1

i'm trying sardine to make a webdav client, but it doesn't connect to my https server. in the usageguide say this about ssl http://code.google.com/p/sardine/wiki/UsageGuide#SSL but i dont know how to provide my custom Http client with my keystore.

i get this error. 

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:941)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:919)
    at com.googlecode.sardine.impl.SardineImpl.execute(SardineImpl.java:684)
    at com.googlecode.sardine.impl.SardineImpl.list(SardineImpl.java:339)
    at com.googlecode.sardine.impl.SardineImpl.getResources(SardineImpl.java:326)
    at sardine.main(sardine.java:15)

How can i set up?

Nicolas Raoul
  • 58,567
  • 58
  • 222
  • 373
Alexx Perez
  • 215
  • 2
  • 10
  • 19
  • I haven't had any luck with the Android implementation of the Sardine over SSL either. I too am getting the 'peer certificate error' as well. I have a keystore in BouncyCastle format (BKS) which is now necessary instead of JKS I have read. It is saved in the res/raw/ directory. I can't seem to figure out where to override the HTTP CLIENT that has been mentioned. It looks like the library uses ABSTRACT HTTP CLIENT. Where would one override the HTTP CLIENT? Any other examples? Edit: For what it's worth. I noticed that testing with an emulator never worked, but when I did on real devices I was ab – Rob Mar 22 '13 at 21:36

2 Answers2

1

Pretty simple example (for http://mydrive.net and Linux):

  • download cert from mydrive.net with OpenSSL
    • openssl s_client -connect webdav.mydrive.ch:443 > mydrive.net.crt
  • remove all stuff except of between BEGIN and END (inclusive) in mydrive.net.crt file
  • generate a new keystore:
    • keytool -genkey -alias dummy -keyalg RSA -keystore /etc/ssl/certs/java/yourKeyStore.jks -keysize 2048
    • use a secure passphrase
    • Remove unused generated certificate
      • keytool -delete -alias dummy -keystore /etc/ssl/certs/java/yourKeyStore.jks
  • Import cert from mydrive.net
    • keytool -import -trustcacerts -alias mydrive.net -keystore /etc/ssl/certs/java/kyourKeyStore.jks -file ./mydrive.net.crt
  • Verify import:
    • keytool -list -keystore /etc/ssl/certs/java/yourKeyStore.jks
  • add Java Parameter for keystore
    • JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/yourKeyStore.jks"
  • Restart JVM

Now you can use Sardine without overwrite or reimplement methods. Just use

Sardine sardine = SardineFactory.begin(username, password);
List<DavResource> resources = sardine.list("https://webdav.mydrive.ch/");

Tip: Make sure to use the correct cert. MyDrive has several certs for example

SpecialAgent
  • 110
  • 2
  • 8
0

Store the keystore(s) as raw resources, load them and use them to initialize SSLSocketFactory. You can than use it instantiate an HttpClient. To plug in into Sardine you need to override the method they specify in the Wiki to return your customized HttpClient instance.

Nikolay Elenkov
  • 52,576
  • 10
  • 84
  • 84
  • Read the SSLSocketFactory I linked above, it has information about creating and using the keystores. – Nikolay Elenkov Nov 04 '11 at 13:27
  • Solved with this: http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html – Alexx Perez Nov 17 '11 at 00:19
  • 1
    This is bad, bad, bad. I wish people would stop writing about stuff they don't understand. This code would accept _any and all_ certificates, and effectively invalidates SSL. You could be posting your stuff to malicious server and you would never know it. Do create your own trust store and install it properly. – Nikolay Elenkov Nov 17 '11 at 01:04