API tools faq
paste
Fhernd

InstallCert.java

Fhernd
Apr 28th, 2018
172
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 7.80 KB | None | 0 0
raw download clone embed print report
  1. /*
  2.  * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
  3.  *
  4.  * Redistribution and use in source and binary forms, with or without
  5.  * modification, are permitted provided that the following conditions
  6.  * are met:
  7.  *
  8.  *   - Redistributions of source code must retain the above copyright
  9.  *     notice, this list of conditions and the following disclaimer.
  10.  *
  11.  *   - Redistributions in binary form must reproduce the above copyright
  12.  *     notice, this list of conditions and the following disclaimer in the
  13.  *     documentation and/or other materials provided with the distribution.
  14.  *
  15.  *   - Neither the name of Sun Microsystems nor the names of its
  16.  *     contributors may be used to endorse or promote products derived
  17.  *     from this software without specific prior written permission.
  18.  *
  19.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
  20.  * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  21.  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  22.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  23.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  24.  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  25.  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  26.  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  27.  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  28.  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  29.  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  30.  */
  31. /**
  32.  * Originally from:
  33.  * http://blogs.sun.com/andreas/resource/InstallCert.java
  34.  * Use:
  35.  * java InstallCert hostname
  36.  * Example:
  37.  *% java InstallCert ecc.fedora.redhat.com
  38.  */
  39.  
  40. import javax.net.ssl.*;
  41. import java.io.*;
  42. import java.security.KeyStore;
  43. import java.security.MessageDigest;
  44. import java.security.cert.CertificateException;
  45. import java.security.cert.X509Certificate;
  46.  
  47. /**
  48.  * Class used to add the server's certificate to the KeyStore
  49.  * with your trusted certificates.
  50.  */
  51. public class InstallCert {
  52.  
  53.     public static void main(String[] args) throws Exception {
  54.         String host;
  55.         int port;
  56.         char[] passphrase;
  57.         if ((args.length == 1) || (args.length == 2)) {
  58.             String[] c = args[0].split(":");
  59.             host = c[0];
  60.             port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
  61.             String p = (args.length == 1) ? "changeit" : args[1];
  62.             passphrase = p.toCharArray();
  63.         } else {
  64.             System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
  65.             return;
  66.         }
  67.  
  68.         File file = new File("jssecacerts");
  69.         if (file.isFile() == false) {
  70.             char SEP = File.separatorChar;
  71.             File dir = new File(System.getProperty("java.home") + SEP
  72.                     + "lib" + SEP + "security");
  73.             file = new File(dir, "jssecacerts");
  74.             if (file.isFile() == false) {
  75.                 file = new File(dir, "cacerts");
  76.             }
  77.         }
  78.         System.out.println("Loading KeyStore " + file + "...");
  79.         InputStream in = new FileInputStream(file);
  80.         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
  81.         ks.load(in, passphrase);
  82.         in.close();
  83.  
  84.         SSLContext context = SSLContext.getInstance("TLS");
  85.         TrustManagerFactory tmf =
  86.                 TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  87.         tmf.init(ks);
  88.         X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
  89.         SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
  90.         context.init(null, new TrustManager[]{tm}, null);
  91.         SSLSocketFactory factory = context.getSocketFactory();
  92.  
  93.         System.out.println("Opening connection to " + host + ":" + port + "...");
  94.         SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
  95.         socket.setSoTimeout(10000);
  96.         try {
  97.             System.out.println("Starting SSL handshake...");
  98.             socket.startHandshake();
  99.             socket.close();
  100.             System.out.println();
  101.             System.out.println("No errors, certificate is already trusted");
  102.         } catch (SSLException e) {
  103.             System.out.println();
  104.             e.printStackTrace(System.out);
  105.         }
  106.  
  107.         X509Certificate[] chain = tm.chain;
  108.         if (chain == null) {
  109.             System.out.println("Could not obtain server certificate chain");
  110.             return;
  111.         }
  112.  
  113.         BufferedReader reader =
  114.                 new BufferedReader(new InputStreamReader(System.in));
  115.  
  116.         System.out.println();
  117.         System.out.println("Server sent " + chain.length + " certificate(s):");
  118.         System.out.println();
  119.         MessageDigest sha1 = MessageDigest.getInstance("SHA1");
  120.         MessageDigest md5 = MessageDigest.getInstance("MD5");
  121.         for (int i = 0; i < chain.length; i++) {
  122.             X509Certificate cert = chain[i];
  123.             System.out.println
  124.                     (" " + (i + 1) + " Subject " + cert.getSubjectDN());
  125.             System.out.println("   Issuer  " + cert.getIssuerDN());
  126.             sha1.update(cert.getEncoded());
  127.             System.out.println("   sha1    " + toHexString(sha1.digest()));
  128.             md5.update(cert.getEncoded());
  129.             System.out.println("   md5     " + toHexString(md5.digest()));
  130.             System.out.println();
  131.         }
  132.  
  133.         System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
  134.         String line = reader.readLine().trim();
  135.         int k;
  136.         try {
  137.             k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
  138.         } catch (NumberFormatException e) {
  139.             System.out.println("KeyStore not changed");
  140.             return;
  141.         }
  142.  
  143.         X509Certificate cert = chain[k];
  144.         String alias = host + "-" + (k + 1);
  145.         ks.setCertificateEntry(alias, cert);
  146.  
  147.         OutputStream out = new FileOutputStream("jssecacerts");
  148.         ks.store(out, passphrase);
  149.         out.close();
  150.  
  151.         System.out.println();
  152.         System.out.println(cert);
  153.         System.out.println();
  154.         System.out.println
  155.                 ("Added certificate to keystore 'jssecacerts' using alias '"
  156.                         + alias + "'");
  157.     }
  158.  
  159.     private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
  160.  
  161.     private static String toHexString(byte[] bytes) {
  162.         StringBuilder sb = new StringBuilder(bytes.length * 3);
  163.         for (int b : bytes) {
  164.             b &= 0xff;
  165.             sb.append(HEXDIGITS[b >> 4]);
  166.             sb.append(HEXDIGITS[b & 15]);
  167.             sb.append(' ');
  168.         }
  169.         return sb.toString();
  170.     }
  171.  
  172.     private static class SavingTrustManager implements X509TrustManager {
  173.  
  174.         private final X509TrustManager tm;
  175.         private X509Certificate[] chain;
  176.  
  177.         SavingTrustManager(X509TrustManager tm) {
  178.             this.tm = tm;
  179.         }
  180.  
  181.         public X509Certificate[] getAcceptedIssuers() {
  182.        
  183.         /**
  184.          * This change has been done due to the following resolution advised for Java 1.7+
  185.         http://infposs.blogspot.kr/2013/06/installcert-and-java-7.html
  186.              **/
  187.        
  188.         return new X509Certificate[0]; 
  189.             //throw new UnsupportedOperationException();
  190.         }
  191.  
  192.         public void checkClientTrusted(X509Certificate[] chain, String authType)
  193.                 throws CertificateException {
  194.             throw new UnsupportedOperationException();
  195.         }
  196.  
  197.         public void checkServerTrusted(X509Certificate[] chain, String authType)
  198.                 throws CertificateException {
  199.             this.chain = chain;
  200.             tm.checkServerTrusted(chain, authType);
  201.         }
  202.     }
  203. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!