dcsimg
Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


Tip of the Day
Language: Java
Expertise: Advanced
Dec 6, 2005

WEBINAR:

On-Demand

Building the Right Environment to Support AI, Machine Learning and Deep Learning


Ask Users Before Rejecting X509 Certificate

This tip implements a X509TrustManager that asks clients before it rejects a certificate chain. The keystore used is just an example— you can adapt it for any other keystore:

import java.security.*;
import java.security.cert.*;
import java.net.*;
import javax.net.*;
import javax.net.ssl.*;
import java.io.*;
import java.awt.*;
import java.awt.event.*;

class X509TrustManagerDialog implements ActionListener{

Button accept=new Button("ACCEPT");
Button reject=new Button("REJECT");
Label label1=new Label("A X.509 certificate was rejected to the standard verification...");
Label label2=new Label("Accept / Reject this certificate ?");
Dialog t=null;

public X509TrustManagerDialog()
  {
  t=new Dialog(new Frame());
     
  t.setSize(400,100);
  t.setLocation(50,50);
  t.setModal(true);
  t.setResizable(false);
  t.setLayout(new FlowLayout());
  t.add(label1);t.add(label2);t.add(accept);t.add(reject);
    
  accept.addActionListener(this);
  reject.addActionListener(this);
    
  t.setVisible(true);       
  }
  
public void actionPerformed(ActionEvent e)
    {
    if((e.getActionCommand()).equals("ACCEPT"))
           {
           t.setVisible(false);
           return;
           }
           
    if((e.getActionCommand()).equals("REJECT"))
           System.exit(1);
    }

}

class QueryX509TrustManager implements X509TrustManager{

X509TrustManager X509TM=null;          //default X.509 TrustManager
TrustManagerFactory ClientTMF=null;    //SunX509 factory from SunJSSE provider
KeyStore ClientKS=null;                //keystore SSLCert - just an example
 
TrustManager[] ClientTMs=null;         //all the TrustManagers from SunX509 factory

char[] ClientKeystorePassword="Varonmykey".toCharArray();//SSLCert access password

    //QueryX509TrustManager constructor
    public QueryX509TrustManager(){    
    
    //get an KeyStore object of type JKS (default type)
    try{
       ClientKS=KeyStore.getInstance("JKS");
       }catch(java.security.KeyStoreException e)
        {System.out.println("1: "+e.getMessage());}

    //loading SSLCert keystore
    try{
       ClientKS.load(new FileInputStream("SSLKeystore"),ClientKeystorePassword);
       }catch(java.io.IOException e)
          {System.out.println("2: "+e.getMessage());
       }catch(java.security.NoSuchAlgorithmException e)
          {System.out.println("3: "+e.getMessage());
       }catch(java.security.cert.CertificateException e)
          {System.out.println("4: "+e.getMessage());}
          
    //TrustManagerFactory of SunJSSE
    try{
       ClientTMF=TrustManagerFactory.getInstance("SunX509","SunJSSE");
       }catch(java.security.NoSuchAlgorithmException e)
          {System.out.println("5: "+e.getMessage());
       }catch(java.security.NoSuchProviderException e)
          {System.out.println("6: "+e.getMessage());}

    //call init method for ClientTMF
    try{
       ClientTMF.init(ClientKS);
       }catch(java.security.KeyStoreException e)
          {System.out.println("7: "+e.getMessage());}

    //get all the TrustManagers
    ClientTMs=ClientTMF.getTrustManagers();
    
    //looking for a X509TrustManager instance
    for(int i=0;i<ClientTMs.length;i++)
         {
         if(ClientTMs[i] instanceof X509TrustManager)
             {
             System.out.println("X509TrustManager certificate found...");
             X509TM=(X509TrustManager)ClientTMs[i];
             return;
             }
         }
}

//checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain,String authType)
throws CertificateException{
try{
   System.out.println("Verify-client...");
   X509TM.checkClientTrusted(chain,authType);   
   }catch(CertificateException e)
      {
      System.out.println("I:  "+e.getMessage());
      X509TrustManagerDialog valid=new X509TrustManagerDialog();
      }
}

//checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain,String authType)
throws CertificateException{
try{
   System.out.println("Verify-server...");
   
   //ask the user what to do ?
   X509TM.checkServerTrusted(chain,authType);   
   }catch(CertificateException 
   e)
      {
      System.out.println("II:  "+e.getMessage());
      
      //ask the user what to do ?
      X509TrustManagerDialog valid=new X509TrustManagerDialog();
      }
}

//getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers(){                          
      return X509TM.getAcceptedIssuers();
      }
}    
Leonard Anghel
 
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
Thanks for your registration, follow us on our social networks to keep up-to-date