Server certificate validation on client side

Stone · Sep 9, 2011

Dear developers,

I have one question regarding server certificate validation in java on
the client side.
All my communication goes over SSL.
I would like to validate server certificate because of Man In the
Midle attact on the client side.

I would like to check whether server certificate is correct.

My actual code is:

System.out.println("Initialization of trust Manager");
initializeTrustManager();
System.out.println("Initialization of SSL Context");
initializeSSLContext();

Function for initialization of context is:
private void initializeSSLContext() throws Exception {
try {
sslContext = SSLContext.getInstance("TLSv1");
System.out.println("Contents with TLSv1 was initiated");
sslContext.init(null, trustManager, new
java.security.SecureRandom());
System.out.println("Contents with TLSv1 was initiated with
trustManager");

System.out.println(sslContext.getInstance("TLSv1").getProvider());
if(secure_Mode == 1)
{
System.out.println("HostName verification");
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String string, SSLSession
ssls)
{
System.out.println("Warning: URL Host:
"+string + " vs. " + ssls.getPeerHost());
return true;
}
};

HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
sslSocketFactory = sslContext.getSocketFactory();
System.out.println("SSL Socket Factory is done");
}

Initialization of trusted manager is:
private final void initializeTrustManager() throws Exception {
// init new TrustManager
System.out.println("Initialization of Trust Manager");

trustManager = new TrustManager[] {
new X509TrustManager()
{
//X509TrustManager sunJSSEX509TrustManager;
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
System.out.println("InitializeTrustManager:
getAcceptedIssuers:");
//return
sunJSSEX509TrustManager.getAcceptedIssuers();
return null;
}

public void
checkClientTrusted( java.security.cert.X509Certificate[] certs, String
authType)
{
for(int j=0;j<certs.length;j++)
{
System.out.println("initializeTrustmanager:
checkClientTrusted:" + certs[j] + " authTyp:" + authType);
System.out.println(" Subject DN:
"+certs[j].getSubjectDN());
System.out.println(" Issuer DN:
"+certs[j].getIssuerDN());
System.out.println(" Serial number:
"+certs[j].getSerialNumber());
}
}

public void checkServerTrusted
( java.security.cert.X509Certificate[] certs, String authType) throws
java.security.cert.CertificateException {
for(int i=0;i<certs.length;i++)
{
X509Certificate x509Certificate = certs;
System.out.println("InitializeTrustManager:
checkServerTrusted:" +
x509Certificate.getIssuerX500Principal().getName()+"AuthTyp:" +
authType);
System.out.println("InitializeTrustManager:
checkServerTrusted:" + x509Certificate.getIssuerDN());

}

}
public boolean isClientTrusted(X509Certificate[] arg0)
throws CertificateException
{
System.out.println("InitializeTrustManager:
isClientTrusted: ");
return true;
}
public boolean isServerTrusted(X509Certificate[] arg0)
throws CertificateException
{
for(int i=0;i<arg0.length;i++)
{
System.out.println("InitializeTrustManager:
isServerTrusted: "+ arg0.getIssuerDN());
}
//TODO
return true;
}
}
};
}

Unfortunatelly when the server certificate is not imported in Trusted
Store then all is working. But this is not good.

best regards
Petr

validation certificate agains cacert	1	Sep 16, 2011
Certificate validation	1	Aug 5, 2011
SSL client program	20	May 13, 2011
Hostname verifier	0	Aug 4, 2011
Hostname verifier in JAVA	0	Aug 4, 2011
Access to an https page with certificate	7	Nov 16, 2005
Java Web Start & OpenSSL	0	Jan 7, 2004
HTTPS connection using JSSE & Resin - the code works, but not sure why	0	Sep 8, 2003

Server certificate validation on client side

Stone

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads