devxlogo

Ask Users Before Rejecting X509 Certificate

Ask Users Before Rejecting X509 Certificate

This tip implements a X509TrustManager that asks clients before it rejects a certificate chain. The keystore used is just an example? you can adapt it for any other keystore:

import java.security.*;import java.security.cert.*;import java.net.*;import javax.net.*;import javax.net.ssl.*;import java.io.*;import java.awt.*;import java.awt.event.*;class X509TrustManagerDialog implements ActionListener{Button accept=new Button("ACCEPT");Button reject=new Button("REJECT");Label label1=new Label("A X.509 certificate was rejected to the standard verification...");Label label2=new Label("Accept / Reject this certificate ?");Dialog t=null;public X509TrustManagerDialog()  {  t=new Dialog(new Frame());       t.setSize(400,100);  t.setLocation(50,50);  t.setModal(true);  t.setResizable(false);  t.setLayout(new FlowLayout());  t.add(label1);t.add(label2);t.add(accept);t.add(reject);      accept.addActionListener(this);  reject.addActionListener(this);      t.setVisible(true);         }  public void actionPerformed(ActionEvent e)    {    if((e.getActionCommand()).equals("ACCEPT"))           {           t.setVisible(false);           return;           }               if((e.getActionCommand()).equals("REJECT"))           System.exit(1);    }}class QueryX509TrustManager implements X509TrustManager{X509TrustManager X509TM=null;          //default X.509 TrustManagerTrustManagerFactory ClientTMF=null;    //SunX509 factory from SunJSSE providerKeyStore ClientKS=null;                //keystore SSLCert - just an example TrustManager[] ClientTMs=null;         //all the TrustManagers from SunX509 factorychar[] ClientKeystorePassword="Varonmykey".toCharArray();//SSLCert access password    //QueryX509TrustManager constructor    public QueryX509TrustManager(){            //get an KeyStore object of type JKS (default type)    try{       ClientKS=KeyStore.getInstance("JKS");       }catch(java.security.KeyStoreException e)        {System.out.println("1: "+e.getMessage());}    //loading SSLCert keystore    try{       ClientKS.load(new FileInputStream("SSLKeystore"),ClientKeystorePassword);       }catch(java.io.IOException e)          {System.out.println("2: "+e.getMessage());       }catch(java.security.NoSuchAlgorithmException e)          {System.out.println("3: "+e.getMessage());       }catch(java.security.cert.CertificateException e)          {System.out.println("4: "+e.getMessage());}              //TrustManagerFactory of SunJSSE    try{       ClientTMF=TrustManagerFactory.getInstance("SunX509","SunJSSE");       }catch(java.security.NoSuchAlgorithmException e)          {System.out.println("5: "+e.getMessage());       }catch(java.security.NoSuchProviderException e)          {System.out.println("6: "+e.getMessage());}    //call init method for ClientTMF    try{       ClientTMF.init(ClientKS);       }catch(java.security.KeyStoreException e)          {System.out.println("7: "+e.getMessage());}    //get all the TrustManagers    ClientTMs=ClientTMF.getTrustManagers();        //looking for a X509TrustManager instance    for(int i=0;i

devx-admin

Share the Post: