Last active
July 19, 2016 18:07
-
-
Save rocketraman/8312705 to your computer and use it in GitHub Desktop.
Quick and dirty SSL test code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import javax.net.SocketFactory; | |
| import javax.net.ssl.*; | |
| import java.io.FileInputStream; | |
| import java.net.Socket; | |
| import java.security.KeyStore; | |
| import java.security.cert.CertificateException; | |
| import java.security.cert.X509Certificate; | |
| public class TestSsl { | |
| public static void main(String[] args) throws Exception { | |
| String host = args[0]; | |
| int port = Integer.valueOf(args[1]); | |
| System.out.println("host=" + host); | |
| System.out.println("port=" + port); | |
| System.out.println(); | |
| KeyManager[] clientKeys = null; | |
| if(args.length > 3) { | |
| String keystore = args[2]; | |
| String password = args[3]; | |
| System.out.println("keystore=" + keystore); | |
| KeyStore clientKeyStore = KeyStore.getInstance("JKS"); | |
| clientKeyStore.load(new FileInputStream(keystore), password.toCharArray()); | |
| KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); | |
| keyManagerFactory.init(clientKeyStore, password.toCharArray()); | |
| clientKeys = keyManagerFactory.getKeyManagers(); | |
| } | |
| SSLContext c = SSLContext.getInstance("TLS"); | |
| // c.init(null, new TrustManager[] {new TestTrustManager()}, null); | |
| c.init(clientKeys, new TrustManager[] {new TestExtendedTrustManager()}, null); | |
| // defaults | |
| // c.init(null, null, null); | |
| SocketFactory sf = c.getSocketFactory(); | |
| System.out.println("sf=" + sf); | |
| SSLSocket socket = (SSLSocket) sf.createSocket(host, port); | |
| SSLParameters sslParams = socket.getSSLParameters(); | |
| System.out.println("socket=" + socket); | |
| System.out.println("socket.getClass()=" + socket.getClass()); | |
| System.out.println("ssl params=" + sslParams); | |
| socket.startHandshake(); | |
| System.out.println("isConnected=" + socket.isConnected()); | |
| System.out.println("session=" + socket.getSession()); | |
| System.out.println("session=" + socket.getSession()); | |
| System.out.println("session.isValid()=" + socket.getSession().isValid()); | |
| } | |
| private static class TestExtendedTrustManager extends X509ExtendedTrustManager { | |
| X509TrustManager delegate = null; | |
| private TestExtendedTrustManager() throws Exception { | |
| // Instantiate the default X509TrustManager | |
| TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); | |
| // use the default cacerts | |
| factory.init((KeyStore) null); | |
| TrustManager[] trustManagers = factory.getTrustManagers(); | |
| if (trustManagers != null && trustManagers.length > 0) { | |
| for (int i = 0; i < trustManagers.length; i++) { | |
| TrustManager trustManager = factory.getTrustManagers()[i]; | |
| if (trustManager instanceof X509TrustManager) { | |
| delegate = (X509TrustManager) trustManager; | |
| break; | |
| } | |
| } | |
| } | |
| if (delegate == null) { | |
| throw new CertificateException("Cannot find any default instance of X509TrustManager."); | |
| } | |
| } | |
| public X509Certificate[] getAcceptedIssuers() { | |
| if (delegate == null) { | |
| return null; | |
| } else { | |
| return delegate.getAcceptedIssuers(); | |
| } | |
| } | |
| @Override | |
| public void checkClientTrusted(final X509Certificate[] x509Certificates, final String s, final Socket socket) | |
| throws CertificateException { | |
| checkClientTrusted(x509Certificates, s); | |
| } | |
| @Override | |
| public void checkServerTrusted(final X509Certificate[] x509Certificates, final String s, final Socket socket) | |
| throws CertificateException { | |
| checkServerTrusted(x509Certificates, s); | |
| } | |
| @Override | |
