This tip implements a X509TrustManager that asks clients before it rejects a certificate chain. The keystore used is just an example? you can adapt it for any other keystore:
import java.security.*;import java.security.cert.*;import java.net.*;import javax.net.*;import javax.net.ssl.*;import java.io.*;import java.awt.*;import java.awt.event.*;class X509TrustManagerDialog implements ActionListener{Button accept=new Button("ACCEPT");Button reject=new Button("REJECT");Label label1=new Label("A X.509 certificate was rejected to the standard verification...");Label label2=new Label("Accept / Reject this certificate ?");Dialog t=null;public X509TrustManagerDialog() { t=new Dialog(new Frame()); t.setSize(400,100); t.setLocation(50,50); t.setModal(true); t.setResizable(false); t.setLayout(new FlowLayout()); t.add(label1);t.add(label2);t.add(accept);t.add(reject); accept.addActionListener(this); reject.addActionListener(this); t.setVisible(true); } public void actionPerformed(ActionEvent e) { if((e.getActionCommand()).equals("ACCEPT")) { t.setVisible(false); return; } if((e.getActionCommand()).equals("REJECT")) System.exit(1); }}class QueryX509TrustManager implements X509TrustManager{X509TrustManager X509TM=null; //default X.509 TrustManagerTrustManagerFactory ClientTMF=null; //SunX509 factory from SunJSSE providerKeyStore ClientKS=null; //keystore SSLCert - just an example TrustManager[] ClientTMs=null; //all the TrustManagers from SunX509 factorychar[] ClientKeystorePassword="Varonmykey".toCharArray();//SSLCert access password //QueryX509TrustManager constructor public QueryX509TrustManager(){ //get an KeyStore object of type JKS (default type) try{ ClientKS=KeyStore.getInstance("JKS"); }catch(java.security.KeyStoreException e) {System.out.println("1: "+e.getMessage());} //loading SSLCert keystore try{ ClientKS.load(new FileInputStream("SSLKeystore"),ClientKeystorePassword); }catch(java.io.IOException e) {System.out.println("2: "+e.getMessage()); }catch(java.security.NoSuchAlgorithmException e) {System.out.println("3: "+e.getMessage()); }catch(java.security.cert.CertificateException e) {System.out.println("4: "+e.getMessage());} //TrustManagerFactory of SunJSSE try{ ClientTMF=TrustManagerFactory.getInstance("SunX509","SunJSSE"); }catch(java.security.NoSuchAlgorithmException e) {System.out.println("5: "+e.getMessage()); }catch(java.security.NoSuchProviderException e) {System.out.println("6: "+e.getMessage());} //call init method for ClientTMF try{ ClientTMF.init(ClientKS); }catch(java.security.KeyStoreException e) {System.out.println("7: "+e.getMessage());} //get all the TrustManagers ClientTMs=ClientTMF.getTrustManagers(); //looking for a X509TrustManager instance for(int i=0;i