblogic.net.http.HttpsClient(java.net.URL)
    > > weblogic.net.http.HttpClient

    weblogic.net.http.HttpClient.New(java.net.URL)
    > > void weblogic.net.http.HttpURLConnection.connect()
    > > java.io.InputStream

    weblogic.net.http.HttpURLConnection.getInputStream()
    > > java.io.InputStream java.net.URL.openStream()
    > > com.boxcarsoftware.jcs.ContentResultList
    > > com.boxcarsoftware.econtent.http.HttpFetcher.getDocumentList()
    > > void com.boxcarsoftware.jcs.EContentFetcher.work()
    > > void com.boxcarsoftware.jcs.EContentConnectionWorker.run()
    > > void java.lang.Thread.run()

    >
    > > I understand that the complaint is that my certificate is old. My

    question
    > > is why does it care? I am not specifing ANY weblogic-related classes t=

    o
    my
    > > knowledge -- in fact I've gone out of my way to explicitly call the
    > > java.net.URL class. Mysteriously (at least to me) you will see weblogi=

    c
    > > classes being called under the covers of the URL class.

    >
    > > Can anyone tell me why? This code is NOT part of an EJB -- it is

    running as
    > > regular java code.

    >
    >
    > > Thanks very much

    >
    > --
    > Dimitri





+ Reply to Thread