Giter Club home page Giter Club logo

sslpoke's Introduction

sslpoke

Tool to test SSL connections from within the java VM, including HTTP proxy support, on java application servers.

I got the initial version of this tool from: https://confluence.atlassian.com/download/attachments/117455/SSLPoke.java

Fixed it up, added features and use it mostly to test/debug/validate certificate issues in java based deployments.

If you need any features feel free to add them and send pull requests.

Build

% make
javac SSLPoke.java

Usage

Normal usage with successfull response would be:

% java SSLPoke google.com 443
Successfully connected

Usage with connection via http proxy would be (http/1.1 CONNECT is used to tunnel the data):

% java -Dhttps.proxyHost=your.proxy.host -Dhttps.proxyPort=8080 SSLPoke google.com 443
Using proxy: your.proxy.host:8080
Successfully connected

Usage with special trustStore file set:

% java -Djavax.net.ssl.trustStore=your_special_keystore SSLPoke google.com 443
Successfully connected

Errors seen from sslpoke

Usual failure in corporate environments where you forgot to use the proxy (in which case just abort the tool with ctrl+c if you don't want to wait) (sslpoke exists with error = 1)

% java SSLPoke google.com 443
<hung, and after a long time>
java.net.ConnectException: Connection timed out (Connection timed out)
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:607)
        at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666)
        at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:426)
        at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:88)
        at SSLPoke.main(SSLPoke.java:41)

Certificate error (sslpoke exists with error = 1)

% java SSLPoke bad.cert.host 443
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
        at SSLPoke.main(SSLPoke.java:53)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
        at sun.security.validator.Validator.validate(Validator.java:262)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
        ... 9 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
        ... 15 more

sslpoke's People

Contributors

gebi avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

grahamb asamoal bowdena linuxmail razorsong ozgurgul ovekli ahmedraaj dracador philsch91 artmotion ahmedbelli diegopacheco jtognazzi qqq-tech xmenlin caot

sslpoke's Issues

Compilation error with Java 17

Since this is a very useful tool, and this solution is even listed by Atlassian as a good improvement to their original version of SSLPoke I thought it was worth reporting this issue.
I get the following compilation error when compiling with Java 17.

% java --version
openjdk 17.0.7 2023-04-18
OpenJDK Runtime Environment Temurin-17.0.7+7 (build 17.0.7+7)
OpenJDK 64-Bit Server VM Temurin-17.0.7+7 (build 17.0.7+7, mixed mode, sharing)
% javac SSLPoke.java
SSLPoke.java:71: error: package sun.net.www.protocol.http is not visible
                     + "User-Agent: " + sun.net.www.protocol.http.HttpURLConnection.userAgent + "\r\n"
                                                            ^
  (package sun.net.www.protocol.http is declared in module java.base, which does not export it to the unnamed module)
1 error`

According to this answer on Stack Overflow (https://stackoverflow.com/questions/10782957/what-to-use-instead-of-sun-net-www-protocol-http-httpurlconnection-useragent) I made the below changes that worked for me.

    private static void open_http_connect_tunnel(Socket tunnel, String tunnel_host, int tunnel_port, String host, int port)
    throws IOException
    {
        OutputStream out = tunnel.getOutputStream();
        String javaVersion = "Java/" + System.getProperty("java.version");
        String userAgent = System.getProperty("http.agent") == null ? javaVersion : System.getProperty("http.agent") + " " + javaVersion;
        String msg = "CONNECT " + host + ":" + port + " HTTP/1.1\n"
                     + "User-Agent: " + userAgent + "\r\n"
                     + "\r\n";

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.