How to bypass certificate checking in a Java web service client
Published: December 15, 2010 , Updated: December 15, 2010 , Author: mkyong
In Java web service development environment, developer are always generate a test certificate using keytool. While doing client testing, often times, the web service test client will hits following error messages :
- java.security.cert.CertificateException: No name matching localhost found
- SunCertPathBuilderException: unable to find valid certification path to requested target
Here’s a source code, that i copied from book : Java Web Services: Up and Running, 1st Edition by Martin Kalin, which is used to by pass all the certificate and hostname checking. A very useful code in testing environment ONLY, recommend to study and bookmark for future reference :)
Warning
Don’t try it at production environment, unless you have a very solid reason to by pass all the certificate checking. Ans if yes, why are you still using SSL connection? :)
Don’t try it at production environment, unless you have a very solid reason to by pass all the certificate checking. Ans if yes, why are you still using SSL connection? :)
package com.mkyong.client; import java.net.MalformedURLException; import java.net.URL; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.io.*; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; public class HttpsClient{ public static void main(String[] args) { new HttpsClient().testIt(); } private TrustManager[ ] get_trust_mgr() { TrustManager[ ] certs = new TrustManager[ ] { new X509TrustManager() { public X509Certificate[ ] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[ ] certs, String t) { } public void checkServerTrusted(X509Certificate[ ] certs, String t) { } } }; return certs; } private void testIt(){ String https_url = "https://localhost:8443/HelloWorld/hello?wsdl"; URL url; try { // Create a context that doesn't check certificates. SSLContext ssl_ctx = SSLContext.getInstance("TLS"); TrustManager[ ] trust_mgr = get_trust_mgr(); ssl_ctx.init(null, // key manager trust_mgr, // trust manager new SecureRandom()); // random number generator HttpsURLConnection.setDefaultSSLSocketFactory(ssl_ctx.getSocketFactory()); url = new URL(https_url); HttpsURLConnection con = (HttpsURLConnection)url.openConnection(); // Guard against "bad hostname" errors during handshake. con.setHostnameVerifier(new HostnameVerifier() { public boolean verify(String host, SSLSession sess) { if (host.equals("localhost")) return true; else return false; } }); //dumpl all cert info print_https_cert(con); //dump all the content print_content(con); } catch (MalformedURLException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); }catch (NoSuchAlgorithmException e) { e.printStackTrace(); }catch (KeyManagementException e) { e.printStackTrace(); } } private void print_https_cert(HttpsURLConnection con){ if(con!=null){ try { System.out.println("Response Code : " + con.getResponseCode()); System.out.println("Cipher Suite : " + con.getCipherSuite()); System.out.println("\n"); Certificate[] certs = con.getServerCertificates(); for(Certificate cert : certs){ System.out.println("Cert Type : " + cert.getType()); System.out.println("Cert Hash Code : " + cert.hashCode()); System.out.println("Cert Public Key Algorithm : " + cert.getPublicKey().getAlgorithm()); System.out.println("Cert Public Key Format : " + cert.getPublicKey().getFormat()); System.out.println("\n"); } } catch (SSLPeerUnverifiedException e) { e.printStackTrace(); } catch (IOException e){ e.printStackTrace(); } } } private void print_content(HttpsURLConnection con){ if(con!=null){ try { System.out.println("****** Content of the URL ********"); BufferedReader br = new BufferedReader( new InputStreamReader(con.getInputStream())); String input; while ((input = br.readLine()) != null){ System.out.println(input); } br.close(); } catch (IOException e) { e.printStackTrace(); } } } }
[...] container authentication with JAX-WS, under Tomcat.Make Tomcat to support SSL or https connectionHow to bypass certificate checking in a Java web service clientjava.security.cert.CertificateException: No name matching localhost [...]