/home/julius/dev/commons-ssl/src/java/TrustExample.java

1     
2    import org.apache.commons.httpclient.HttpClient; 
3    import org.apache.commons.httpclient.methods.GetMethod; 
4    import org.apache.commons.httpclient.protocol.Protocol; 
5    import org.apache.commons.ssl.HttpSecureProtocol; 
6    import org.apache.commons.ssl.TrustMaterial; 
7     
8    import javax.net.ssl.SSLHandshakeException; 
9    import java.net.URL; 
10    
11   /** 
12    * 
13    * Example of trusting certs to answer a question Sudip Shrestha posed on the 
14    * httpclient-user@jakarta.apache.org mailing list, Fri 5/5/2006. 
15    * 
16    * @author Julius Davies 
17    * @since May 5, 2006 
18    */ 
19   public class TrustExample { 
20    
21   /* 
22   Microsoft IE trusts usertrust.com CA certs by default, but Java doesn't, so we need 
23   to tell Java to. 
24    
25   Cert is good until 2019 ! 
26    
27   openssl x509 -in cert.pem -noout -text 
28   ======================================= 
29    
30   Serial Number: 
31       44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd 
32   Signature Algorithm: sha1WithRSAEncryption 
33   Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware 
34   Validity 
35       Not Before: Jul  9 18:10:42 1999 GMT 
36       Not After : Jul  9 18:19:22 2019 GMT 
37   Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware 
38    
39   X509v3 extensions: 
40       X509v3 Key Usage: 
41           Digital Signature, Non Repudiation, Certificate Sign, CRL Sign 
42       X509v3 Basic Constraints: critical 
43           CA:TRUE 
44       X509v3 Subject Key Identifier: 
45           A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45 
46       X509v3 CRL Distribution Points: 
47           URI:http://crl.usertrust.com/UTN-USERFirst-Hardware.crl 
48    
49       X509v3 Extended Key Usage: 
50           TLS Web Server Authentication, IPSec End System, IPSec Tunnel, IPSec User 
51    
52   */ 
53       private static byte[] pemCert = ( 
54               "-----BEGIN CERTIFICATE-----\n" + 
55               "MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB\n" + 
56               "lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug\n" + 
57               "Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho\n" + 
58               "dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt\n" + 
59               "SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG\n" + 
60               "A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe\n" + 
61               "MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v\n" + 
62               "d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh\n" + 
63               "cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn\n" + 
64               "0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ\n" + 
65               "M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a\n" + 
66               "MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd\n" + 
67               "oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI\n" + 
68               "DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy\n" + 
69               "oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD\n" + 
70               "VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0\n" + 
71               "dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy\n" + 
72               "bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF\n" + 
73               "BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM\n" + 
74               "//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli\n" + 
75               "CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE\n" + 
76               "CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t\n" + 
77               "3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS\n" + 
78               "KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==\n" + 
79               "-----END CERTIFICATE-----\n" ).getBytes(); 
80    
81       public static void main( String[] args ) throws Exception 
82       { 
83           HttpSecureProtocol f = new HttpSecureProtocol(); 
84    
85           // might as well trust the usual suspects: 
86           f.addTrustMaterial(TrustMaterial.CACERTS); 
87    
88           // here's where we start trusting usertrust.com's CA: 
89           f.addTrustMaterial(new TrustMaterial( pemCert )); 
90    
91           Protocol trustHttps = new Protocol("https", f, 443); 
92           Protocol.registerProtocol("https", trustHttps); 
93    
94           HttpClient client = new HttpClient(); 
95           GetMethod httpget = new GetMethod("https://www.usertrust.com/"); 
96           client.executeMethod(httpget); 
97           String s = httpget.getStatusLine().toString(); 
98           System.out.println( "HTTPClient: " + s ); 
99    
100          // Notice that Java still can't access it.  Only HTTPClient knows 
101          // to trust the cert! 
102          URL u = new URL( "https://www.usertrust.com/" ); 
103          try 
104          { 
105              // This will throw an SSLHandshakeException 
106              u.openStream(); 
107          } 
108          catch ( SSLHandshakeException she ) 
109          { 
110              System.out.println( "Java:       " + she ); 
111          } 
112      } 
113   
114  } 
115