Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2310
  • Last Modified:

How do disable certificate validity

Hi!
I have a java client, and want to send data to https server.
My code is:
URL url = new URL("https://100.100.100.94/login.phtml");
       HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
       conn.setRequestMethod("POST");
       byte[] text = "password=http2&user=afs".getBytes();

       conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
       conn.setRequestProperty("User-Agent","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0");
       conn.setRequestProperty("Content-length", "" + text.length );      
 
       conn.setDoOutput(true);
   
       conn.connect();
       OutputStream out = conn.getOutputStream();
       out.write(text);
       out.flush();
       out.close();

       InputStream in = conn.getInputStream();
       System.out.println("in");
       System.out.println(in);
       String readInString="";
           int readInNum=0;
        while( (readInNum=in.read())!=-1){
          readInString=readInString +(char)readInNum


In http everything is ok.
But in https I receive exception:
java.security.cert.CertificateExpiredException:Notafter: Fri Dec 27 21:33:33 CET 2002.
Can you tell me how to ignore checking certificate validity?

Thanks!!!
0
czaron
Asked:
czaron
  • 10
  • 9
  • 2
1 Solution
 
tutranCommented:
Hi czaron,

You can implement a class that extends HostnameVerifier that always return true,  then set it in it your main class


conn.setHostnameVerifier(new TestVerifyer());



--- code for test veriffier

public class TestVerifier implements com.sun.net.ssl.HostnameVerifier {
/**
 * verify method comment.
 */
public boolean verify(String arg1, String arg2) {
     return true;
}
}
0
 
tutranCommented:
Just want to make sure also that you have set the properties.

java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Properties prp = System.getProperties();
prp.put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
System.setProperties(prp);

         
URL url = new URL("https://172.18.1.176:8080");
             
HttpsURLConnection conn = (com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection) url.openConnection();
conn.setDoInput(true);
conn.setUseCaches(false);
conn.setHostnameVerifier(new TestVerifyer());
0
 
msterjevCommented:
HostnameVerifier has nothing to do with the certificate date! It exists solely because sometimes the URL can be typed as IP and sometimes as DNS!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
czaronAuthor Commented:
tutran:
Your idea is very complicated for me. I receive lots of errors during compilation.
e.g. setHostnameVerifier(javax.net.ssl.HostnameVerifier) in javax.net.ssl.HttpsURLConnection cannot be applied to (Fetcher.TestVerifier)
Do you know maybe another sollution??
I only want to accept an unvalid certificate.
(like in Internet Explorer)
Is it possible in java?

thanks,


0
 
czaronAuthor Commented:
msterjev :
So how can I accept an unvalid certificate??
(like e.g. in Internet Explorer)
0
 
czaronAuthor Commented:
msterjev :
So how can I accept an unvalid certificate??
(like e.g. in Internet Explorer)
0
 
tutranCommented:
czaron, this to set the hostname verifier as follows.  You don't need to create a new class.  Use inline class, it's OK.

I think that you want to view certificate that has expired and the host verifier is the one that validate the hostname with Cerficate Authority (CA).  The new class will allow it to bypass the CA.


conn.setHostnameVerifier(new com.sun.net.ssl.HostnameVerifier() {
            public boolean verify(String arg1, String arg2) {
                return true;
            }
        });



----------- HERE'S MY COMPLETE SOURCE CODE -------------


package com.countrywide.cssd.dms.imaging.servlets;

import com.sun.net.ssl.internal.www.protocol.https.*;
import java.util.*;
import java.net.*;
import java.io.*;
/**
 * Insert the type's description here.
 * Creation date: (9/17/2002 9:09:03 AM)
 * @author: Administrator
 */
public class Tester {
   
/**
 * Tester constructor comment.
 */
public Tester() {
           super();
}
/**
 * Starts the application.
 * @param args an array of command-line arguments
 */
public static void main(java.lang.String[] args) {
    // Insert code to start the application here.

