[JDEV] SSL with Jabber

Matt Tucker matt at jivesoftware.com
Mon Oct 14 10:47:11 CDT 2002 

John,

Here's some code you can use that bypasses all certificate validation.
:)

SSLSocketFactory sslFactory = new DummySSLSocketFactory(); 
Socket socket = (SSLSocket)sslFactory.createSocket(host, port);

The implementation of DummySSLSocketFactory is below. It's pretty easy
to modify the classes so that they don't require a root CA, but still
require a non-expired certificate.

Regards,
Matt
-------------------------------

    private static class DummySSLSocketFactory extends SSLSocketFactory
{

        private SSLSocketFactory factory;

        public DummySSLSocketFactory() {

            try {
                SSLContext sslcontent = SSLContext.getInstance("TLS");
                sslcontent.init(null, // KeyManager not required
                                new TrustManager[] { new
DummyTrustManager() },
                                new java.security.SecureRandom());
                factory = sslcontent.getSocketFactory();
            }
            catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
            }
            catch (KeyManagementException e) {
                e.printStackTrace();
            }
        }

        public static SocketFactory getDefault() {
            return new DummySSLSocketFactory();
        }

        public Socket createSocket(Socket socket, String s, int i,
boolean flag)
                throws IOException
        {
            return factory.createSocket(socket, s, i, flag);
        }

        public Socket createSocket(InetAddress inaddr, int i,
InetAddress inaddr2, int j)
                throws IOException
        {
            return factory.createSocket(inaddr, i, inaddr2, j);
        }

        public Socket createSocket(InetAddress inaddr, int i)
                throws IOException
        {
            return factory.createSocket(inaddr, i);
        }

        public Socket createSocket(String s, int i, InetAddress inaddr,
int j)
                throws IOException
        {
            return factory.createSocket(s, i, inaddr, j);
        }

        public Socket createSocket(String s, int i)
                throws IOException
        {
            return factory.createSocket(s, i);
        }

        public String[] getDefaultCipherSuites() {
            return factory.getSupportedCipherSuites();
        }

        public String[] getSupportedCipherSuites() {
            return factory.getSupportedCipherSuites();
        }
    }

    /**
     * Trust manager which accepts certificates without any validation
     * except date validation.
     */
    private static class DummyTrustManager implements X509TrustManager {

        public void checkClientTrusted(X509Certificate[] chain, String
authType) {

        }

        public void checkServerTrusted(X509Certificate[] chain, String
authType)  {
             try {
                chain[0].checkValidity();
            }
            catch (CertificateExpiredException e) {
            }
            catch (CertificateNotYetValidException e) {
            }
        }

        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

> -----Original Message-----
> From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org] On 
> Behalf Of John Goalby
> Sent: Saturday, October 12, 2002 7:22 PM
> To: jdev at jabber.org
> Subject: Re: [JDEV] SSL with Jabber
> 
> 
> Thanks!  I am trying to use the native Java SSL support in 
> 1.4.1 and having 
> a problem.
> 
> I am trying to connect to the jabber.org server on port 5223.
> 
> I get a certificate_unknown error.  I haven't imported the 
> certificate from 
> jabber.org as I cannot find it.  Should I be able to download 
> this and 
> import it by hand?
> 
> Or should there be someway to import it automatically?
> 
> I assume I am having problems due to the jabber.org cert not 
> being trusted 
> by a CA.
> 
> Any help would be appreciated.
> 
> Thanks!
> 
> John.
> 
> >There is nothing special about it.
> >5223 is the standard ssl port. It is plain SSL/TLS on server 
> side based 
> >on i.e. OpenSSL. Java's native SSL or PureTLS will work fine.
> >
> >I can't remember if jabber.org supports SSL, but jabber.com propably 
> >will.
> >
> >ulrich
> >
> >John Goalby wrote:
> > >
> > > I am looking to write a Jabber client in Java and would like to 
> > > support
> >the
> > > SSL connection.
> > >
> > > Is there somewhere I can look for more information on how to do 
> > > this?
> > >
> > > Is there anything specific to Jabber, or is it some kind 
> of standard 
> > > SSL connection.
> > >
> > > Can anyone point to some sample code for this?
> > >
> > > Any help appreciated.
> > >
> > > Thanks in advance!
> > >
> > > John.
> > >
> > > _________________________________________________________________
> > > Chat with friends online, try MSN Messenger: 
> > > http://messenger.msn.com
> > >
> > > _______________________________________________
> > > jdev mailing list
> > > jdev at jabber.org
> > > http://mailman.jabber.org/listinfo/jdev
> >_______________________________________________
> >jdev mailing list
> >jdev at jabber.org
> >http://mailman.jabber.org/listinfo/jdev
> 
> 
> 
> 
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>

More information about the JDev mailing list