Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import java.io.BufferedInputStream;
- import java.io.IOException;
- import java.io.InputStream;
- import java.net.URL;
- import java.net.URLConnection;
- import java.nio.file.Files;
- import java.nio.file.Path;
- import java.nio.file.Paths;
- import java.security.KeyStore;
- import java.security.cert.Certificate;
- import java.security.cert.CertificateFactory;
- import java.security.cert.PKIXParameters;
- import java.security.cert.TrustAnchor;
- import java.security.cert.X509Certificate;
- import java.util.Iterator;
- import javax.net.ssl.SSLContext;
- import javax.net.ssl.SSLHandshakeException;
- import javax.net.ssl.TrustManagerFactory;
- public class ForceLetsEncryptCert
- {
- public static void load()
- {
- try
- {
- KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
- Path ksPath = Paths.get(System.getProperty("java.home"), "lib", "security", "cacerts");
- keyStore.load(Files.newInputStream(ksPath), null);
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- InputStream caInput = new BufferedInputStream(ForceLetsEncryptCert.class.getResourceAsStream("/lets-encrypt-x3-cross-signed.der"));
- Certificate crt = cf.generateCertificate(caInput);
- System.out.println("Added Cert for " + ((X509Certificate)crt).getSubjectDN());
- keyStore.setCertificateEntry("lets-encrypt-x3-cross-signed", crt);
- if(true)
- { // enable to see
- System.out.println("Truststore now trusting: ");
- PKIXParameters params = new PKIXParameters(keyStore);
- Iterator<TrustAnchor> it = params.getTrustAnchors().stream().iterator();
- while(it.hasNext())
- {
- TrustAnchor anchor = it.next();
- System.out.println(anchor.getTrustedCert().getSubjectDN());
- }
- System.out.println();
- }
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(keyStore);
- SSLContext sslContext = SSLContext.getInstance("TLS");
- sslContext.init(null, tmf.getTrustManagers(), null);
- SSLContext.setDefault(sslContext);
- }
- catch(Exception e)
- {
- throw new RuntimeException(e);
- }
- }
- // END ---------- ADDME
- public static void main(String[] args) throws IOException
- {
- load();
- // signed by default trusted CAs.
- testUrl(new URL("https://google.com"));
- testUrl(new URL("https://www.thawte.com"));
- // signed by letsencrypt
- testUrl(new URL("https://helloworld.letsencrypt.org"));
- // signed by LE's cross-sign CA
- testUrl(new URL("https://letsencrypt.org"));
- // nhg
- testUrl(new URL("https://hungergames.mcnanotech.fr"));
- // expired
- testUrl(new URL("https://tv.eurosport.com/"));
- // self-signed
- testUrl(new URL("https://www.pcwebshop.co.uk/"));
- }
- static void testUrl(URL url) throws IOException
- {
- URLConnection connection = url.openConnection();
- try
- {
- connection.connect();
- System.out.println("Headers of " + url + " => " + connection.getHeaderFields());
- }
- catch(SSLHandshakeException e)
- {
- System.out.println("Untrusted: " + url);
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement