I’ve been using httpClient to try to write a connection string to an https-base API, and the username / password auth is a bit tricky.
Using the Appache commons base64 encoder I am forced to pass an array of bytes to the constructor, my auth should be email@companyName:password however the @ symbol is not supported by the base 64 converter (as it’s not 0-9 a-z or a-z or /+), however this clearly needs to be resolved before I can auth…. Help?
Code (before it’s requested):
import org.apache.commons.codec.binary.Base64;
....
String encoding = Base64.encodeBase64String("username@company.com:password");
HttpPost httppost = new HttpPost("https://webapi.com/api/protectedarea");
httppost.setHeader("Authorization", "Basic " + encoding);
Full error code:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
It looks like your server doesn’t have a valid SSL certificate.
What I’ve done in the past for a development environment has been to implement a new X509TrustManager – this is basically checking the certificate credentials are valid.