How to bypass certificate checking in a Java web service client

By mkyong | Updated: December 15, 2010

Viewed: 2,851 (+17 pv/w)

In Java web service development environment, developer are always generate a test certificate using keytool. While doing client testing, often times, the web service test client will hits following error messages :

java.security.cert.CertificateException: No name matching localhost found
SunCertPathBuilderException: unable to find valid certification path to requested target

Here’s a source code, that i copied from book : Java Web Services: Up and Running, 1st Edition by Martin Kalin, which is used to by pass all the certificate and hostname checking. A very useful code in testing environment ONLY, recommend to study and bookmark for future reference 🙂

Warning
Don’t try it at production environment, unless you have a very solid reason to by pass all the certificate checking. Ans if yes, why are you still using SSL connection? 🙂


package com.mkyong.client;

import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.io.*;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class HttpsClient{
	
  public static void main(String[] args)
  {
     new HttpsClient().testIt();
  }
	
  private TrustManager[ ] get_trust_mgr() {
     TrustManager[ ] certs = new TrustManager[ ] {
        new X509TrustManager() {
           public X509Certificate[ ] getAcceptedIssuers() { return null; }
           public void checkClientTrusted(X509Certificate[ ] certs, String t) { }
           public void checkServerTrusted(X509Certificate[ ] certs, String t) { }
         }
      };
      return certs;
  }

  private void testIt(){
     String https_url = "https://localhost:8443/HelloWorld/hello?wsdl";
     URL url;
     try {
			
	    // Create a context that doesn't check certificates.
            SSLContext ssl_ctx = SSLContext.getInstance("TLS");
            TrustManager[ ] trust_mgr = get_trust_mgr();
            ssl_ctx.init(null,                // key manager
                         trust_mgr,           // trust manager
                         new SecureRandom()); // random number generator
            HttpsURLConnection.setDefaultSSLSocketFactory(ssl_ctx.getSocketFactory());

	    url = new URL(https_url);
	    HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
			
	    // Guard against "bad hostname" errors during handshake.
            con.setHostnameVerifier(new HostnameVerifier() {
                public boolean verify(String host, SSLSession sess) {
                    if (host.equals("localhost")) return true;
                    else return false;
                }
            });

	    //dumpl all cert info
	    print_https_cert(con);
			
	    //dump all the content
	    print_content(con);
			
	 } catch (MalformedURLException e) {
		e.printStackTrace();
	 } catch (IOException e) {
		e.printStackTrace();
	 }catch (NoSuchAlgorithmException e) {
		e.printStackTrace();
	 }catch (KeyManagementException e) {
		e.printStackTrace();
      }	
   }
	
  private void print_https_cert(HttpsURLConnection con){
     if(con!=null){
			
     try {
				
	System.out.println("Response Code : " + con.getResponseCode());
	System.out.println("Cipher Suite : " + con.getCipherSuite());
	System.out.println("\n");
				
	Certificate[] certs = con.getServerCertificates();
	for(Certificate cert : certs){
	  System.out.println("Cert Type : " + cert.getType());
	  System.out.println("Cert Hash Code : " + cert.hashCode());
	  System.out.println("Cert Public Key Algorithm : " + cert.getPublicKey().getAlgorithm());
	  System.out.println("Cert Public Key Format : " + cert.getPublicKey().getFormat());
	  System.out.println("\n");
	}
				
				
     } catch (SSLPeerUnverifiedException e) {
	  e.printStackTrace();
     } catch (IOException e){
	  e.printStackTrace();
     }	   
   }		
  }
	
  private void print_content(HttpsURLConnection con){
    if(con!=null){
			
    try {
		
	System.out.println("****** Content of the URL ********");
				
	BufferedReader br = 
		new BufferedReader(
			new InputStreamReader(con.getInputStream()));
				
	String input;
				
	while ((input = br.readLine()) != null){
	   System.out.println(input);
	}
	br.close();
				
     } catch (IOException e) {
	e.printStackTrace();
     }		
   }
  }
}

About Author

mkyong

Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter. If you like my tutorials, consider make a donation to these charities.

Comments

4 Comments

Most Voted

Newest Oldest

Inline Feedbacks

View all comments

Henrick Daniel Soares

6 years ago

How I make a PUT or DELETE request?

sam

7 years ago

Thanks:)

Sachin Singh

8 years ago

i am using same code in mine its giving 401 exception

nazi

11 years ago

Hi there,
May I ask without newing the service, how may I call its methods please? the created HttpsURLConnection does not seem to contain the service methods.

	This comment is spam
	This comment is irrelevant
	This comment is abusive
	Other