-
-
Save dportabella/7024146 to your computer and use it in GitHub Desktop.
| /* | |
| Test your JKS file easily. | |
| You have created a java JKS trust store file to access a webservice with a certificate, and you want to test if it works? | |
| Some colleagues often test this by deploying the jks to the application server (tomcat, weblogic...), restarting the server and manually running tests, | |
| and repeating this procedure until the jks is properly created. | |
| you can speed up this test by using this simple java program: | |
| > javac TestJKS.java | |
| > java -Djavax.net.ssl.trustStore=your_trust_store.jks TestJKS <url> [<user> <password>] | |
| > echo $? | |
| the program exits with 0 if succeeds, or 1 otherwise. | |
| if the jks file cannot certificate the webservice, the program will fail with: | |
| javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target | |
| */ | |
| import java.io.*; | |
| import java.net.*; | |
| class TestJKS { | |
| final static String usage = "java -Djavax.net.ssl.trustStore=your_trust_store.jks TestJKS <url> [<user> <password>]"; | |
| public static void main(String[] args) { | |
| if (args.length != 1 && args.length != 3) { | |
| System.err.println(usage); | |
| System.exit(1); | |
| } | |
| final String url = args[0]; | |
| if (args.length > 1) { | |
| final String user = args[1]; | |
| final String password = args[2]; | |
| Authenticator.setDefault(new Authenticator() { | |
| protected PasswordAuthentication getPasswordAuthentication() { | |
| return new PasswordAuthentication(user, password.toCharArray()); | |
| } | |
| }); | |
| } | |
| InputStream in = null; | |
| try { | |
| in = new java.net.URL(url).openStream(); | |
| byte[] buffer = new byte[1024]; | |
| int read; | |
| while ((read = in.read(buffer)) > 0) { | |
| System.out.write(buffer, 0, read); | |
| } | |
| } catch (IOException e) { | |
| e.printStackTrace(System.err); | |
| System.exit(1); | |
| } finally { | |
| if (in != null) { | |
| try { in.close(); } catch (Exception e) {} | |
| } | |
| } | |
| System.exit(0); | |
| } | |
| } |
Thanks for a simple class.. It was failing for me.. added keystore password and type as Parameters to test the class.
java -Djavax.net.ssl.trustStore=your_trust_store.jks -Djavax.net.ssl.trustStorePassword=PASSWORD -Djavax.net.ssl.trustStoreType=JKS TestJKS [ ]
If you want to use a different keystore and truststore, here's a bash script for easy editing and running with Java11+
#!/bin/bash
java \
-Djavax.net.debug=ssl:handshake \
-Djavax.net.ssl.trustStore=YOURTRUSTSTORE \
-Djavax.net.ssl.trustStorePassword=changeit \
-Djavax.net.ssl.trustStoreType=JKS \
-Djavax.net.ssl.keyStore=YOURKEYSTORE \
-Djavax.net.ssl.keyStorePassword=changeit \
-Djavax.net.ssl.keyStoreType=JKS \
TestJKS.java \
https://any.url.domain.com:port/whatever/pathIf you want to use Java8 and lower you will need to compile the java file first.
And if you don't have javac you will need to install that first.
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get install openjdk-8-jdk
update-alternatives --config java
javac TestJKS.javaNOTE: Remove the .java extension from the startup script if you have compiled the java file with javac
This can be done in three lines from the command line as long as you have JDK 11:
$ export JAVA_TOOL_OPTIONS='-Djavax.net.ssl.trustStore= your_trust_store.jks'
$ jshell
jshell> new String(new java.net.URL("https://your-url-here.com:8443").openStream().readAllBytes(), java.nio.charset.StandardCharsets.UTF_8);
To exit jshell it's /exit. You can redo the test without the jks by just doing unset JAVA_TOOL_OPTIONS
You'll see characters from that website if the truststore was right (and you had the right url), or you'll see a stack trace if there was an exception.
jshell was added in JDK 9.
readAllBytes was added in JDK 11.
Its don't working for me.