Java access to the api
Good stuff, but…
Correct me if I’m wrong, but it looks like you’re blinding trusting any SSL cert provided by all server.
As suggested by Cliff, it’s probably a lot better for your code to install the cert provided by https://api.guildwars2.com, before others start getting man-in-the-middle’d while using your code.
Well, I am working on a real solution. Can’t give an ETA yet, as I also want to do other stuff.
Perhaps Oracle will add the Root Certificate of StartCom into their Default KeyStore, who knows.
But until then, it is atleast a way to test the implementations that you made so far.
Not the best thing to publish as a complete program, but until then you can work on said program, and just use a real solution once that one is available.
Yeah, I googled around but didn’t find any way to add the certificate into the keystore from within the program.
The trust manager is stupid, but I couldn’t find any real solution. The trust manager was just a way to actually be able to access the data.
Making good progress.
So far I have a not very nice looking implementation of a class which will read in a crt file in runtime and use that one while creating a SSL connection.
Tested it with the StartCom root certificate (which worked, could query the API), and the root certificated used by google, which denied the connection.
It’s looking rather promising
http://www.clearfield.com/key_store_browser/key_store_browser.html
Look at the source code of that, from what I understand, it has methods that can add certificates to existing keystores.
What about grabbing the user’s keystore (making a copy of it), adding the new cert to it, and setting it as the javax.net.ssl.keyStore for your app?
Wouldn’t that avoid:
a) Using a trust manager that trusts everything?
b) Editing the user’s actual keyStore, as it’s only creating a new one for the app’s execution?
Have something working for now:
http://code.google.com/p/j-gw2-api/
It includes the StartCom Root Certificate as Byte array, if you don’t want to download your own certificate, but it also allows you to use a .crt file on your computer.
The JSON object are the official implementation over at json.org.
Edit:
And yeah, I know it is missing the HostnameVerifier.
So it is not entirely save for now, but it’s a beginning.
But I guess the default one will do the job good enough. Have to take a look how that one is implemented to see if it really does verify the hostnames correctly when using custom KeyStores, Certificates etc.
(edited by Varonth.5830)
Have something working for now:
http://code.google.com/p/j-gw2-api/It includes the StartCom Root Certificate as Byte array, if you don’t want to download your own certificate, but it also allows you to use a .crt file on your computer.
The JSON object are the official implementation over at json.org.
Excellent work, Varonth!
Lead Programmer
Have something working for now:
http://code.google.com/p/j-gw2-api/It includes the StartCom Root Certificate as Byte array, if you don’t want to download your own certificate, but it also allows you to use a .crt file on your computer.
The JSON object are the official implementation over at json.org.
Edit:
And yeah, I know it is missing the HostnameVerifier.
So it is not entirely save for now, but it’s a beginning.
But I guess the default one will do the job good enough. Have to take a look how that one is implemented to see if it really does verify the hostnames correctly when using custom KeyStores, Certificates etc.
Awesome, you rock! Thanks so much for doing this.
Wont be better to include your own keystore inside your jar ?
keytool.exe -importcert -file $(GW2 Cert) -keystore MyTrustStore -alias “GW2”
then
System.setProperty(“javax.net.ssl.keyStorePassword”,“123456”);
System.setProperty(“javax.net.ssl.trustStore”, “MyTrustStore.jks”);
(edited by ifoxe.4890)
Wont be better to include your own keystore inside your jar ?
keytool.exe -importcert -file $(GW2 Cert) -keystore MyTrustStore -alias “GW2”
then
System.setProperty(“javax.net.ssl.keyStorePassword”,“123456”);
System.setProperty(“javax.net.ssl.trustStore”, “MyTrustStore.jks”);
I am generating an emtpy keystore during runtime, add a single key to it, and use that keystore just on the SSLSockets generated by the jGW2API class.
If I would instead use a prebuild keystore, and set the properties to use that one default, then I would also affect other SSLsockets. What if someone wants to access to GW2 API but also needs a SSL connection to another server. Unless that server also used StartCom for verification, the connection would fail (unless I include that certificate aswell).
Would be posible to have acces to the project?
I want to learn from it and colaborate if possible
Wont be better to include your own keystore inside your jar ?
keytool.exe -importcert -file $(GW2 Cert) -keystore MyTrustStore -alias “GW2”
then
System.setProperty(“javax.net.ssl.keyStorePassword”,“123456”);
System.setProperty(“javax.net.ssl.trustStore”, “MyTrustStore.jks”);I am generating an emtpy keystore during runtime, add a single key to it, and use that keystore just on the SSLSockets generated by the jGW2API class.
