Checking SSL connection using Java

Sometimes SSL issues are the worst there are. Unreadable logging, strange codes and other unprehencible messages. There is a simple way to check if your 1-way SSL is being setup correctly using Java. Here is how it works:

The first thing we have to do is to write a class which makes a simple HTTP request to a HTTPS url. This would look something like this:

package nl.redrock;
 
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
 
import junit.framework.TestCase;
 
import org.junit.Test;
 
public class SSLTest extends TestCase {
 
    @Test
    public void testSSL() throws Exception {
 
        // https://someserver.net:999/someservice?wsdl
        URL verisign = new URL("http://myserver.nl:8888/service/hello?WSDL");
 
        System.out.println("Opening URL: " + verisign.toString());
 
        BufferedReader in = new BufferedReader(new InputStreamReader(
                verisign.openStream()));
 
        String inputLine;
 
        while ((inputLine = in.readLine()) != null)
            System.out.println(inputLine);
 
        in.close();
    }
}

This class just prints to system out all the input received from the url. We made it a testcase so we are able to run it using JUnit. We can run the testcase when we run it using mvn:test as we are again using our favourite tool Maven. This will result into some PKIX error….it looks like this:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This is probably because the certificate of the server you are connecting to, isn’t trusted by the client. How do we fix this?
We add the server certificates to the cacerts of the JDK we are using to run the client or you can use the truststore of the client you want to mimic. You can configure this in your pom like this:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>nl.redrock</groupId>
    <artifactId>HelloService</artifactId>
    <version>1.0</version>
     
    <properties>
        <java.version>1.5</java.version>
    </properties>
     
    <dependencies>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>4.10</version>
            <type>jar</type>
            <scope>test</scope>
        </dependency>
    </dependencies>
     
    <build>
        <plugins>
            <!-- plugin for setting the compiler version -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>${java.version}</source>
                    <target>${java.version}</target>
                </configuration>
            </plugin>
            <!-- Plugin for setting properties for the tests to run -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-surefire-plugin</artifactId>
                <configuration>
                    <systemProperties>
                        <property>
                            <name>javax.net.ssl.trustStore</name>
                            <value>keystore.jks}</value>
                        </property>
                        <property>
                            <name>javax.net.ssl.trustStorePassword</name>
                            <value>MYPWD</value>
                        </property>
                        <property>
                            <name>ssl.debug</name>
                            <value>true</value>
                        </property>
                        <property>
                            <name>weblogic.StdoutDebugEnabled</name>
                            <value>true</value>
                        </property>
                        <property>
                            <name>javax.net.debug</name>
                            <value>ssl,handshake,verbose</value>
                        </property>
                        <property>
                            <name>javax.net.ssl.keyStore</name>
                            <value>keystore.jks</value>
                        </property>
                        <property>
                            <name>javax.net.ssl.keyStorePassword</name>
                            <value>MYPWD/value>
                        </property>
                    </systemProperties>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

Now when you run mvn:test your should get a nice overview of the whole SSL handshake and certificates.

Leave a Reply

Your email address will not be published. Required fields are marked *

*