Server certificate validation on client side
Dear developers,
I have one question regarding server certificate validation in java on
the client side.
All my communication goes over SSL.
I would like to validate server certificate because of Man In the
Midle attact on the client side.
I would like to check whether server certificate is correct.
My actual code is:
System.out.println("Initialization of trust Manager");
initializeTrustManager();
System.out.println("Initialization of SSL Context");
initializeSSLContext();
Function for initialization of context is:
private void initializeSSLContext() throws Exception {
try {
sslContext = SSLContext.getInstance("TLSv1");
System.out.println("Contents with TLSv1 was initiated");
sslContext.init(null, trustManager, new
java.security.SecureRandom());
System.out.println("Contents with TLSv1 was initiated with
trustManager");
System.out.println(sslContext.getInstance("TLSv1").getProvider());
if(secure_Mode == 1)
{
System.out.println("HostName verification");
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String string, SSLSession
ssls)
{
System.out.println("Warning: URL Host:
"+string + " vs. " + ssls.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
sslSocketFactory = sslContext.getSocketFactory();
System.out.println("SSL Socket Factory is done");
}
Initialization of trusted manager is:
private final void initializeTrustManager() throws Exception {
// init new TrustManager
System.out.println("Initialization of Trust Manager");
trustManager = new TrustManager[] {
new X509TrustManager()
{
//X509TrustManager sunJSSEX509TrustManager;
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
System.out.println("InitializeTrustManager:
getAcceptedIssuers:");
//return
sunJSSEX509TrustManager.getAcceptedIssuers();
return null;
}
public void
checkClientTrusted( java.security.cert.X509Certificate[] certs, String
authType)
{
for(int j=0;j<certs.length;j++)
{
System.out.println("initializeTrustmanager:
checkClientTrusted:" + certs[j] + " authTyp:" + authType);
System.out.println(" Subject DN:
"+certs[j].getSubjectDN());
System.out.println(" Issuer DN:
"+certs[j].getIssuerDN());
System.out.println(" Serial number:
"+certs[j].getSerialNumber());
}
}
public void checkServerTrusted
( java.security.cert.X509Certificate[] certs, String authType) throws
java.security.cert.CertificateException {
for(int i=0;i<certs.length;i++)
{
X509Certificate x509Certificate = certs[i];
System.out.println("InitializeTrustManager:
checkServerTrusted:" +
x509Certificate.getIssuerX500Principal().getName()+"AuthTyp:" +
authType);
System.out.println("InitializeTrustManager:
checkServerTrusted:" + x509Certificate.getIssuerDN());
}
}
public boolean isClientTrusted(X509Certificate[] arg0)
throws CertificateException
{
System.out.println("InitializeTrustManager:
isClientTrusted: ");
return true;
}
public boolean isServerTrusted(X509Certificate[] arg0)
throws CertificateException
{
for(int i=0;i<arg0.length;i++)
{
System.out.println("InitializeTrustManager:
isServerTrusted: "+ arg0[i].getIssuerDN());
}
//TODO
return true;
}
}
};
}
Unfortunatelly when the server certificate is not imported in Trusted
Store then all is working. But this is not good.
best regards
Petr