If I would instead use a prebuild keystore, and set the properties to use that one default, then I would also affect other SSLsockets. What if someone wants to access to GW2 API but also needs a SSL connection to another server. Unless that server also used StartCom for verification, the connection would fail (unless I include that certificate aswell).
Nice Point. Anyways if someone else use SSL Connections to other sources, im pretty sure they will know how to add Theyr own Certs to your keystore.
Wont be better to include your own keystore inside your jar ?
keytool.exe -importcert -file $(GW2 Cert) -keystore MyTrustStore -alias “GW2”
then
System.setProperty(“javax.net.ssl.keyStorePassword”,“123456”);
System.setProperty(“javax.net.ssl.trustStore”, “MyTrustStore.jks”);I am generating an emtpy keystore during runtime, add a single key to it, and use that keystore just on the SSLSockets generated by the jGW2API class.
If I would instead use a prebuild keystore, and set the properties to use that one default, then I would also affect other SSLsockets. What if someone wants to access to GW2 API but also needs a SSL connection to another server. Unless that server also used StartCom for verification, the connection would fail (unless I include that certificate aswell).
Nice Point. Anyways if someone else use SSL Connections to other sources, im pretty sure they will know how to add Theyr own Certs to your keystore.
Sure they should know it, or atleast will get the knowledge once they start working on it.
But there are other things to consider, like the possibility of IOException when the KeyStore file isn’t located were the program searches for it.
That is also the reason why I hardcoded the certificate as byte array into the class itself.
I added an overloaded constructor if someone wants to load a certificate from a file. But in that case, I also don’t ‘handle’ the exceptions, as there might be all sorts of Exceptions, starting from IOExceptions because the file wasn’t found over security exception because the user doesn’t have read rights to the certificate to CertificateExceptions because the stuff read in wasn’t an actual or incomplete certificate.
Is there room for improvement? Yes, quite a bit, which I will probably address over the next few days. For example:
Currently everytime I contruct an APIRequest object I initialize alot of stuff, just so that at the end, I get an SSLSocketFactory which I can use for SSLSockets combatible with the StartCom certificates.
Obviously, I can just generate the SSLSocketFactory once, save such a Factory instance somewhere, and just use that one everytime I contruct a new APIRequest instance.
I also want to add direct access to the HTTP header and content in case someone want to use the direct data for his own JSON implementation or whatever else reason someone has to use direct data.
Just had a bit of free time yesterday evening, and this initial thing turned out to work quite good.
Would be posible to have acces to the project?
I want to learn from it and colaborate if possible
It’s open source, using the MIT License.
You can download it on the googlecode page under Source
You can either use a git client, or go to the browse tab and download it there directly.
You can also clone it, copy it, modify it however you like. You can see the full license within the source or on the googlecode page.
I have decided not to wait and redo most critical issues (swallowing exceptions? recreating tons of stuff for each request? Raw json output? etc…)
https://code.google.com/p/gw2api/
Usage is now like this:
GW2API api = new GW2API();
List<Long> items = api.getItems();
for (Long id : items) {
api.getItemDetails(id, null).getName();
}
Currently, parsing items is in progress – there is ton on needed research to find out all flags, types and type-specific data.
Varonth i have being using your api and i have problems with wWwmastchDetails
the problem come from the last return of the method the code is return null, and when you call WwWMatchDetails(string id) you call, and the url that you get is …..?match=2-2null , then you cannot acces the url because null is extra.
I will try to change null for return void, i tell what happen
Hello again Varonth, the problem was that the string in the return sentence was:
new URL jGW2API.Standard_URL+jGW2API.API_Version+"wvw/match_details.?match_id=“id
and it has to be:
new URL jGW2API.Standard_URLjGW2API.API_Version+”wvw/match_details.json?match_id="+id
It was only a misspell, sorry for warning
Small heads up:
I have finished mapping all data structures to java objects, my current to-do is:
- Decide what id and values have to remain strings and which can be parsed to integers
* Possibly refactor Item class
* Find out which flags, constants and types are missing – right now, exception will be raised when unknown is ecnountered.
Distribution is here: https://gw2api.googlecode.com/svn/trunk/dist/gw2api.jar
Home here: https://code.google.com/p/gw2api/
@zwei Please do not use com.guildwars2.api
as a package name. Java naming conventions suggest you should use a domain you own, making this one imply it’s an official thing (plus there’s a (tiny) chance an official package will conflict with yours should they ever release one). Personally I see this as a no-go, though I do tend to be a little strict on random things from time to time
@zwei Please do not use <code>com.guildwars2.api</code> as a package name. Java naming conventions suggest you should use a domain you own, making this one imply it’s an official thing (plus there’s a (tiny) chance an official package will conflict with yours should they ever release one). Personally I see this as a no-go, though I do tend to be a little strict on random things from time to time
I was considering using my own domain, but it felt wrong to do that considering that it was fork of Alex.1503s work and whatnot.
