How to bypass certificate checking in a Java web service client

In Java web service development environment, developer are always generate a test certificate using keytool. While doing client testing, often times, the web service test client will hits following error messages :

  1. java.security.cert.CertificateException: No name matching localhost found
  2. SunCertPathBuilderException: unable to find valid certification path to requested target

Here’s a source code, that i copied from book : Java Web Services: Up and Running, 1st Edition by Martin Kalin, which is used to by pass all the certificate and hostname checking. A very useful code in testing environment ONLY, recommend to study and bookmark for future reference :)

Warning
Don’t try it at production environment, unless you have a very solid reason to by pass all the certificate checking. Ans if yes, why are you still using SSL connection? :)
package com.mkyong.client;
 
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.io.*;
 
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
 
public class HttpsClient{
 
  public static void main(String[] args)
  {
     new HttpsClient().testIt();
  }
 
  private TrustManager[ ] get_trust_mgr() {
     TrustManager[ ] certs = new TrustManager[ ] {
        new X509TrustManager() {
           public X509Certificate[ ] getAcceptedIssuers() { return null; }
           public void checkClientTrusted(X509Certificate[ ] certs, String t) { }
           public void checkServerTrusted(X509Certificate[ ] certs, String t) { }
         }
      };
      return certs;
  }
 
  private void testIt(){
     String https_url = "https://localhost:8443/HelloWorld/hello?wsdl";
     URL url;
     try {
 
	    // Create a context that doesn't check certificates.
            SSLContext ssl_ctx = SSLContext.getInstance("TLS");
            TrustManager[ ] trust_mgr = get_trust_mgr();
            ssl_ctx.init(null,                // key manager
                         trust_mgr,           // trust manager
                         new SecureRandom()); // random number generator
            HttpsURLConnection.setDefaultSSLSocketFactory(ssl_ctx.getSocketFactory());
 
	    url = new URL(https_url);
	    HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
 
	    // Guard against "bad hostname" errors during handshake.
            con.setHostnameVerifier(new HostnameVerifier() {
                public boolean verify(String host, SSLSession sess) {
                    if (host.equals("localhost")) return true;
                    else return false;
                }
            });
 
	    //dumpl all cert info
	    print_https_cert(con);
 
	    //dump all the content
	    print_content(con);
 
	 } catch (MalformedURLException e) {
		e.printStackTrace();
	 } catch (IOException e) {
		e.printStackTrace();
	 }catch (NoSuchAlgorithmException e) {
		e.printStackTrace();
	 }catch (KeyManagementException e) {
		e.printStackTrace();
      }	
   }
 
  private void print_https_cert(HttpsURLConnection con){
     if(con!=null){
 
     try {
 
	System.out.println("Response Code : " + con.getResponseCode());
	System.out.println("Cipher Suite : " + con.getCipherSuite());
	System.out.println("\n");
 
	Certificate[] certs = con.getServerCertificates();
	for(Certificate cert : certs){
	  System.out.println("Cert Type : " + cert.getType());
	  System.out.println("Cert Hash Code : " + cert.hashCode());
	  System.out.println("Cert Public Key Algorithm : " + cert.getPublicKey().getAlgorithm());
	  System.out.println("Cert Public Key Format : " + cert.getPublicKey().getFormat());
	  System.out.println("\n");
	}
 
 
     } catch (SSLPeerUnverifiedException e) {
	  e.printStackTrace();
     } catch (IOException e){
	  e.printStackTrace();
     }	   
   }		
  }
 
  private void print_content(HttpsURLConnection con){
    if(con!=null){
 
    try {
 
	System.out.println("****** Content of the URL ********");
 
	BufferedReader br = 
		new BufferedReader(
			new InputStreamReader(con.getInputStream()));
 
	String input;
 
	while ((input = br.readLine()) != null){
	   System.out.println(input);
	}
	br.close();
 
     } catch (IOException e) {
	e.printStackTrace();
     }		
   }
  }
}
Tags :

About the Author

mkyong
Founder of Mkyong.com and HostingCompass.com, love Java and open source stuff. Follow him on Twitter, or befriend him on Facebook or Google Plus. If you like my tutorials, consider make a donation to these charities.

Comments