    String response = null;
    InputStreamReader in = null;
    BufferedReader br = null;

    try {

        java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
        Properties prp = System.getProperties();
        prp.put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
        System.setProperties(prp);

        URL url =
            new URL("https://investing.schwab.com/trading/signoff");
        HttpsURLConnection conn =
            (com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection) url
                .openConnection();
        conn.setDoInput(true);
        conn.setUseCaches(false);
        conn.setHostnameVerifier(new com.sun.net.ssl.HostnameVerifier() {
            public boolean verify(String arg1, String arg2) {
                return true;
            }
        });

        InputStream inStream = conn.getInputStream();
        FileOutputStream fos = new FileOutputStream("C:/report");

        BufferedInputStream bis = null;
        BufferedOutputStream bos = null;

        try {

            // Use Buffered Stream for reading/writing.
            bis = new BufferedInputStream(inStream);
            bos = new BufferedOutputStream(fos);

            byte[] buff = new byte[2048];
            int bytesRead;

            // Simple read/write loop.
            while (-1 != (bytesRead = bis.read(buff, 0, buff.length))) {
                bos.write(buff, 0, bytesRead);
                System.out.println(bytesRead);
            }

        } catch (final MalformedURLException e) {
            System.out.println("MalformedURLException.");
            throw e;
        } catch (final IOException e) {
            System.out.println("IOException.");
            throw e;
        } finally {
            if (bis != null)
                bis.close();
            if (bos != null)
                bos.close();
        }

    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        try {
            if (in != null)
                in.close();
            if (br != null)
                br.close();

        } catch (Exception e) {

        }

    }

}
}
0
 
czaronAuthor Commented:
Hi Tutran
During compiling your code, I receive eroor:

setHostnameVerifier(javax.net.ssl.HostnameVerifier) in javax.net.ssl.HttpsURLConnection cannot be applied to (<anonymous com.sun.net.ssl.HostnameVerifier>)
 
in line:

conn.setHostnameVerifier(new com.sun.net.ssl.HostnameVerifier() {

what does anonymus mean???

thanks for help,
Czrek
0
 
tutranCommented:
czaron,

1)  Make sure you have included JSSE 1.0.3 jars in your classpath: jcert.jar, jnet.jar, jsse.jar

2) I use JDK 1.3 and it works fine for me.

3)  HttpsURLConnection conn >> from what package are you using.

4) Did you forget to set new protocol handler before making a connection?

       java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
       Properties prp = System.getProperties();
       prp.put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
       System.setProperties(prp);

5) Anonymous class means that you just extend or implement something on the fly and don't use it again in other code and specify abstract methods inline.  This way, you don't need to create an independent class.  The new class reside inside the method.
0
 
tutranCommented:
czaron,

1)  Make sure you have included JSSE 1.0.3 jars in your classpath: jcert.jar, jnet.jar, jsse.jar

2) I use JDK 1.3 and it works fine for me.

3)  HttpsURLConnection conn >> from what package are you using.

4) Did you forget to set new protocol handler before making a connection?

       java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
       Properties prp = System.getProperties();
       prp.put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
       System.setProperties(prp);

5) Anonymous class means that you just extend or implement something on the fly and don't use it again in other code and specify abstract methods inline.  This way, you don't need to create an independent class.  The new class reside inside the method.
0
 
czaronAuthor Commented:
in line:
 com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection conn =
           (com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection) url
               .openConnection();

during running I receive an exception: java.lang.Classexception...

tutran - do you know how to get rid of it??
0
 
tutranCommented:
czaron.

It seems that you don't have JSSE in your class path.

Download JSSE1.0.3 here:
http://java.sun.com/products/jsse/index-103.html


when you run, make sure to include these three jars in classpath using java -classpath... command


0
 
czaronAuthor Commented:
tutran: I've included in my classpath : jcert.jar, jnet.jar, jsse.jar.
It'd didn't help.



0
 
tutranCommented:
1) How do you specify class path.  Post your command here.

2) Post your entire code here.
0
 
tutranCommented:
Also, try modifying this code to call your server program

package sao.servlets;

import com.sun.net.ssl.internal.www.protocol.https.*;
import java.util.*;
import java.net.*;
import java.io.*;
/**
 * Insert the type's description here.
 * Creation date: (02/12/2003 10:53:24 AM)
 * @author:
 */
public class ClientTest {
/**
 * ClientTest constructor comment.
 */
public ClientTest() {
     super();
}
/**
 * Insert the method's description here.
 * Creation date: (02/12/2003 10:54:01 AM)
 * @param args java.lang.String[]
 */
public static void main(String[] args) {
    try {

        java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
        Properties prp = System.getProperties();
        prp.put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
        System.setProperties(prp);

        URL url =
            new URL(
                "https://<SOME URL>");

        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();

        conn.setHostnameVerifier(new com.sun.net.ssl.HostnameVerifier() {
            public boolean verify(String arg1, String arg2) {
                return true;
            }
        });

        System.out.println("conn");
        System.out.println(conn); // O.K/

        conn.setRequestMethod("POST");

        byte[] text = "".getBytes();

