2

I'm having difficulty trying to implement this method. What I'm trying to do is to check if the hostname matches the request from the user (regarding SSL certificates) how sslshopper.com would display if the hostname matches or mismatches.

My connection is under Controller.java:

HttpsURLConnection connection; try { connection = (HttpsURLConnection) urlOK.openConnection(); connection.connect(); } catch (IOException ex) { throw new IOException("Failed to connect: " + ex.getMessage()); }

I set up a class called getHostnameVerified and I pass these values to it from Controller.java getHostNameVerified.returnValid(this,urlOK,connection);

Here is the setter for the UI found in Controller.java:

public void getHostname(boolean hostnameValid) { if (hostnameValid) { hostName.setText("Hostname match"); } else if (!hostnameValid) { hostName.setText("Hostname mis-match"); } }

Here is the class:

public abstract class getHostNameVerified implements HostnameVerifier { public static void returnValid(Controller controller, URL url, HttpsURLConnection connection) { try { HostnameVerifier hv = new HostnameVerifier() { @Override public boolean verify(String s, SSLSession sslSession) { System.out.println("DEBUG getHostNameVerified verify entered"); return true; } }; }catch (Exception ex) { System.out.print("getHostNameVerified exception: " + ex.getMessage()); } } }

Nothing happens. I do not see the println statement for SSL certificates I know are true. Am I implementing something wrong? I'm completely stumped :(.

Improve this question
3
  • 1
    A few points regarding the code of your class. Firstly, it shouldn't be an abstract class, otherwise you won't be able to create an instance of it. Secondly, getHostNameVerified (or doSomething) is generally the way to call methods, not classes. In the Java style guides, classes normally have names that start with a capital character (and generally not a verb), for example CustomHostnameVerifier): what you've done is "legal" Java, but you may find that a number of tools rely on those conventions. [...] Commented Nov 12, 2015 at 15:36
  • 1
    [...] Finally, creating the class generally isn't sufficient to make it do anything (some frameworks like Spring will do some auto-discovery, so there can be some automation sometimes, just not here). You'd need to use it with something for it to be used, in this particular case, an instance of HttpsURLConnection (or the whole class if you want it to be used by default). Commented Nov 12, 2015 at 15:38
  • Thanks for this @Bruno. I'm just trying to get the code working and then I will refactor everything to proper name conventions as I'm really frustrated and haven't bothered fixing any of it. Commented Nov 12, 2015 at 16:09

1 Answer 1

Reset to default
1

You need to tell HTTPURLConnection to use an instance of your host name verifier.

Something like this:

try { HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } }; HttpsURLConnection.setDefaultHostnameVerifier(hv); } catch (Exception localException) { }
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

It's probably best to leave the default trustmanager instead of having something that trusts anything (like you have). This question is just about host name verification.
Better after your edit, but in this case, you might as well not change the default SSLSocketFactory at all (in which case you don't even need to create an SSLContext).
You're killing me :-)
You were on the right path already anyway. Another possibility is to set the host name verifier on a specific instance of HttpsURLConnection (cast from URLConnection) instead of the default. It's also worth mentioning that the first String argument is the hostname you're looking for, whereas the SSLSession can give you the certificate (from which you can extract the names it's valid for), and do the comparison with both (if you want to perform the verification instead of returning true all the time).
Thanks @Bruno you taught me something
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.