Server certificate validation on client side

Discussion in 'Java' started by Stone, Sep 9, 2011.

  1. Stone

    Stone Guest

    Dear developers,

    I have one question regarding server certificate validation in java on
    the client side.
    All my communication goes over SSL.
    I would like to validate server certificate because of Man In the
    Midle attact on the client side.

    I would like to check whether server certificate is correct.

    My actual code is:

    System.out.println("Initialization of trust Manager");
    initializeTrustManager();
    System.out.println("Initialization of SSL Context");
    initializeSSLContext();

    Function for initialization of context is:
    private void initializeSSLContext() throws Exception {
    try {
    sslContext = SSLContext.getInstance("TLSv1");
    System.out.println("Contents with TLSv1 was initiated");
    sslContext.init(null, trustManager, new
    java.security.SecureRandom());
    System.out.println("Contents with TLSv1 was initiated with
    trustManager");

    System.out.println(sslContext.getInstance("TLSv1").getProvider());
    if(secure_Mode == 1)
    {
    System.out.println("HostName verification");
    HostnameVerifier hv = new HostnameVerifier() {
    public boolean verify(String string, SSLSession
    ssls)
    {
    System.out.println("Warning: URL Host:
    "+string + " vs. " + ssls.getPeerHost());
    return true;
    }
    };

    HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
    HttpsURLConnection.setDefaultHostnameVerifier(hv);
    }
    sslSocketFactory = sslContext.getSocketFactory();
    System.out.println("SSL Socket Factory is done");
    }

    Initialization of trusted manager is:
    private final void initializeTrustManager() throws Exception {
    // init new TrustManager
    System.out.println("Initialization of Trust Manager");

    trustManager = new TrustManager[] {
    new X509TrustManager()
    {
    //X509TrustManager sunJSSEX509TrustManager;
    public java.security.cert.X509Certificate[]
    getAcceptedIssuers() {
    System.out.println("InitializeTrustManager:
    getAcceptedIssuers:");
    //return
    sunJSSEX509TrustManager.getAcceptedIssuers();
    return null;
    }

    public void
    checkClientTrusted( java.security.cert.X509Certificate[] certs, String
    authType)
    {
    for(int j=0;j<certs.length;j++)
    {
    System.out.println("initializeTrustmanager:
    checkClientTrusted:" + certs[j] + " authTyp:" + authType);
    System.out.println(" Subject DN:
    "+certs[j].getSubjectDN());
    System.out.println(" Issuer DN:
    "+certs[j].getIssuerDN());
    System.out.println(" Serial number:
    "+certs[j].getSerialNumber());
    }
    }

    public void checkServerTrusted
    ( java.security.cert.X509Certificate[] certs, String authType) throws
    java.security.cert.CertificateException {
    for(int i=0;i<certs.length;i++)
    {
    X509Certificate x509Certificate = certs;
    System.out.println("InitializeTrustManager:
    checkServerTrusted:" +
    x509Certificate.getIssuerX500Principal().getName()+"AuthTyp:" +
    authType);
    System.out.println("InitializeTrustManager:
    checkServerTrusted:" + x509Certificate.getIssuerDN());

    }

    }
    public boolean isClientTrusted(X509Certificate[] arg0)
    throws CertificateException
    {
    System.out.println("InitializeTrustManager:
    isClientTrusted: ");
    return true;
    }
    public boolean isServerTrusted(X509Certificate[] arg0)
    throws CertificateException
    {
    for(int i=0;i<arg0.length;i++)
    {
    System.out.println("InitializeTrustManager:
    isServerTrusted: "+ arg0.getIssuerDN());
    }
    //TODO
    return true;
    }
    }
    };
    }

    Unfortunatelly when the server certificate is not imported in Trusted
    Store then all is working. But this is not good.

    best regards
    Petr
    Stone, Sep 9, 2011
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matt
    Replies:
    14
    Views:
    4,071
    Chad Z. Hower aka Kudzu
    Jan 30, 2004
  2. =?Utf-8?B?dmlkeWE=?=
    Replies:
    1
    Views:
    741
    Kevin Spencer
    Jun 2, 2005
  3. Boss302
    Replies:
    0
    Views:
    1,022
    Boss302
    Nov 21, 2006
  4. Bogdan
    Replies:
    2
    Views:
    637
    Bogdan
    Jun 9, 2008
  5. Matthew
    Replies:
    0
    Views:
    371
    Matthew
    Nov 2, 2004
Loading...

Share This Page