1 Loading KeyStore C:Tooljdk1.7.0_71jrelibsecurityjssecacerts... 2 Opening connection to www.google.com:443... 3 Starting SSL handshake... 4 5 javax.net.ssl.SSLException: java.lang.UnsupportedOperationException 6 at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) 7 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) 8 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1842) 9 at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1825) 10 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1346) 11 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) 12 at InstallCert.main(InstallCert.java:73) 13 Caused by: java.lang.UnsupportedOperationException 14 at InstallCert$SavingTrustManager.getAcceptedIssuers(InstallCert.java:159) 15 at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:926) 16 at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:872) 17 at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:814) 18 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1421) 19 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209) 20 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:878) 21 at sun.security.ssl.Handshaker.process_record(Handshaker.java:814) 22 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) 23 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) 24 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) 25 ... 2 more 26 27 Server sent 1 certificate(s): 28 29 1 Subject CN=www.amazon.com, OU=Cyber, O=Amazon, L=Newark, ST=NY, C=US 30 Issuer CN=www.amazon.com, OU=Cyber, O=Amazon, L=Newark, ST=NY, C=US 31 sha1 c4 1e 51 d5 ae e6 e5 0b 34 5b 99 24 39 8c df e7 2e 57 77 5d 32 md5 6d 89 00 ac 2e 72 71 c2 9a 95 7b 6c f2 1d bd 26 33 34 Enter certificate to add to trusted keystore or 'q' to quit: [1]
1 import java.io.BufferedReader; 2 import java.io.File; 3 import java.io.FileInputStream; 4 import java.io.FileOutputStream; 5 import java.io.InputStream; 6 import java.io.InputStreamReader; 7 import java.io.OutputStream; 8 import java.security.KeyStore; 9 import java.security.MessageDigest; 10 import java.security.cert.CertificateException; 11 import java.security.cert.X509Certificate; 12 13 import javax.net.ssl.SSLContext; 14 import javax.net.ssl.SSLException; 15 import javax.net.ssl.SSLSocket; 16 import javax.net.ssl.SSLSocketFactory; 17 import javax.net.ssl.TrustManager; 18 import javax.net.ssl.TrustManagerFactory; 19 import javax.net.ssl.X509TrustManager; 20 21 public class InstallCert { 22 23 public static void main(String[] args) throws Exception { 24 args[0]="www.google.com"; 25 String host; 26 int port; 27 char[] passphrase; 28 //System.setProperty("javax.net.ssl.trustStore", "C:\Users\PL62716\workspace\urlAutoConnect\jssecacerts"); 29 if ((args.length == 1) || (args.length == 2)) { 30 String[] c = args[0].split(":"); 31 host = c[0]; 32 port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); 33 String p = (args.length == 1) ? "changeit" : args[1]; 34 passphrase = p.toCharArray(); 35 } else { 36 System.out 37 .println("Usage: java InstallCert <host>[:port] [passphrase]"); 38 return; 39 } 40 41 File file = new File("jssecacerts"); 42 if (file.isFile() == false) { 43 char SEP = File.separatorChar; 44 File dir = new File(System.getProperty("java.home") + SEP + "lib" 45 + SEP + "security"); 46 file = new File(dir, "jssecacerts"); 47 if (file.isFile() == false) { 48 file = new File(dir, "cacerts"); 49 } 50 } 51 System.out.println("Loading KeyStore " + file + "..."); 52 InputStream in = new FileInputStream(file); 53 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 54 ks.load(in, passphrase); 55 in.close(); 56 57 SSLContext context = SSLContext.getInstance("TLS"); 58 TrustManagerFactory tmf = TrustManagerFactory 59 .getInstance(TrustManagerFactory.getDefaultAlgorithm()); 60 tmf.init(ks); 61 X509TrustManager defaultTrustManager = (X509TrustManager) tmf 62 .getTrustManagers()[0]; 63 SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); 64 context.init(null, new TrustManager[] { tm }, null); 65 SSLSocketFactory factory = context.getSocketFactory(); 66 67 System.out 68 .println("Opening connection to " + host + ":" + port + "..."); 69 SSLSocket socket = (SSLSocket) factory.createSocket(host, port); 70 socket.setSoTimeout(10000); 71 try { 72 System.out.println("Starting SSL handshake..."); 73 socket.startHandshake(); 74 socket.close(); 75 System.out.println(); 76 System.out.println("No errors, certificate is already trusted"); 77 } catch (SSLException e) { 78 System.out.println(); 79 e.printStackTrace(System.out); 80 } 81 82 X509Certificate[] chain = tm.chain; 83 if (chain == null) { 84 System.out.println("Could not obtain server certificate chain"); 85 return; 86 } 87 88 BufferedReader reader = new BufferedReader(new InputStreamReader( 89 System.in)); 90 91 System.out.println(); 92 System.out.println("Server sent " + chain.length + " certificate(s):"); 93 System.out.println(); 94 MessageDigest sha1 = MessageDigest.getInstance("SHA1"); 95 MessageDigest md5 = MessageDigest.getInstance("MD5"); 96 for (int i = 0; i < chain.length; i++) { 97 X509Certificate cert = chain[i]; 98 System.out.println(" " + (i + 1) + " Subject " 99 + cert.getSubjectDN()); 100 System.out.println(" Issuer " + cert.getIssuerDN()); 101 sha1.update(cert.getEncoded()); 102 System.out.println(" sha1 " + toHexString(sha1.digest())); 103 md5.update(cert.getEncoded()); 104 System.out.println(" md5 " + toHexString(md5.digest())); 105 System.out.println(); 106 } 107 108 System.out 109 .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]"); 110 String line = reader.readLine().trim(); 111 int k; 112 try { 113 k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1; 114 } catch (NumberFormatException e) { 115 System.out.println("KeyStore not changed"); 116 return; 117 } 118 119 X509Certificate cert = chain[k]; 120 String alias = host + "-" + (k + 1); 121 ks.setCertificateEntry(alias, cert); 122 123 OutputStream out = new FileOutputStream("jssecacerts"); 124 ks.store(out, passphrase); 125 out.close(); 126 127 System.out.println(); 128 System.out.println(cert); 129 System.out.println(); 130 System.out 131 .println("Added certificate to keystore 'jssecacerts' using alias '" 132 + alias + "'"); 133 } 134 135 private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray(); 136 137 private static String toHexString(byte[] bytes) { 138 StringBuilder sb = new StringBuilder(bytes.length * 3); 139 for (int b : bytes) { 140 b &= 0xff; 141 sb.append(HEXDIGITS[b >> 4]); 142 sb.append(HEXDIGITS[b & 15]); 143 sb.append(' '); 144 } 145 return sb.toString(); 146 } 147 148 private static class SavingTrustManager implements X509TrustManager { 149 150 private final X509TrustManager tm; 151 private X509Certificate[] chain; 152 153 SavingTrustManager(X509TrustManager tm) { 154 this.tm = tm; 155 } 156 157 public X509Certificate[] getAcceptedIssuers() { 158 //return new X509Certificate[0]; 159 throw new UnsupportedOperationException(); 160 } 161 162 public void checkClientTrusted(X509Certificate[] chain, String authType) 163 throws CertificateException { 164 throw new UnsupportedOperationException(); 165 } 166 167 public void checkServerTrusted(X509Certificate[] chain, String authType) 168 throws CertificateException { 169 this.chain = chain; 170 tm.checkServerTrusted(chain, authType); 171 } 172 } 173 174 }
Resolve method :
public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; //throw new UnsupportedOperationException(); }
Normal log :
Loading KeyStore C:Tooljdk1.7.0_71jrelibsecurityjssecacerts... Opening connection to www.google.com:443... Starting SSL handshake... No errors, certificate is already trusted Server sent 1 certificate(s): 1 Subject CN=www.amazon.com, OU=Cyber, O=Amazon, L=Newark, ST=NY, C=US Issuer CN=www.amazon.com, OU=Cyber, O=Amazon, L=Newark, ST=NY, C=US sha1 c4 1e 51 d5 ae e6 e5 0b 34 5b 99 24 39 8c df e7 2e 57 77 5d md5 6d 89 00 ac 2e 72 71 c2 9a 95 7b 6c f2 1d bd 26 Enter certificate to add to trusted keystore or 'q' to quit: [1]