[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL Refusal

To: Michael S Young <msyoung@MetLife.com>
Subject: Re: SSL Refusal
From: cfowler <cfowler@outpostsentinel.com>
Date: 09 Oct 2002 12:30:57 -0400
Cc: ajug-members@ajug.org
In-Reply-To: <OF6AAA4A04.878854FD-ON85256C4D.0047DF50@metlife.com>
References: <OF6AAA4A04.878854FD-ON85256C4D.0047DF50@metlife.com>


I've got this code in my package but it seems most of it has been
deprecated.  Does anyone knoe the replacement code for those?

Thanks,
Chris

On Wed, 2002-10-09 at 09:47, Michael S Young wrote:
> 
> 
> Here's a hack that I got from someone else (not necessarily production
> quality) to replace the trust manager with your a custom, more lenient
> trust manager.
> This will allow your client-side code to trust any server regardless of the
> server certificate that it has.
> Use only if you trust that the server you are connecting to.
> 
> ================ class SSLSetup===================
> 
> import java.security.KeyManagementException;
> import java.security.NoSuchAlgorithmException;
> import java.security.Security;
> import javax.net.ssl.SSLSocketFactory;
> import com.sun.net.ssl.SSLContext;
> import com.sun.net.ssl.TrustManager;
> import com.sun.net.ssl.KeyManager;
> import com.sun.net.ssl.X509TrustManager;
> import com.sun.net.ssl.HttpsURLConnection;
> /**
>  * Setup a JVM for SSL connections.
>  * <BR><BR>
>  * Normal usage:<BR>
>  * 1) call initializeForSSL() to get SSL to work against most servers<BR>
>  * 2) call overrideTrustManager() to get SSL to work against all
> servers<BR>
>  * 3) call an https URL using your custom URLConnection code<BR>
>  *<BR>
>  * Call setDebug() to see SSL debug info
>  */
> public class SSLSetup {
> 
> public static void initializeForSSL() {
>     Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
>     System.setProperty(
>         "java.protocol.handler.pkgs",
>         "com.sun.net.ssl.internal.www.protocol");
> }
> public static void overrideTrustManager() {
>     //use our own trust manager so we can always trust
>     //the URL entered in the configuration.
>     X509TrustManager tm = new MyX509TrustManager();
>     KeyManager[] km = null;
>     TrustManager[] tma = { tm };
>     try {
>         SSLContext sslContext = SSLContext.getInstance("SSLv3");
>         sslContext.init(km, tma, new java.security.SecureRandom());
>         SSLSocketFactory sf1 = sslContext.getSocketFactory();
>         HttpsURLConnection.setDefaultSSLSocketFactory(sf1);
>     } catch (NoSuchAlgorithmException e) {
>         e.printStackTrace(System.out);
>     } catch (KeyManagementException e) {
>         e.printStackTrace(System.out);
>     }
> }
> public static void setDebug() {
>     System.setProperty("javax.net.debug",
> "ssl,handshake,data,trustmanager");
> }
> }
> =======================class MyX509TrustManager ===========================
> import java.security.cert.X509Certificate;
> import com.sun.net.ssl.X509TrustManager;
> /**
>  * A trust manager which trusts a client and server certificates.
>  * Used by SSLSetup class.
>  */
> public class MyX509TrustManager implements X509TrustManager {
> public X509Certificate[] getAcceptedIssuers() {
>     return null;
> }
> public boolean isClientTrusted(X509Certificate[] chain) {
>     return true;
> }
> public boolean isServerTrusted(X509Certificate[] chain) {
>     return true;
> }
> }
> 
> 
> 
> 
> 
> "Christopher Fowler" <cfowler@outpostsentinel.com> on 10/08/2002 05:47:46
> PM
> 
> Please respond to cfowler@outpostsentinel.com
> 
> To:    ajug-members@ajug.org
> cc:
> Subject:    SSL Refusal
> 
> I use https on my server but do not have a trusted certificate.  I use
> it strictly for the encryption capabilites.  Do I need to enable a
> switch in the URL connection to be able to get past this error:
> 
> 
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: Couldn't find trusted
> certificate
>         at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>         at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>         at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>         at com.sun.net.ssl.int
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> The information contained in this message may be CONFIDENTIAL and is for the intended addressee only.  Any unauthorized use, dissemination of the information, or copying of this message is prohibited.  If you are not the intended addressee, please notify the sender immediately and delete this message.
> 
> 
> 
> 
> 
> 
>

Prev by Date: Re: JTRee examples
Next by Date: Adding classes to Jbuider 7
Prev by thread: SSL Refusal
Next by thread: Re: JTRee examples
Index(es):
- Date
- Thread