devxlogo

Ask Users Before Rejecting X509 Certificate

Ask Users Before Rejecting X509 Certificate

This tip implements a X509TrustManager that asks clients before it rejects a certificate chain. The keystore used is just an example? you can adapt it for any other keystore:

import java.security.*;import java.security.cert.*;import java.net.*;import javax.net.*;import javax.net.ssl.*;import java.io.*;import java.awt.*;import java.awt.event.*;class X509TrustManagerDialog implements ActionListener{Button accept=new Button("ACCEPT");Button reject=new Button("REJECT");Label label1=new Label("A X.509 certificate was rejected to the standard verification...");Label label2=new Label("Accept / Reject this certificate ?");Dialog t=null;public X509TrustManagerDialog()  {  t=new Dialog(new Frame());       t.setSize(400,100);  t.setLocation(50,50);  t.setModal(true);  t.setResizable(false);  t.setLayout(new FlowLayout());  t.add(label1);t.add(label2);t.add(accept);t.add(reject);      accept.addActionListener(this);  reject.addActionListener(this);      t.setVisible(true);         }  public void actionPerformed(ActionEvent e)    {    if((e.getActionCommand()).equals("ACCEPT"))           {           t.setVisible(false);           return;           }               if((e.getActionCommand()).equals("REJECT"))           System.exit(1);    }}class QueryX509TrustManager implements X509TrustManager{X509TrustManager X509TM=null;          //default X.509 TrustManagerTrustManagerFactory ClientTMF=null;    //SunX509 factory from SunJSSE providerKeyStore ClientKS=null;                //keystore SSLCert - just an example TrustManager[] ClientTMs=null;         //all the TrustManagers from SunX509 factorychar[] ClientKeystorePassword="Varonmykey".toCharArray();//SSLCert access password    //QueryX509TrustManager constructor    public QueryX509TrustManager(){            //get an KeyStore object of type JKS (default type)    try{       ClientKS=KeyStore.getInstance("JKS");       }catch(java.security.KeyStoreException e)        {System.out.println("1: "+e.getMessage());}    //loading SSLCert keystore    try{       ClientKS.load(new FileInputStream("SSLKeystore"),ClientKeystorePassword);       }catch(java.io.IOException e)          {System.out.println("2: "+e.getMessage());       }catch(java.security.NoSuchAlgorithmException e)          {System.out.println("3: "+e.getMessage());       }catch(java.security.cert.CertificateException e)          {System.out.println("4: "+e.getMessage());}              //TrustManagerFactory of SunJSSE    try{       ClientTMF=TrustManagerFactory.getInstance("SunX509","SunJSSE");       }catch(java.security.NoSuchAlgorithmException e)          {System.out.println("5: "+e.getMessage());       }catch(java.security.NoSuchProviderException e)          {System.out.println("6: "+e.getMessage());}    //call init method for ClientTMF    try{       ClientTMF.init(ClientKS);       }catch(java.security.KeyStoreException e)          {System.out.println("7: "+e.getMessage());}    //get all the TrustManagers    ClientTMs=ClientTMF.getTrustManagers();        //looking for a X509TrustManager instance    for(int i=0;i
See also  How College Students Can Shape the Future of Tech Responsibility
devxblackblue

About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist