Installcert and Java 7

Source: Internet
Author: User
Tags sha1


Read this article mentioned: http://www.mkyong.com/webservices/jax-ws/ suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/

The following is FQ reproduced

When communicating with a server using a self-signed SSL using a Java based client, this custom certificate must be known By the callee side of the communication. This can is done manually by adding the certificate to the client JVM.

To simplify this process, one can use a simple tool called Installcert as described here and here. This application is originally written for Java 5/java 6. While the solution still works, when you try to run the application through Java 7, you'll get an additional error MES Sage like this:

javax.net.ssl.SSLException: java.lang.UnsupportedOperationException
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1844)
 at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1827)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1346)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
 at org.vangen.auth.InstallCert.main(InstallCert.java:81)
Caused by: java.lang.UnsupportedOperationException
 at org.vangen.auth.InstallCert$SavingTrustManager.getAcceptedIssuers(InstallCert.java:168)
 at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:926)
 at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:872)
 at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:814)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
 ... 2 more

To avoid this error, you'll need to the change how accepted issuers is returned. The original code threw an exception for this method. The Java 7 implementation calls this method, which is not the case with earlier versions of Java. The solution to this problem are to simply return a empty array like this:

@Override publicx509certificate[] Getacceptedissuers () {returnnewx509certificate[0]; throw new Unsupportedoperationexception (); }

By doing this small, the application would no longer return an error upon execution. The full application code would then is:

packageorg.vangen.auth;
 
importjava.io.BufferedReader;
importjava.io.File;
importjava.io.FileInputStream;
importjava.io.FileOutputStream;
importjava.io.InputStream;
importjava.io.InputStreamReader;
importjava.io.OutputStream;
importjava.security.KeyStore;
importjava.security.MessageDigest;
importjava.security.cert.CertificateException;
importjava.security.cert.X509Certificate;
 
importjavax.net.ssl.SSLContext;
importjavax.net.ssl.SSLException;
importjavax.net.ssl.SSLSocket;
importjavax.net.ssl.SSLSocketFactory;
importjavax.net.ssl.TrustManager;
importjavax.net.ssl.TrustManagerFactory;
importjavax.net.ssl.X509TrustManager;
 
publicclassInstallCert {
 
    publicstaticvoidmain(finalString[] args)throwsException {
        String host;
        intport;
        char[] passphrase;
        if((args.length ==1) || (args.length ==2)) {
            finalString[] c = args[0].split(":");
            host = c[0];
            port = (c.length ==1) ?443: Integer.parseInt(c[1]);
            finalString p = (args.length ==1) ?"changeit": args[1];
            passphrase = p.toCharArray();
        }else{
            System.out.println(
                    "Usage: java InstallCert <host>[:port] [passphrase]");
            return;
        }
 
        File file =newFile("jssecacerts");
        if(file.isFile() ==false) {
            finalcharSEP = File.separatorChar;
            finalFile dir =newFile(System.getProperty("java.home")
                    + SEP +"lib"+ SEP +"security");
            file =newFile(dir,"jssecacerts");
            if(file.isFile() ==false) {
                file =newFile(dir,"cacerts");
            }
        }
 
        System.out.println("Loading KeyStore "+ file +"...");
        finalInputStream in =newFileInputStream(file);
        finalKeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(in, passphrase);
        in.close();
 
        finalSSLContext context = SSLContext.getInstance("TLS");
        finalTrustManagerFactory tmf =
                TrustManagerFactory.getInstance(TrustManagerFactory
                        .getDefaultAlgorithm());
        tmf.init(ks);
        finalX509TrustManager defaultTrustManager =
                (X509TrustManager) tmf.getTrustManagers()[0];
        finalSavingTrustManager tm =newSavingTrustManager(
                defaultTrustManager);
        context.init(null,newTrustManager[] { tm },null);
        finalSSLSocketFactory factory = context.getSocketFactory();
 
        System.out.println("Opening connection to "
                + host +":"+ port +"...");
        finalSSLSocket socket = (SSLSocket) factory.createSocket(host, port);
        socket.setSoTimeout(10000);
        try{
            System.out.println("Starting SSL handshake...");
            socket.startHandshake();
            socket.close();
            System.out.println();
            System.out.println("No errors, certificate is already trusted");
        }catch(finalSSLException e) {
            System.out.println();
            e.printStackTrace(System.out);
        }
 
        finalX509Certificate[] chain = tm.chain;
        if(chain ==null) {
            System.out.println("Could not obtain server certificate chain");
            return;
        }
 
        finalBufferedReader reader =
                newBufferedReader(newInputStreamReader(System.in));
 
        System.out.println();
        System.out.println("Server sent "+ chain.length +" certificate(s):");
        System.out.println();
        finalMessageDigest sha1 = MessageDigest.getInstance("SHA1");
        finalMessageDigest md5 = MessageDigest.getInstance("MD5");
        for(inti =0; i < chain.length; i++) {
            finalX509Certificate cert = chain[i];
            System.out.println(" "+ (i +1) +" Subject "
                    + cert.getSubjectDN());
            System.out.println("   Issuer  "+ cert.getIssuerDN());
            sha1.update(cert.getEncoded());
            System.out.println("   sha1    "+ toHexString(sha1.digest()));
            md5.update(cert.getEncoded());
            System.out.println("   md5     "+ toHexString(md5.digest()));
            System.out.println();
        }
 
        System.out.println("Enter certificate to add to trusted keystore"
                +" or ‘q‘ to quit: [1]");
        finalString line = reader.readLine().trim();
        intk;
        try{
            k = (line.length() ==0) ?0: Integer.parseInt(line) -1;
        }catch(finalNumberFormatException e) {
            System.out.println("KeyStore not changed");
            return;
        }
 
        finalX509Certificate cert = chain[k];
        finalString alias = host +"-"+ (k +1);
        ks.setCertificateEntry(alias, cert);
 
        finalOutputStream out =newFileOutputStream(file);
        ks.store(out, passphrase);
        out.close();
 
