Skip to content

Instantly share code, notes, and snippets.

@fovea1959

fovea1959/SSLPoke.java

Created June 4, 2018 20:44
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save fovea1959/0fa0d8e0b170bd08e29f0991e44ab039 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save fovea1959/0fa0d8e0b170bd08e29f0991e44ab039 to your computer and use it in GitHub Desktop.
Download ZIP
Enhanced SSLPoke (Java test program)
Raw
SSLPoke.java
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
public class SSLPoke
{
public static void main(String[] paramArrayOfString)
{
if (paramArrayOfString.length != 2)
{
System.err.println("Utility to debug Java connections to SSL servers");
System.err.println("Usage: ");
System.err.println(" java " + SSLPoke.class.getName() + " <host> <port>");
System.err.println("or for more debugging:");
System.err.println(" java -Djavax.net.debug=ssl,trustmanager " + SSLPoke.class.getName() + " <host> <port>");
System.err.println();
System.err.println("Eg. to test the SSL certificate at https://localhost, use");
System.err.println(" java " + SSLPoke.class.getName() + " localhost 443");
System.exit(1);
}
try
{
SSLSocketFactory localSSLSocketFactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket localSSLSocket = (SSLSocket)localSSLSocketFactory.createSocket(paramArrayOfString[0], Integer.parseInt(paramArrayOfString[1]));
localSSLSocket.startHandshake();
X509TrustManager[] trustManagers = getSystemTrustManagers();
Certificate[] peerCertificates = localSSLSocket.getSession().getPeerCertificates();
for (Certificate c1 : peerCertificates) {
if (c1 instanceof X509Certificate) {
X509Certificate certificate = (X509Certificate) c1;
String validity;
try {
certificate.checkValidity();
validity = "valid";
} catch (CertificateExpiredException e) {
validity = "invalid " + e.getClass().getName();
} catch (CertificateNotYetValidException e) {
validity = "invalid " + e.getClass().getName();
}
System.out.println("Subject: " + certificate.getSubjectDN().getName());
System.out.println(" serial: " + certificate.getSerialNumber().toString(16));
System.out.println(" expiration: " + certificate.getNotBefore() + ", "
+ certificate.getNotAfter() + ", " + validity);
System.out.println(" issuer: " + certificate.getIssuerDN().getName());
System.out.println(" trust anchor " + checkTrustedCertStatus(certificate, trustManagers));
}
System.out.println("---");
}
InputStream localInputStream = localSSLSocket.getInputStream();
OutputStream localOutputStream = localSSLSocket.getOutputStream();
localOutputStream.write(1);
while (localInputStream.available() > 0) {
System.out.print(localInputStream.read());
}
System.out.println("Successfully connected");
System.exit(0);
}
catch (SSLHandshakeException localSSLHandshakeException)
{
if (localSSLHandshakeException.getCause() != null) {
localSSLHandshakeException.getCause().printStackTrace();
} else {
localSSLHandshakeException.printStackTrace();
}
}
catch (Exception localException)
{
localException.printStackTrace();
}
System.exit(1);
}
static protected String checkTrustedCertStatus(X509Certificate certificate,
X509TrustManager[] trustManagers) {
for (X509TrustManager trustManager : trustManagers) {
for (X509Certificate trustedCert : trustManager.getAcceptedIssuers()) {
try {
certificate.verify(trustedCert.getPublicKey());
return "matched found: " + trustedCert.getIssuerDN().getName() + " " + trustedCert.getSerialNumber().toString(16);
} catch (CertificateException e) {
//logger.info(trustedCert.getIssuerDN().getName() + e.getMessage());
} catch (NoSuchAlgorithmException e) {
//logger.info(trustedCert.getIssuerDN().getName() + e.getMessage());
} catch (InvalidKeyException e) {
//logger.info(trustedCert.getIssuerDN().getName() + e.getMessage());
} catch (NoSuchProviderException e) {
//logger.info(trustedCert.getIssuerDN().getName() + e.getMessage());
} catch (SignatureException e) {
//logger.info(trustedCert.getIssuerDN().getName() + e.getMessage());
}
}
}
return "not matched in trust store (which is expected of the host certificate that is part of a chain)";
}
static protected X509TrustManager[] getSystemTrustManagers() {
TrustManagerFactory trustManagerFactory = null;
try {
trustManagerFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
} catch (NoSuchAlgorithmException e) {
} catch (KeyStoreException e) {
}
System.out.println("Detected Truststore: " + trustManagerFactory.getProvider().getName());
List<X509TrustManager> x509TrustManagers = new ArrayList<X509TrustManager>();
for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
if (trustManager instanceof X509TrustManager) {
X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
System.out
.println(" Trusted issuers found: " + x509TrustManager.getAcceptedIssuers().length);
x509TrustManagers.add(x509TrustManager);
}
}
System.out.println("---");
return x509TrustManagers.toArray(new X509TrustManager[] {});
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment