SSL

Using SSL in Java
zipped source code

Code links

chain.cer
root.cer
src/Client.java

Listings

chain.cer
-----BEGIN CERTIFICATE-----
MIICezCCAiWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBkMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCQ0ExEDAOBgNVBAcTB0FsYW1lZGExEDAOBgNVBAoTB1Vua25vd24x
DDAKBgNVBAsTA09uZTEWMBQGA1UEAxMNVG9kZCBTdW5kc3RlZDAeFw0wMTAzMjkw
MjUwMTZaFw0wMTA0MjgwMjUwMTZaMGQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
QTEQMA4GA1UEBxMHQWxhbWVkYTEQMA4GA1UEChMHVW5rbm93bjEMMAoGA1UECxMD
T25lMRYwFAYDVQQDEw1Ub2RkIFN1bmRzdGVkMFwwDQYJKoZIhvcNAQEBBQADSwAw
SAJBAL5SlkC8J0lSVZ/GKYGWb67m+YtAXn5e5/8v5EwPHAZYQKSy9maNn4W+QlcV
mLLZk9NvPujjZYir+PsP0AUJqesCAwEAAaOBwTCBvjAdBgNVHQ4EFgQU6UwkGXvw
XgUZEn7D3D/gRG93XIIwgY4GA1UdIwSBhjCBg4AU6UwkGXvwXgUZEn7D3D/gRG93
XIKhaKRmMGQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEBxMHQWxh
bWVkYTEQMA4GA1UEChMHVW5rbm93bjEMMAoGA1UECxMDT25lMRYwFAYDVQQDEw1U
b2RkIFN1bmRzdGVkggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADQQAn
GDbriSnS8Nad6risCnoIBP5nSAmEQMPkoD8C825tlSJ5gbop3vtQkGjiHEufLemY
FNe7XcF7FlfBnIo1Yj6G
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBsjCCAVwCAQUwDQYJKoZIhvcNAQEEBQAwZDELMAkGA1UEBhMCVVMxCzAJBgNV
BAgTAkNBMRAwDgYDVQQHEwdBbGFtZWRhMRAwDgYDVQQKEwdVbmtub3duMQwwCgYD
VQQLEwNPbmUxFjAUBgNVBAMTDVRvZGQgU3VuZHN0ZWQwHhcNMDEwMzI5MDMwMTQz
WhcNMDEwNDI4MDMwMTQzWjBkMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEDAO
BgNVBAcTB0FsYW1lZGExEDAOBgNVBAoTB1Vua25vd24xDDAKBgNVBAsTA1R3bzEW
MBQGA1UEAxMNVG9kZCBTdW5kc3RlZDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC4
4IF/Wp6RZd9Uii/DcC5MwImg9jsqnrCBcMhhj7oJw+DdtSJXJFr9WUOTXgO63D7T
X5eFUbMTujDNJ1vLyIBPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQBXl7ORMhv/bYCY
7VpeiaiwEE/E4o5HDvGu6a4mrPPmYcoMV3AxvblekB9TSz6E0VFym2JCUsD0tpyN
RXia3hA4
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBtDCCAV4CAQMwDQYJKoZIhvcNAQEEBQAwZDELMAkGA1UEBhMCVVMxCzAJBgNV
BAgTAkNBMRAwDgYDVQQHEwdBbGFtZWRhMRAwDgYDVQQKEwdVbmtub3duMQwwCgYD
VQQLEwNUd28xFjAUBgNVBAMTDVRvZGQgU3VuZHN0ZWQwHhcNMDEwMzI5MDMwMjU4
WhcNMDEwNDI4MDMwMjU4WjBmMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEDAO
BgNVBAcTB0FsYW1lZGExEDAOBgNVBAoTB1Vua25vd24xDjAMBgNVBAsTBVRocmVl
MRYwFAYDVQQDEw1Ub2RkIFN1bmRzdGVkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
AMC5A0aeagROMw9f6kb0O6BZUfnCingi5bIbu1p+htgKILHtffW/GFw/NTd/CNj4
BAZnn1QNMqNGi62ZSGUSZocCAwEAATANBgkqhkiG9w0BAQQFAANBADGeAMGjyscg
DHkBnkqTQ/OWI4xkUrn2SCj9iqtFRU/Qnj6W4iBgemAJsmKd8YKsiRzot66NAOjL
pX6kwmGDz1g=
-----END CERTIFICATE-----
root.cer
-----BEGIN CERTIFICATE-----
MIICezCCAiWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBkMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCQ0ExEDAOBgNVBAcTB0FsYW1lZGExEDAOBgNVBAoTB1Vua25vd24x
DDAKBgNVBAsTA09uZTEWMBQGA1UEAxMNVG9kZCBTdW5kc3RlZDAeFw0wMTAzMjkw
MjUwMTZaFw0wMTA0MjgwMjUwMTZaMGQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
QTEQMA4GA1UEBxMHQWxhbWVkYTEQMA4GA1UEChMHVW5rbm93bjEMMAoGA1UECxMD
T25lMRYwFAYDVQQDEw1Ub2RkIFN1bmRzdGVkMFwwDQYJKoZIhvcNAQEBBQADSwAw
SAJBAL5SlkC8J0lSVZ/GKYGWb67m+YtAXn5e5/8v5EwPHAZYQKSy9maNn4W+QlcV
mLLZk9NvPujjZYir+PsP0AUJqesCAwEAAaOBwTCBvjAdBgNVHQ4EFgQU6UwkGXvw
XgUZEn7D3D/gRG93XIIwgY4GA1UdIwSBhjCBg4AU6UwkGXvwXgUZEn7D3D/gRG93
XIKhaKRmMGQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEBxMHQWxh
bWVkYTEQMA4GA1UEChMHVW5rbm93bjEMMAoGA1UECxMDT25lMRYwFAYDVQQDEw1U
b2RkIFN1bmRzdGVkggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADQQAn
GDbriSnS8Nad6risCnoIBP5nSAmEQMPkoD8C825tlSJ5gbop3vtQkGjiHEufLemY
FNe7XcF7FlfBnIo1Yj6G
-----END CERTIFICATE-----
src/Client.java
import java.net.Socket;
import java.io.InputStream;
import java.io.IOException;
import java.util.Collection;
import java.util.LinkedList;
import java.util.Date;
import java.security.Principal;
import java.security.PublicKey;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

public
class Client
{
  public
  static
  void
  main(String [] arstring)
  {
    try
    {
      CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");
      InputStream inputstream = null;
      // Read certificate chain.
      inputstream = new java.io.FileInputStream(arstring[0]);
      inputstream = new java.io.BufferedInputStream(inputstream);
      LinkedList linkedlist = new LinkedList();
      while (true)
      {
        inputstream.mark(1);
        if (inputstream.read() < 0) break;
        inputstream.reset();
        linkedlist.add(certificatefactory.generateCertificate(inputstream));
      }
      inputstream.close();
      // Read root certificate.
      inputstream = new java.io.FileInputStream(arstring[1]);
      X509Certificate x509certificate = (X509Certificate)certificatefactory.generateCertificate(inputstream);
      // Read the target.
      String string = arstring[2];
      // Verify.
      verify(x509certificate, linkedlist, string);
    }
    catch (Exception exception)
    {
      exception.printStackTrace();
    }
  }

  public
  static
  boolean
  verify
  (
    X509Certificate x509certificateRoot,
    Collection collectionX509CertificateChain,
    String stringTarget
  )
  {
    int nSize = collectionX509CertificateChain.size();
    X509Certificate [] arx509certificate = new X509Certificate [nSize];
    collectionX509CertificateChain.toArray(arx509certificate);

    // Working down the chain, for every certificate in the chain,
    // verify that the subject of the certificate is the issuer of the
    // next certificate in the chain.
    Principal principalLast = null;
    for (int i = 0; i < nSize; i++)
    {
      X509Certificate x509certificate = arx509certificate[i];
      Principal principalIssuer = x509certificate.getIssuerDN();
      Principal principalSubject = x509certificate.getSubjectDN();
      if (principalLast != null)
      {
        if (principalIssuer.equals(principalLast))
        {
          try
          {
            PublicKey publickey = arx509certificate[i - 1].getPublicKey();
            arx509certificate[i].verify(publickey);
          }
          catch (GeneralSecurityException generalsecurityexception)
          {
            System.out.println("signature verification failed");
            return false;
          }
        }
        else
        {
          System.out.println("subject/issuer verification failed");
          return false;
        }
      }
      principalLast = principalSubject;
    }

    // Verify that the the first certificate in the chain was issued
    // by a third-party that the client trusts.
    try
    {
      PublicKey publickey = x509certificateRoot.getPublicKey();
      arx509certificate[0].verify(publickey);
    }
    catch (GeneralSecurityException generalsecurityexception)
    {
      System.out.println("signature verification failed");
      return false;
    }

    // Verify that the last certificate in the chain corresponds to
    // the server we desire to authenticate.
    Principal principalSubject = arx509certificate[nSize - 1].getSubjectDN();
    if (!stringTarget.equals(principalSubject.getName()))
    {
      System.out.println("target verification failed");
      return false;
    }

    // For every certificate in the chain, verify that the certificate
    // is valid at the current time.
    Date date = new Date();
    for (int i = 0; i < nSize; i++)
    {
      try
      {
        arx509certificate[i].checkValidity(date);
      }
      catch (GeneralSecurityException generalsecurityexception)
      {
        System.out.println("invalid date");
        return false;
      }
    }

    return true;
  }
}