        System.out.println();
        System.out.println(cert);
        System.out.println();
        System.out.println(
                "Added certificate to keystore ‘cacerts‘ using alias ‘"
                        + alias +"‘");
    }
 
    privatestaticfinalchar[] HEXDIGITS ="0123456789abcdef".toCharArray();
 
    privatestaticString toHexString(finalbyte[] bytes) {
        finalStringBuilder sb =newStringBuilder(bytes.length *3);
        for(intb : bytes) {
            b &=0xff;
            sb.append(HEXDIGITS[b >>4]);
            sb.append(HEXDIGITS[b &15]);
            sb.append(‘ ‘);
        }
        returnsb.toString();
    }
 
    privatestaticclassSavingTrustManagerimplementsX509TrustManager {
 
        privatefinalX509TrustManager tm;
        privateX509Certificate[] chain;
 
        SavingTrustManager(finalX509TrustManager tm) {
            this.tm = tm;
        }
 
        @Override
        publicX509Certificate[] getAcceptedIssuers() {
            returnnewX509Certificate[0];
            // throw new UnsupportedOperationException();
        }
 
        @Override
        publicvoidcheckClientTrusted(finalX509Certificate[] chain,
                finalString authType)
                throwsCertificateException {
            thrownewUnsupportedOperationException();
        }
 
        @Override
        publicvoidcheckServerTrusted(finalX509Certificate[] chain,
                finalString authType)
                throwsCertificateException {
            this.chain = chain;
            this.tm.checkServerTrusted(chain, authType);
        }
    }
}


The following is the original version for JDK5 and JDK6, searched from google code

package com.aw.ad.util;
/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
/**
 * http://blogs.sun.com/andreas/resource/InstallCert.java
 * Use:
 * java InstallCert hostname
 * Example:
 *% java InstallCert ecc.fedora.redhat.com
 */

import javax.net.ssl.*;
import java.io.*;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * Class used to add the server‘s certificate to the KeyStore
 * with your trusted certificates.
 */
public class InstallCert {

    public static void main(String[] args) throws Exception {
        String host;
        int port;
        char[] passphrase;
        if ((args.length == 1) || (args.length == 2)) {
            String[] c = args[0].split(":");
            host = c[0];
            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
            String p = (args.length == 1) ? "changeit" : args[1];
            passphrase = p.toCharArray();
        } else {
            System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
            return;
        }

        File file = new File("jssecacerts");
        if (file.isFile() == false) {
            char SEP = File.separatorChar;
            File dir = new File(System.getProperty("java.home") + SEP
                    + "lib" + SEP + "security");
            file = new File(dir, "jssecacerts");
            if (file.isFile() == false) {
                file = new File(dir, "cacerts");
            }
        }
        System.out.println("Loading KeyStore " + file + "...");
        InputStream in = new FileInputStream(file);
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(in, passphrase);
        in.close();

        SSLContext context = SSLContext.getInstance("TLS");
        TrustManagerFactory tmf =
                TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);
        X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
        context.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory factory = context.getSocketFactory();

        System.out.println("Opening connection to " + host + ":" + port + "...");
        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
        socket.setSoTimeout(10000);
        try {
            System.out.println("Starting SSL handshake...");
            socket.startHandshake();
            socket.close();
            System.out.println();
            System.out.println("No errors, certificate is already trusted");
        } catch (SSLException e) {
            System.out.println();
            e.printStackTrace(System.out);
        }

        X509Certificate[] chain = tm.chain;
        if (chain == null) {
            System.out.println("Could not obtain server certificate chain");
            return;
        }

        BufferedReader reader =
                new BufferedReader(new InputStreamReader(System.in));

        System.out.println();
        System.out.println("Server sent " + chain.length + " certificate(s):");
        System.out.println();
        MessageDigest sha1 = MessageDigest.getInstance("SHA1");
        MessageDigest md5 = MessageDigest.getInstance("MD5");
        for (int i = 0; i < chain.length; i++) {
            X509Certificate cert = chain[i];
            System.out.println
                    (" " + (i + 1) + " Subject " + cert.getSubjectDN());
            System.out.println("   Issuer  " + cert.getIssuerDN());
            sha1.update(cert.getEncoded());
            System.out.println("   sha1    " + toHexString(sha1.digest()));
            md5.update(cert.getEncoded());
            System.out.println("   md5     " + toHexString(md5.digest()));
            System.out.println();
        }

        System.out.println("Enter certificate to add to trusted keystore or ‘q‘ to quit: [1]");
        String line = reader.readLine().trim();
        int k;
        try {
            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
        } catch (NumberFormatException e) {
            System.out.println("KeyStore not changed");
            return;
        }

        X509Certificate cert = chain[k];
        String alias = host + "-" + (k + 1);
        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");
        ks.store(out, passphrase);
        out.close();

        System.out.println();
        System.out.println(cert);
        System.out.println();
        System.out.println
                ("Added certificate to keystore ‘jssecacerts‘ using alias ‘"
                        + alias + "‘");
    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {
        StringBuilder sb = new StringBuilder(bytes.length * 3);
        for (int b : bytes) {
            b &= 0xff;
            sb.append(HEXDIGITS[b >> 4]);
            sb.append(HEXDIGITS[b & 15]);
            sb.append(‘ ‘);
        }
        return sb.toString();
    }

    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager tm) {
            this.tm = tm;
        }

        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }

        public void checkClientTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            throw new UnsupportedOperationException();
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            this.chain = chain;
            tm.checkServerTrusted(chain, authType);
        }
    }

}


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.