Skip to content

Instantly share code, notes, and snippets.

@serrodcal

serrodcal/TestSkipValidation.java

Forked from drmalex07/TestSkipValidation.java
Created September 30, 2019 12:01
Show Gist options
  • Save serrodcal/2d726c5dea04705fee6544b99659c2c3 to your computer and use it in GitHub Desktop.
Save serrodcal/2d726c5dea04705fee6544b99659c2c3 to your computer and use it in GitHub Desktop.
Download ZIP
Create a new Java keystore. Add your trusted certificates. #java #jks #certificate #ssl #keystore
Raw
create-java-keystore.md

Create Java keystore

  1. Create a new java keystore as a clone of the default keystore (αν υπαρχει τετοιο)
  2. Add your trusted certs using -trustcacerts
  3. Pass your keystore to runtime enviroment of your JVM (-Dname=value or via some *.properties file) using the proper values for javax.net.ssl.trustStore, javax.net.ssl.trustStorePassword parameters.

Create a new empty keystore "keystore.jks" with a dummy certificate (you will be propmted for a password):

keytool -genkey -keyalg RSA -keystore keystore.jks -keysize 2048

Add a trusted certificate as a CA certifcate (e.g. apps.dev.olomeleia.gr):

keytool -import -trustcacerts -alias root1 -keystore keystore.jks -file apps.dev.olomeleia.gr.crt

List entries in keystore:

keytool -list -keystore keystore.jks

Run your tests to ensure that the SSL handshake completes successfully:

java -Djavax.net.ssl.trustStore=/var/local/certs/keystore.jks -Djavax.net.ssl.trustStorePassword=qaz123 TestUrl
Raw
TestSkipValidation.java
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.BufferedReader;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
public class TestSkipValidation
{
private static SSLSocketFactory default_factory = null;
private static HostnameVerifier default_hostname_verifier;
private static class DummyTrustManager implements X509TrustManager
{
public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }
public void checkClientTrusted(X509Certificate[] certs, String authType) {}
public void checkServerTrusted(X509Certificate[] certs, String authType) {}
}
private static class DummyHostnameVerifier implements HostnameVerifier
{
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
public static void main(String[] args) throws Exception
{
String request_url;
if (args.length > 0) {
request_url = args[0];
} else {
System.out.println("Usage: java TestSkipValidation <https-url>");
return;
}
System.out.println("Testing on: "+request_url);
default_factory = HttpsURLConnection.getDefaultSSLSocketFactory();
default_hostname_verifier = HttpsURLConnection.getDefaultHostnameVerifier();
System.out.println(" --- Req #1 (without validation) ---");
requestWithoutValidation(request_url);
System.out.println(" --- Req #2 (with validation) ---");
requestWithValidation(request_url);
return;
}
public static void requestWithValidation(String request_url) throws Exception
{
// Restore default factories
HttpsURLConnection.setDefaultSSLSocketFactory(default_factory);
HttpsURLConnection.setDefaultHostnameVerifier(default_hostname_verifier);
URL url = new URL(request_url);
URLConnection con = url.openConnection();
consumeInput(con);
}
public static void requestWithoutValidation(String request_url) throws Exception
{
// Create a dummy all=trusting trust manager
TrustManager[] dummy_manager = new TrustManager[] {
new DummyTrustManager()
};
// Install the all-trusting trust manager
SSLContext ssl_context = SSLContext.getInstance("SSL");
ssl_context.init(null, dummy_manager, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(ssl_context.getSocketFactory());
// Create and install all-trusting host name verifier
HostnameVerifier dummy_hostname_verifier = new DummyHostnameVerifier();
HttpsURLConnection.setDefaultHostnameVerifier(dummy_hostname_verifier);
URL url = new URL(request_url);
URLConnection con = url.openConnection();
consumeInput(con);
}
private static void consumeInput(URLConnection con) throws Exception
{
InputStream istr = con.getInputStream();
BufferedReader inp1 = new BufferedReader(new InputStreamReader(istr));
String line;
System.out.println(" -- Start Response (10 lines) --");
int nl = 0;
while ((nl < 10) && (line = inp1.readLine()) != null) {
System.out.println(line);
nl++;
}
System.out.println(" -- End Response --");
inp1.close();
}
}
Raw
TestUrl.java
import java.net.*;
import java.io.*;
public class TestUrl
{
public static void main(String[] args) throws Exception
{
URL url1 = new URL(args[0]);
URLConnection conn1 = url1.openConnection();
BufferedReader inp1 = new BufferedReader(new InputStreamReader(conn1.getInputStream()));
String line;
System.out.println(" -- Start Response --");
while ((line = inp1.readLine()) != null)
System.out.println(line);
System.out.println(" -- End Response --");
inp1.close();
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment