java - How can I do an HttpPost using HttpClient to an HTTPS endpoint?

Question

Whenever I try to post to an https endpoint, I get a javax.net.ssl.SSLException: java.lang.NullPointerException :

import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.HttpClient;

try {
    MultiThreadedHttpConnectionManager connectionManager = new MultiThreadedHttpConnectionManager();
    HttpClient httpClient = new HttpClient(connectionManager);
    PostMethod pm = new PostMethod("https://www.random.org");
    httpClient.executeMethod(pm);
} catch (Exception e) {
    e.printStackTrace();
}

Which gives me:

javax.net.ssl.SSLException: java.lang.NullPointerException
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:94)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
    at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
    at <My File>
Caused by: java.lang.NullPointerException
    at org.bouncycastle.jce.provider.JCEECPublicKey.<init>(Unknown Source)
    at org.bouncycastle.jce.provider.JDKKeyFactory.createPublicKeyFromPublicKeyInfo(Unknown Source)
    at org.bouncycastle.jce.provider.X509CertificateObject.getPublicKey(Unknown Source)
    at sun.security.validator.PKIXValidator.initCommon(PKIXValidator.java:92)
    at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:60)
    at sun.security.validator.Validator.getInstance(Validator.java:161)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:108)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:204)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)

I haven't done anything specifically to configure SSL on my machine, but the JSSE test scripts I've run seem to indicate that it's installed. Have I maybe skipped a necessary step? The NullPointerException makes me think that this might be a bug, rather than an expected error.

EDIT 15 May 2012:

I've drilled down a bit using the eclipse debugger, to the point where I can see the certs in my SSLSocketFactoryImpl.

SchemeSocketFactory socketfac = httpClient.getConnectionManager().getSchemeRegistry().getScheme("https").getSchemeSocketFactory();
socketfac.socketfactory.context.trustManager.trustedCerts.map.table, in debugger.

I can FIND the cert for the site that I'm trying to hit; the thing is, along the way, there's a null pointer exception in the table. (See attached images.) If I use the debugger to remove the 2 (of 183) entries in my entry set which produce an NPE, my code runs perfectly well, but this doesn't seem like a workable solution. I don't think it's an issue with my keystore itself - if I use keytool -list -keystore cacerts, It outputs 183 entries, and each of them seems to be formatted appropriately.

---

---

---

Answer 1

バージョン133 は約 6 年前のものです。以来、多くの修正が行われています。最新のリリースは 1.47 で、org.bouncycasteグループ ID (廃止bouncycastle)で入手できます。リリース ノートを確認すると、問題の原因となっていた多数のバグ修正が記載されていNullPointerExceptionます。

また、明示的に、または BC プロバイダーがデフォルトの Sun/Oracle プロバイダーを使用する前に挿入されたため、Sun プロバイダーの代わりに BouncyCastle プロバイダーを使用しているコードもあると思われますSecurity.insertProviderAt(...)。

Answer 2

ついに答えを引き出すことができました。プロジェクトの別の部分で必要な別のアーティファクトの一部として、Maven を使用して bouncycastle バージョン 133 を含めていました。私の解決策は、maven pom.xml ファイルで bouncycastle の versionId を 140 にアップグレードすることでした。

Answer 3

コードは私のために働きます。デバッグ ログを有効にして、何が起こっているかを確認します。

  java.util.logging.Logger.getLogger("org.apache.http.wire").setLevel(java.util.logging.Level.FINEST);
  java.util.logging.Logger.getLogger("org.apache.http.headers").setLevel(java.util.logging.Level.FINEST);

  System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
  System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
  System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "debug");
  System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http", "debug");
  System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http.headers", "debug");