But you have a point – if anet ever decides to make offcial library, they would collide.
So it is repackaged. And I hate SVN a bit more.
Small heads-up:
I have added support to read offline datasets ( from this thread: https://forum-en.gw2archive.eu/forum/community/api/Data-dump-All-recipes-and-created-items/first#post2091313 ) , so far it is fairly ugly, but really usefull.
Cheers!
Bigger heads-up:
Offline data lists are complete for everything that makes sense, added some utils (item chat code), fixed parsing of non-english texts and completed using proper Long values instead of String.
So I also updated a bit of jGW2API.
Latest update is Version 0.2-RC.
What does it add?
A new high level API for those that don’t want to use direct JSON data.
This is fully optional, and if wanted you can still use the JSON objects themself (nothing changed in how you access those).
For those wanting a more Java like access to objects I added a new package jGW2API.util, with some subpackages for the different API types.
You just need jGW2API.util.HighLevelAPI static methods to generate Java objects of the JSONObjects.
These then include all you needs, from IDs, over enums (for clean if and switch statements) to HashMaps for fast access of Mapable data (like EventID -> EventName).
There might be some issues still, as it is quite hard to get every kind of possible item and combination, which might result in some odd variations.
Just throw in a Bugreport in the Issue tracker of the googlecode project or write me a small PM.
Once this version is stable, I will continue to work on the next milestone, which will be SQL support via JDBC (mySQL, SQL or SQLite should be possible with different free JDBC drivers).
(edited by Varonth.5830)
I´ve created a mini app that creates a localldb over derby (its included on jdk) that takes all event status in the game and the name of the events wordls and maps in other tables.
i’ve used the varonth first api if someone wants it i can post it somwere.
@Varonth.5830 where can i find sun.misc.BASE64Encoder packAge?
I´ve created a mini app that creates a localldb over derby (its included on jdk) that takes all event status in the game and the name of the events wordls and maps in other tables.
i’ve used the varonth first api if someone wants it i can post it somwere.@Varonth.5830 where can i find sun.misc.BASE64Encoder packAge?
The standard Oracle implementation (Java SE 6 and Java SE 7 etc) comes with it, as it should also be included in openJDK. Let me know if you, or of course anyone else here, is using some sort of exotic java implementation. I can also split that one method into a transformer module, which could be excluded then (excluding Item does not seem like a good solution :P ).
As it is available as open source as part of the openJDK ( http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/misc/BASE64Encoder.java) one could also just add it to the exotic implementation, as if someone really does not use openJDK or Java SE X should really know what he does.
Don’t worry varonth i wiil find it, and don’t worry either because the version of the api RC0.2 for you i have readed and place it in the eclipse but for now i only need the rc0.1 methods for having jsonobjects and arrays. it´s just that i dont like red signs at mi code jajajajajja
sun packages should not be used at all thou – they are explicitly not guaranteed to work between versions, existing in different platforms is least of worries. Historically, quite few of them got repackaged to java.util or javax packages, breaking any older code. Beware.
For my API methods concerning item chat code, i have simply used achace codecs library.
I have added sample GUI application (Event Watcher) and started on OAuth2 implementation.
And updated api for new stuff (colors, guilds, build and misc updates)
(edited by zwei.9073)
Like many reference implementations sun.misc Base64 encoder is extremely slow. Also have you tested the org.json parser speed vs other parsers?
Like many reference implementations sun.misc Base64 encoder is extremely slow. Also have you tested the org.json parser speed vs other parsers?
Might be that the Base64 encoder is slow, but to be honest, it doesn’t matter as it is just needed in a single method which is generating copy&paste-able chatlinks.
And no, I didn’t test the speed vs. the other 23 available JSON parsers. I used that one because I already had experience with it. If you want to test the speed of the other parsers, feel free to do so and post the results.
Like many reference implementations sun.misc Base64 encoder is extremely slow. Also have you tested the org.json parser speed vs other parsers?
I dont think that parser speed matter that much now. i use org.json.simple and it was hardy improvement over plain org.json.
What matters more is quality of output (i.e, some parsers would mix and match Double and Long values)
Anyhow, i have posted last update for recent color changes, even with sample app that makes chart of colors and made bigger app:
http://www.reddit.com/r/Guildwars2/comments/1fsqzq/api_wvw_notifier_for_pve_exloration_completers/
Updated for latest items changes.
Updated for recent map api.