SSL made easier for Testing By Dummy SSL

Posted December 7th, 2007 by administrator

<< Clash of the Technology Titans - A Recap

Introduction
JDK 1.4.2 and above JSSE allows to plugin the implementation of the ssl security provider.
Sometimes its difficult to get the ssl/jsse working correctly due to a number of reasons.
Specially in testing applications, where the url's are accessible via ssl , parts or all of the the ssl implementation/provider can be swapped sith a custom
if the server certificate is a self signed cert, not valid or not a trusted cert.

The idea there being is to replace sun default SSL Socket Server Factory with a dummy implementation as show below.

package com.livrona.ssl.utils;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;

import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;

/**
Dummy SSL Socket Factory Implementation
**/
public class DummySSLSocketFactory extends SSLSocketFactory
{
private SSLSocketFactory factory;

public DummySSLSocketFactory()
{
try
{
SSLContext sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(null, // No KeyManager required
new TrustManager[]
{ new DummyTrustManager() }, new java.security.SecureRandom());
factory = (SSLSocketFactory) sslcontext.getSocketFactory();
}
catch (Exception ex)
{
ex.printStackTrace();
}
}

public static SocketFactory getDefault()
{
return new DummySSLSocketFactory();
}

public Socket createSocket(Socket socket, String s, int i, boolean flag)
throws IOException
{
return factory.createSocket(socket, s, i, flag);
}

public Socket createSocket(InetAddress inaddr, int i, InetAddress inaddr1, int j)
throws IOException
{
return factory.createSocket(inaddr, i, inaddr1, j);
}

public Socket createSocket(InetAddress inaddr, int i) throws IOException
{
return factory.createSocket(inaddr, i);
}

public Socket createSocket(String s, int i, InetAddress inaddr, int j)
throws IOException
{
return factory.createSocket(s, i, inaddr, j);
}

public Socket createSocket(String s, int i) throws IOException
{
return factory.createSocket(s, i);
}

public String[] getDefaultCipherSuites()
{
return factory.getSupportedCipherSuites();
}

public String[] getSupportedCipherSuites()
{
return factory.getSupportedCipherSuites();
}
}

package com.livrona.ssl.utils;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.X509TrustManager;

/**
Dummy Trust Manager Implementation
**
public class DummyTrustManager implements X509TrustManager
{
public boolean isClientTrusted(X509Certificate[] cert)
{
return true;
}

public boolean isServerTrusted(X509Certificate[] cert)
{
return true;
}

public X509Certificate[] getAcceptedIssuers()
{
return new X509Certificate[0];
}

/* (non-Javadoc)
* @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[], java.lang.String)
*/
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
{

}
/* (non-Javadoc)
* @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[], java.lang.String)
*/
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
{

}
}

In order to override the inbuilt implementation with the dummy one, call this line at the application startup and you should be set.

Security.setProperty("ssl.SocketFactory.provider", com.livrona.ssl.utils.DummySSLSocketFactory");

Trouble Shooting
In order to trouble shoot and see if this thing really works we can turn the ssl debugging on by adding following option to the java command line.
-Djavax.net.debug=ssl,handshake,data,trustmanager

So in this way you can still do SSL without the hassle.This has worked for me more than 2 times, when the server certificate with no good.
If there are other ways to do, please share here.

Bookmark/Search this post with: