How to bypass certificate checking in a Java web service client

In Java web service development environment, developer are always generate a test certificate using keytool. While doing client testing, often times, the web service test client will hits following error messages :

  1. java.security.cert.CertificateException: No name matching localhost found
  2. SunCertPathBuilderException: unable to find valid certification path to requested target

Here’s a source code, that i copied from book : Java Web Services: Up and Running, 1st Edition by Martin Kalin, which is used to by pass all the certificate and hostname checking. A very useful code in testing environment ONLY, recommend to study and bookmark for future reference :)

Warning
Don’t try it at production environment, unless you have a very solid reason to by pass all the certificate checking. Ans if yes, why are you still using SSL connection? :)

package com.mkyong.client;

import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.io.*;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class HttpsClient{
	
  public static void main(String[] args)
  {
     new HttpsClient().testIt();
  }
	
  private TrustManager[ ] get_trust_mgr() {
     TrustManager[ ] certs = new TrustManager[ ] {
        new X509TrustManager() {
           public X509Certificate[ ] getAcceptedIssuers() { return null; }
           public void checkClientTrusted(X509Certificate[ ] certs, String t) { }
           public void checkServerTrusted(X509Certificate[ ] certs, String t) { }
         }
      };
      return certs;
  }

  private void testIt(){
     String https_url = "https://localhost:8443/HelloWorld/hello?wsdl";
     URL url;
     try {
			
	    // Create a context that doesn't check certificates.
            SSLContext ssl_ctx = SSLContext.getInstance("TLS");
            TrustManager[ ] trust_mgr = get_trust_mgr();
            ssl_ctx.init(null,                // key manager
                         trust_mgr,           // trust manager
                         new SecureRandom()); // random number generator
            HttpsURLConnection.setDefaultSSLSocketFactory(ssl_ctx.getSocketFactory());

	    url = new URL(https_url);
	    HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
			
	    // Guard against "bad hostname" errors during handshake.
            con.setHostnameVerifier(new HostnameVerifier() {
                public boolean verify(String host, SSLSession sess) {
                    if (host.equals("localhost")) return true;
                    else return false;
                }
            });

	    //dumpl all cert info
	    print_https_cert(con);
			
	    //dump all the content
	    print_content(con);
			
	 } catch (MalformedURLException e) {
		e.printStackTrace();
	 } catch (IOException e) {
		e.printStackTrace();
	 }catch (NoSuchAlgorithmException e) {
		e.printStackTrace();
	 }catch (KeyManagementException e) {
		e.printStackTrace();
      }	
   }
	
  private void print_https_cert(HttpsURLConnection con){
     if(con!=null){
			
     try {
				
	System.out.println("Response Code : " + con.getResponseCode());
	System.out.println("Cipher Suite : " + con.getCipherSuite());
	System.out.println("\n");
				
	Certificate[] certs = con.getServerCertificates();
	for(Certificate cert : certs){
	  System.out.println("Cert Type : " + cert.getType());
	  System.out.println("Cert Hash Code : " + cert.hashCode());
	  System.out.println("Cert Public Key Algorithm : " + cert.getPublicKey().getAlgorithm());
	  System.out.println("Cert Public Key Format : " + cert.getPublicKey().getFormat());
	  System.out.println("\n");
	}
				
				
     } catch (SSLPeerUnverifiedException e) {
	  e.printStackTrace();
     } catch (IOException e){
	  e.printStackTrace();
     }	   
   }		
  }
	
  private void print_content(HttpsURLConnection con){
    if(con!=null){
			
    try {
		
	System.out.println("****** Content of the URL ********");
				
	BufferedReader br = 
		new BufferedReader(
			new InputStreamReader(con.getInputStream()));
				
	String input;
				
	while ((input = br.readLine()) != null){
	   System.out.println(input);
	}
	br.close();
				
     } catch (IOException e) {
	e.printStackTrace();
     }		
   }
  }
}

About the Author

author image
mkyong
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter, or befriend him on Facebook or Google Plus. If you like my tutorials, consider make a donation to these charities.

Comments

Leave a Reply

avatar
newest oldest most voted
Henrick Daniel Soares
Guest
Henrick Daniel Soares

How I make a PUT or DELETE request?

sam
Guest
sam

Thanks:)

Sachin Singh
Guest
Sachin Singh

i am using same code in mine its giving 401 exception

nazi
Guest
nazi

Hi there,
May I ask without newing the service, how may I call its methods please? the created HttpsURLConnection does not seem to contain the service methods.

trackback
JAX-WS Tutorial

[…] container authentication with JAX-WS, under Tomcat.Make Tomcat to support SSL or https connectionHow to bypass certificate checking in a Java web service clientjava.security.cert.CertificateException: No name matching localhost […]