0

What I need to do is direct Java to the HTTPS webpage, accept all the certificates, fill out the form, submit the data via POST, and then output the source of the resulting page. How would this be possible in Java(especially within the confines of an Android app)?

I assembled the code below from "http://alien.dowling.edu/~vassil/tutorials/javapost.php" and Kevin's answer in "http://stackoverflow.com/questions/1828775/httpclient-and-ssl", but printing the BufferedReader only prints out the form with the information filled instead of the source of the resulting page.

When submit is called, a script is run on the page using JavaScript and the URL itself does not change, but the contents of the page do change to reflect the returned results of the script. However, the current program still does not return the source of the new updated page. – Paradius just now

Can anyone of you show me where this code goes wrong? Thanks in advance!

import java.io.*;
import java.net.*;
import javax.net.ssl.*;
import java.util.*;

import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class JavaPOST
{

    public static void doSubmit(String url, Map<String, String> data) throws Exception 
    {

            //SSL Certificate Acceptor
            SSLContext ctx = SSLContext.getInstance("TLS");
            ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
            SSLContext.setDefault(ctx);

            URL siteUrl = new URL(url);
            HttpsURLConnection conn = (HttpsURLConnection)siteUrl.openConnection();
            conn.setRequestMethod("POST");
            conn.setDoOutput(true);
            conn.setDoInput(true);

            conn.setHostnameVerifier(
            new HostnameVerifier() 
            {
                @Override
                public boolean verify(String arg0, SSLSession arg1) 
                {
                    return true;
                }
            });

            DataOutputStream out = new DataOutputStream(conn.getOutputStream());

            Set keys = data.keySet();
            Iterator keyIter = keys.iterator();
            String content = "";
            for(int i=0; keyIter.hasNext(); i++) 
            {
                Object key = keyIter.next();
                if(i!=0)
                {
                    content += "&";
                }
                content += key + "=" + URLEncoder.encode(data.get(key), "UTF-8");
            }           
            //System.out.println(content);
            out.writeBytes(content);
            out.flush();
            out.close();
            BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
            String line = "";
            while((line=in.readLine())!=null) 
            {
                System.out.println(line);
            }

            System.out.println(conn.getURL());

    }

    public static void main(String[] args)
    {
        Map<String, String> data = new HashMap<String, String>();
        data.put("start_time", "103000");
        data.put("end_time", "210000");

        try
        {
            doSubmit("https://somedomain/webpage.html", data);
        }
        catch(Exception e)
        {
            e.printStackTrace();
        }
    }
}

class DefaultTrustManager implements X509TrustManager 
{

        @Override
        public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}

        @Override
        public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

    }
Paradius
  • 7,949
  • 11
  • 32
  • 38

1 Answers1

0

First and foremost: don't use a make-shift, trust-everyone X509TrustManager, it is a bad idea. If you are using a self-signed certificate for the server, embed it in the app an initialize the trust manager with it. There are numerous posts on how to do it properly.

If after your POST you are redirected to a HTTP page (not HTTPS), HttpURLConnection won't follow the redirect automatically. You'll have to parse the response manually (check for status code 302, etc) and GET that page using another HttpURLConnection instance.

Nikolay Elenkov
  • 52,576
  • 10
  • 84
  • 84
  • It turns out that I forgot to mention that when submit is called, a script is run on the page using JavaScript and the URL itself does not change, but the contents of the page do change to reflect the returned results of the script. However, the current program still does not return the source of the new updated page. – Paradius Jan 23 '12 at 03:13
  • Well, your Android client knows nothing about the JavaScript so there is no way it can get the result. If you need to run scripts, you may need a WebView instead. – Nikolay Elenkov Jan 23 '12 at 04:28
  • Is this even true if the page itself runs the script the page "redirects" the user to the same page but with a different appearance and therefore, different source? – Paradius Jan 23 '12 at 16:39
  • Unfortunately, I am not that too familiar with AJAX. How would I be able to determine if the page is using AJAX? All I know is that part of the page is updated when form data is submitted. – Paradius Jan 24 '12 at 15:00
  • If the scripts on the page are doing a POST or GET using XmlHttpRequest or similar to get some data, it's using AJAX. – Nikolay Elenkov Jan 24 '12 at 16:06
  • Okay, so how do I handle this using Java? – Paradius Jan 24 '12 at 16:35
  • It really depends on your app. Find out what the AJAX call(s) is doing and do the same thing. Or better yet, expose a simpler API for your Android apps. – Nikolay Elenkov Jan 25 '12 at 01:19