| public void checkClientTrusted(final X509Certificate[] x509Certificates, final String s, | |
| final SSLEngine sslEngine) | |
| throws CertificateException { | |
| checkClientTrusted(x509Certificates, s); | |
| } | |
| @Override | |
| public void checkServerTrusted(final X509Certificate[] x509Certificates, final String s, | |
| final SSLEngine sslEngine) | |
| throws CertificateException { | |
| checkServerTrusted(x509Certificates, s); | |
| } | |
| @Override | |
| public void checkClientTrusted(X509Certificate[] certs, String authType) { | |
| } | |
| @Override | |
| public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { | |
| for (int c = 0; c < certs.length; c++) { | |
| X509Certificate cert = certs[c]; | |
| System.out.println(" Server certificate " + (c + 1) + ":"); | |
| System.out.println(" Subject DN: " + cert.getSubjectX500Principal()); | |
| System.out.println(" Issuer DN: " + cert.getIssuerX500Principal()); | |
| System.out.println(" Signature Algorithm: " + cert.getSigAlgName()); | |
| System.out.println(" Valid from: " + cert.getNotBefore()); | |
| System.out.println(" Valid until: " + cert.getNotAfter()); | |
| System.out.println(" Serial #: " + cert.getSerialNumber().toString(16)); | |
| } | |
| if (delegate != null) { | |
| //delegate.checkServerTrusted(new X509Certificate[] {certs[0], certs[1], certs[2]}, authType); | |
| delegate.checkServerTrusted(certs, authType); | |
| } else { | |
| throw new CertificateException("Unable to validate server certificate chain (delegate is null)."); | |
| } | |
| } | |
| } | |
| private static class TestTrustManager implements X509TrustManager { | |
| X509TrustManager delegate = null; | |
| private TestTrustManager() throws Exception { | |
| // Instantiate the default X509TrustManager | |
| TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); | |
| // use the default cacerts | |
| factory.init((KeyStore) null); | |
| TrustManager[] trustManagers = factory.getTrustManagers(); | |
| if (trustManagers != null && trustManagers.length > 0) { | |
| for (int i = 0; i < trustManagers.length; i++) { | |
| TrustManager trustManager = factory.getTrustManagers()[i]; | |
| if (trustManager instanceof X509TrustManager) { | |
| delegate = (X509TrustManager) trustManager; | |
| break; | |
| } | |
| } | |
| } | |
| if (delegate == null) { | |
| throw new CertificateException("Cannot find any default instance of X509TrustManager."); | |
| } | |
| } | |
| public X509Certificate[] getAcceptedIssuers() { | |
| if (delegate == null) { | |
| return null; | |
| } else { | |
| return delegate.getAcceptedIssuers(); | |
| } | |
| } | |
| @Override | |
| public void checkClientTrusted(X509Certificate[] certs, String authType) { | |
| } | |
| @Override | |
| public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { | |
| for (int c = 0; c < certs.length; c++) { | |
| X509Certificate cert = certs[c]; | |
| System.out.println(" Server certificate " + (c + 1) + ":"); | |
| System.out.println(" Subject DN: " + cert.getSubjectX500Principal()); | |
| System.out.println(" Issuer DN: " + cert.getIssuerX500Principal()); | |
| System.out.println(" Signature Algorithm: " + cert.getSigAlgName()); | |
| System.out.println(" Valid from: " + cert.getNotBefore()); | |
| System.out.println(" Valid until: " + cert.getNotAfter()); | |
| System.out.println(" Serial #: " + cert.getSerialNumber().toString(16)); | |
| } | |
| if (delegate != null) { | |
| //delegate.checkServerTrusted(new X509Certificate[] {certs[0], certs[1], certs[2]}, authType); | |
| delegate.checkServerTrusted(certs, authType); | |
| } else { | |
| throw new CertificateException("Unable to validate server certificate chain (delegate is null)."); | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment