How to hook a listener to the SSL Handshake?
Question
i would like to be notifyed when a new SSL Connection starts and the handshake begins. I need to get the Certificate before the keystore gets invoked.
Is there some way to register a listener to this process so i get to decide whether the certificate is ok and should be checked against the keystore or cancel it rightaway.
Something like this, but for SMTP Connections:
URL req = new URL(getUrl);
HttpsURLConnection con = (HttpsURLConnection) req.openConnection();
con.setHostnameVerifier(new HostnameVerifier()
{
public boolean verify(String hostname, SSLSession session)
{
return true; //My decision
}
});
I'm using the JAMES Email server 2.3.2 (if that means something).
Thank you in advance!
Solution
You need to set the SSLFactory of the connection. The following example uses no key-manager and a default TrustManager. Your checks will go in the checkServerTrusted method.
HttpsURLConnection con = (HttpsURLConnection) req.openConnection();
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, // No Key Manager
new TrustManager[] { new X509TrustManager()
{
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException
{}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// check the certs
}
@Override
public X509Certificate[] getAcceptedIssuers()
{
return null;
}
} }, // TrustManager
new java.security.SecureRandom());
con.setSSLSocketFactory(context.getSocketFactory());
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow