[JDEV] SSL with Jabber
John Goalby
jgoalby at hotmail.com
Mon Oct 14 12:45:56 CDT 2002
I also found the Javaworld tip, but it does not do the check in the trust
manager. Very helpful!
Thanks!
John.
>John,
>
>Here's some code you can use that bypasses all certificate validation.
>:)
>
>SSLSocketFactory sslFactory = new DummySSLSocketFactory();
>Socket socket = (SSLSocket)sslFactory.createSocket(host, port);
>
>The implementation of DummySSLSocketFactory is below. It's pretty easy
>to modify the classes so that they don't require a root CA, but still
>require a non-expired certificate.
>
>Regards,
>Matt
>-------------------------------
>
> private static class DummySSLSocketFactory extends SSLSocketFactory
>{
>
> private SSLSocketFactory factory;
>
> public DummySSLSocketFactory() {
>
> try {
> SSLContext sslcontent = SSLContext.getInstance("TLS");
> sslcontent.init(null, // KeyManager not required
> new TrustManager[] { new
>DummyTrustManager() },
> new java.security.SecureRandom());
> factory = sslcontent.getSocketFactory();
> }
> catch (NoSuchAlgorithmException e) {
> e.printStackTrace();
> }
> catch (KeyManagementException e) {
> e.printStackTrace();
> }
> }
>
> public static SocketFactory getDefault() {
> return new DummySSLSocketFactory();
> }
>
> public Socket createSocket(Socket socket, String s, int i,
>boolean flag)
> throws IOException
> {
> return factory.createSocket(socket, s, i, flag);
> }
>
> public Socket createSocket(InetAddress inaddr, int i,
>InetAddress inaddr2, int j)
> throws IOException
> {
> return factory.createSocket(inaddr, i, inaddr2, j);
> }
>
> public Socket createSocket(InetAddress inaddr, int i)
> throws IOException
> {
> return factory.createSocket(inaddr, i);
> }
>
> public Socket createSocket(String s, int i, InetAddress inaddr,
>int j)
> throws IOException
> {
> return factory.createSocket(s, i, inaddr, j);
> }
>
> public Socket createSocket(String s, int i)
> throws IOException
> {
> return factory.createSocket(s, i);
> }
>
> public String[] getDefaultCipherSuites() {
> return factory.getSupportedCipherSuites();
> }
>
> public String[] getSupportedCipherSuites() {
> return factory.getSupportedCipherSuites();
> }
> }
>
> /**
> * Trust manager which accepts certificates without any validation
> * except date validation.
> */
> private static class DummyTrustManager implements X509TrustManager {
>
> public void checkClientTrusted(X509Certificate[] chain, String
>authType) {
>
> }
>
> public void checkServerTrusted(X509Certificate[] chain, String
>authType) {
> try {
> chain[0].checkValidity();
> }
> catch (CertificateExpiredException e) {
> }
> catch (CertificateNotYetValidException e) {
> }
> }
>
> public X509Certificate[] getAcceptedIssuers() {
> return new X509Certificate[0];
> }
> }
>
> > -----Original Message-----
> > From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org] On
> > Behalf Of John Goalby
> > Sent: Saturday, October 12, 2002 7:22 PM
> > To: jdev at jabber.org
> > Subject: Re: [JDEV] SSL with Jabber
> >
> >
> > Thanks! I am trying to use the native Java SSL support in
> > 1.4.1 and having
> > a problem.
> >
> > I am trying to connect to the jabber.org server on port 5223.
> >
> > I get a certificate_unknown error. I haven't imported the
> > certificate from
> > jabber.org as I cannot find it. Should I be able to download
> > this and
> > import it by hand?
> >
> > Or should there be someway to import it automatically?
> >
> > I assume I am having problems due to the jabber.org cert not
> > being trusted
> > by a CA.
> >
> > Any help would be appreciated.
> >
> > Thanks!
> >
> > John.
> >
> > >There is nothing special about it.
> > >5223 is the standard ssl port. It is plain SSL/TLS on server
> > side based
> > >on i.e. OpenSSL. Java's native SSL or PureTLS will work fine.
> > >
> > >I can't remember if jabber.org supports SSL, but jabber.com propably
> > >will.
> > >
> > >ulrich
> > >
> > >John Goalby wrote:
> > > >
> > > > I am looking to write a Jabber client in Java and would like to
> > > > support
> > >the
> > > > SSL connection.
> > > >
> > > > Is there somewhere I can look for more information on how to do
> > > > this?
> > > >
> > > > Is there anything specific to Jabber, or is it some kind
> > of standard
> > > > SSL connection.
> > > >
> > > > Can anyone point to some sample code for this?
> > > >
> > > > Any help appreciated.
> > > >
> > > > Thanks in advance!
> > > >
> > > > John.
> > > >
> > > > _________________________________________________________________
> > > > Chat with friends online, try MSN Messenger:
> > > > http://messenger.msn.com
> > > >
> > > > _______________________________________________
> > > > jdev mailing list
> > > > jdev at jabber.org
> > > > http://mailman.jabber.org/listinfo/jdev
> > >_______________________________________________
> > >jdev mailing list
> > >jdev at jabber.org
> > >http://mailman.jabber.org/listinfo/jdev
> >
> >
> >
> >
> > _________________________________________________________________
> > Chat with friends online, try MSN Messenger: http://messenger.msn.com
> >
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> >
>
>_______________________________________________
>jdev mailing list
>jdev at jabber.org
>http://mailman.jabber.org/listinfo/jdev
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
More information about the JDev
mailing list