All geek questions in one place

Exception when printing server certificate information

I established an https connection between the server and the client, where the client is a Java program and the server is a servlet. I used the following code to print the certificate data from the server.

URL url = new URL("https://localhost:8443/cert"); HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); connection.setSSLSocketFactory(sslsocketfactory); connection.setDoOutput(true); if(connection!=null){ Certificate[] certs = connection.getServerCertificates();// #1 System.out.println("Cert Type : " + certs[0].getType()); System.out.println("Cert Hash Code : " + certs[0].hashCode()); System.out.println("Cert Public Key Algorithm : " + certs[0].getPublicKey().getAlgorithm()); System.out.println("Cert Public Key Format : " + certs[0].getPublicKey().getFormat()); System.out.println("\n"); }

But I get the following exception.

 java.lang.IllegalStateException: connection not yet open

I thought that a handshake should take place immediately after calling theurl.openconnection () method. What is the problem?
The exception is the line number '# 1' (see comments in the code above)

+4
source share
2 answers

You are trying to connect to your own certificate server. Follow the instructions for answer option 2 from this answer , which should allow you to connect.

I replaced connection.setDoOutput() with connection.connect() and the code worked correctly for me.

Do not use this mechanism for anything other than testing - you must use a certificate with a verified signature

+2
source

SSLSocket handshake "[...] can be initiated in one of three ways:"

  • a call to startHandshake that explicitly starts a handshake, or
  • any attempt to read or write application data on this socket causes an implicit handshake or
  • the getSession call attempts to set up a session if there is currently no live session and an implicit handshake is in progress.

It seems that the only thing that is applicable via HttpsURLConnection is to try to read / write something (since you cannot get a basic instance of SSLSocket directly to start a handshake or to get a session).

If you just call connection.getInputStream(); Before attempting to obtain a certificate, this should initiate a handshake, after which you will receive certificates.

Note that you will reach this point if the certificate you want to see is trusted by your SSLContext / SSLSocketFactory . To do this, you can build a keystore (which you will use as a trust store) that contains this certificate, as described in this answer . You can use if from your own SSLContext or use it globally using the javax.net.ssl.trustStore* system properties (which must be installed before any use of SSL. Avoid TrustManagers examples that don't check anything (there are several here on SO) : It will simply disable certificate verification altogether, making the connection potentially vulnerable to MITM attacks.

+3
source

Source: https://habr.com/ru/post/1399796/

More articles:


All Articles