Last active
January 26, 2024 19:34
-
-
Save dportabella/7024146 to your computer and use it in GitHub Desktop.
Test your JKS file easily with java -Djavax.net.ssl.trustStore=your_trust_store.jks TestJKS <url> [<user> <password>]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Test your JKS file easily. | |
| You have created a java JKS trust store file to access a webservice with a certificate, and you want to test if it works? | |
| Some colleagues often test this by deploying the jks to the application server (tomcat, weblogic...), restarting the server and manually running tests, | |
| and repeating this procedure until the jks is properly created. | |
| you can speed up this test by using this simple java program: | |
| > javac TestJKS.java | |
| > java -Djavax.net.ssl.trustStore=your_trust_store.jks TestJKS <url> [<user> <password>] | |
| > echo $? | |
| the program exits with 0 if succeeds, or 1 otherwise. | |
| if the jks file cannot certificate the webservice, the program will fail with: | |
| javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target | |
| */ | |
| import java.io.*; | |
| import java.net.*; | |
| class TestJKS { | |
| final static String usage = "java -Djavax.net.ssl.trustStore=your_trust_store.jks TestJKS <url> [<user> <password>]"; | |
| public static void main(String[] args) { | |
| if (args.length != 1 && args.length != 3) { | |
| System.err.println(usage); | |
| System.exit(1); | |
| } | |
| final String url = args[0]; | |
| if (args.length > 1) { | |
| final String user = args[1]; | |
| final String password = args[2]; | |
| Authenticator.setDefault(new Authenticator() { | |
| protected PasswordAuthentication getPasswordAuthentication() { | |
| return new PasswordAuthentication(user, password.toCharArray()); | |
| } | |
| }); | |
| } | |
| InputStream in = null; | |
| try { | |
| in = new java.net.URL(url).openStream(); | |
| byte[] buffer = new byte[1024]; | |
| int read; | |
| while ((read = in.read(buffer)) > 0) { | |
| System.out.write(buffer, 0, read); | |
| } | |
| } catch (IOException e) { | |
| e.printStackTrace(System.err); | |
| System.exit(1); | |
| } finally { | |
| if (in != null) { | |
| try { in.close(); } catch (Exception e) {} | |
| } | |
| } | |
| System.exit(0); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This can be done in three lines from the command line as long as you have JDK 11:
To exit
jshellit's/exit. You can redo the test without the jks by just doingunset JAVA_TOOL_OPTIONSYou'll see characters from that website if the truststore was right (and you had the right url), or you'll see a stack trace if there was an exception.
jshellwas added in JDK 9.readAllByteswas added in JDK 11.