Server certificate validation on client side


S

Stone

Dear developers,

I have one question regarding server certificate validation in java on
the client side.
All my communication goes over SSL.
I would like to validate server certificate because of Man In the
Midle attact on the client side.

I would like to check whether server certificate is correct.

My actual code is:

System.out.println("Initialization of trust Manager");
initializeTrustManager();
System.out.println("Initialization of SSL Context");
initializeSSLContext();

Function for initialization of context is:
private void initializeSSLContext() throws Exception {
try {
sslContext = SSLContext.getInstance("TLSv1");
System.out.println("Contents with TLSv1 was initiated");
sslContext.init(null, trustManager, new
java.security.SecureRandom());
System.out.println("Contents with TLSv1 was initiated with
trustManager");

System.out.println(sslContext.getInstance("TLSv1").getProvider());
if(secure_Mode == 1)
{
System.out.println("HostName verification");
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String string, SSLSession
ssls)
{
System.out.println("Warning: URL Host:
"+string + " vs. " + ssls.getPeerHost());
return true;
}
};

HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
sslSocketFactory = sslContext.getSocketFactory();
System.out.println("SSL Socket Factory is done");
}

Initialization of trusted manager is:
private final void initializeTrustManager() throws Exception {
// init new TrustManager
System.out.println("Initialization of Trust Manager");

trustManager = new TrustManager[] {
new X509TrustManager()
{
//X509TrustManager sunJSSEX509TrustManager;
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
System.out.println("InitializeTrustManager:
getAcceptedIssuers:");
//return
sunJSSEX509TrustManager.getAcceptedIssuers();
return null;
}

public void
checkClientTrusted( java.security.cert.X509Certificate[] certs, String
authType)
{
for(int j=0;j<certs.length;j++)
{
System.out.println("initializeTrustmanager:
checkClientTrusted:" + certs[j] + " authTyp:" + authType);
System.out.println(" Subject DN:
"+certs[j].getSubjectDN());
System.out.println(" Issuer DN:
"+certs[j].getIssuerDN());
System.out.println(" Serial number:
"+certs[j].getSerialNumber());
}
}

public void checkServerTrusted
( java.security.cert.X509Certificate[] certs, String authType) throws
java.security.cert.CertificateException {
for(int i=0;i<certs.length;i++)
{
X509Certificate x509Certificate = certs;
System.out.println("InitializeTrustManager:
checkServerTrusted:" +
x509Certificate.getIssuerX500Principal().getName()+"AuthTyp:" +
authType);
System.out.println("InitializeTrustManager:
checkServerTrusted:" + x509Certificate.getIssuerDN());

}

}
public boolean isClientTrusted(X509Certificate[] arg0)
throws CertificateException
{
System.out.println("InitializeTrustManager:
isClientTrusted: ");
return true;
}
public boolean isServerTrusted(X509Certificate[] arg0)
throws CertificateException
{
for(int i=0;i<arg0.length;i++)
{
System.out.println("InitializeTrustManager:
isServerTrusted: "+ arg0.getIssuerDN());
}
//TODO
return true;
}
}
};
}

Unfortunatelly when the server certificate is not imported in Trusted
Store then all is working. But this is not good.

best regards
Petr
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top