2

I'm building a small wrapper java class around some rest webservices we use internally. we use a secured HTTPS connection. Normally, only trusted certificates are allowed by SSL. I would like the user of the wrapper class to be able to give a X509Certificate object as input to the wrapper constructor. This certificate is typically unsecured, but that's the whole point - we want to test internally without hacing a secured one.

public ServicesWrapper(String serviceURL, X509Certificate additionalCertificate)
{
    //Add the certificate to the trustmanager of the sslcontext.
}

I've seen the "trust all certificates" TrustManager hack multiple times (like here), but this is not what I need. I would really like to specify that the given (untrusted) certificate should now be considered trusted. Other untrusted certificates are not good. So I implemented my own TrustManager, but I'm stuck at the checkTrusted step:

public class NaiveTrustManager implements X509TrustManager
{
    //The extra certificate that should be trusted.
    private X509Certificate additionalCertificate;

    //Constructor
    public NaiveTrustManager(X509Certificate _additionalCertificate)
    {
        additionalCertificate = _additionalCertificate;
    }

    ...other methods here...


    public void checkServerTrusted(java.security.cert.X509Certificate[] certificateChain, String authType)
    {
        for(X509Certificate c : certificateChain)
        {
            **?????????????????**
                    pseudocode:
                    if (c is equal to additionalcertificate)
                        stop execution, we trust it!
                    if (nothing matches)
                        throw certificatEexception
        }
    }
}

what is the correct syntax for checking a certificate against a chain of certificates? I checked some attributes but certificates don't seem to have a name or id or anything to match for equality or compare them.

Community
  • 1
  • 1
user1884155
  • 3,616
  • 4
  • 55
  • 108
  • Do you need this trust manager to trust other *trusted* certificates too, or really just this one. – Bruno Feb 13 '14 at 18:31

1 Answers1

0

Don't write code for this. Just add the self-signed certificate to your test environment truststore.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • Is there any way to program "adding a certificate to the environment truststore" in java? Like, my user gives his certificate (either the file, or the location to the file, or some property of the certificate), and my java code adds this certificate to the truststore automatically? I want the process of using self-signed certificates to be as easy as possible for the end-user, even if it means writing long/tedious code to automate the process. – user1884155 Feb 14 '14 at 08:41
  • Ok I just checked with my colleague and this is a no-go, because we do not want the certificate to work for any other application. Importing it into cacerts will make it a trusted certificate for any application... – user1884155 Feb 14 '14 at 09:37