        //Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
        //Accept-Language: en-us

        conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        conn.setRequestProperty(
            "User-Agent",
            "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0");
        conn.setRequestProperty("Content-length", "" + text.length);

        conn.setDoOutput(true);

        conn.connect();
        OutputStream out = conn.getOutputStream();
        System.out.println("out");
        System.out.println(out); //EMPTY...??

        out.write(text);
        out.flush();
        out.close();
        InputStream in = conn.getInputStream();

        InputStream inStream = conn.getInputStream();
        FileOutputStream fos = new FileOutputStream("C:/report.pdf");

        BufferedInputStream bis = null;
        BufferedOutputStream bos = null;

        try {

            // Use Buffered Stream for reading/writing.
            bis = new BufferedInputStream(inStream);
            bos = new BufferedOutputStream(fos);

            byte[] buff = new byte[2048];
            int bytesRead;

            // Simple read/write loop.
            while (-1 != (bytesRead = bis.read(buff, 0, buff.length))) {
                bos.write(buff, 0, bytesRead);
                System.out.println(bytesRead);
            }

        } catch (final MalformedURLException e) {
            System.out.println("MalformedURLException.");
            throw e;
        } catch (final IOException e) {
            System.out.println("IOException.");
            throw e;
        } finally {
            if (bis != null)
                bis.close();
            if (bos != null)
                bos.close();
        }

        System.out.println("in");
        System.out.println(in); //O.K.
        conn.disconnect();
    } catch (Exception e) {
    }

}
}
0
 
czaronAuthor Commented:
tutran: I've included in my classpath : jcert.jar, jnet.jar, jsse.jar.
It'd didn't help.



0
 
czaronAuthor Commented:
Hi Tutran!
You're right, but... it works only for some servers.
I use java 1.4 and <com.sun.net.ssl> is not available, I use <javax.net.ssl> packages.
But I can't connect to my https server, and some other.
I can't compile line:
java.security.Security.addProvider(new Provider())
Without this line I can only connect to some server, as I said.

Do you know the solution? thanks,

Czaron
0
 
czaronAuthor Commented:
During running program I receive exception:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Co
uldn't find trusted certificate



Here's my code::

import java.util.*;
import java.net.*;
import java.io.*;

import java.lang.String.*;
import java.lang.Object.*;

import javax.net.ssl.HttpsURLConnection.*;
import javax.net.ssl.*;
import javax.net.*;
import java.security.*;
             

public class Fetcher {

public Fetcher() {
          super();
}
public static void main(String[] args)
          throws IOException {
try {

       //java.security.Security.addProvider(new Provider());  //?????
       Properties prp = System.getProperties();
       prp.put("java.protocol.handler.pkgs", "javax.net.ssl");
       System.setProperties(prp);
     
URL url = new URL("https://192.168.1.1/login.html");

//URL url = new URL("https://poczta.onet.pl/login.html");
       System.out.println(url.openConnection());

      HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
      conn.setDoInput(true);
      conn.setUseCaches(false);
      conn.setHostnameVerifier(new HostnameVerifier() {
           public boolean verify(String arg1, SSLSession arg2) {
              return true;
           }
       });
       
       conn.setRequestMethod("POST");

       byte[] text = "password=httpS&user=afs".getBytes();
       
       conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
       conn.setRequestProperty("User-Agent","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0");
       conn.setRequestProperty("Content-length", "" + text.length);      
               
       conn.setDoOutput(true);
       conn.connect();
       OutputStream out = conn.getOutputStream();
       System.out.println("out");
       System.out.println(out);

        out.write(text);
       out.flush();
       out.close();
       InputStream in = conn.getInputStream();
       System.out.println("in");
       System.out.println(in); //O.K.
       String readInString="";
           int readInNum=0;
        while( (readInNum=in.read())!=-1){
          readInString=readInString +(char)readInNum;
        }
        System.out.println("response from server="+readInString);                                      
       conn.disconnect();

   }   catch (Exception e) { System.out.println("exception!!");System.out.println(e);
   }

        System.out.println("zamykamy...");
     
}
}
0
 
tutranCommented:
Sorry, I misguided you with older version of Java.  Try using the tips from this url.  Same concept with different syntax.  Look at the bottom of the page:

http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet2/
0
 
czaronAuthor Commented:
My program works good!:)
Thanks for help tutran
0
 
msterjevCommented:
I can't understand your conversation! What are you talking about? As I sad before, the HostnameVerifier has nothing to do with the expiration of the certificate!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 10
  • 9
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now