/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ package savesslcertificate; import java.io.FileOutputStream; import java.net.URL; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; import java.security.cert.CertificateExpiredException; import java.security.cert.X509Certificate; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; /** * * @author ADMIN */ public class SaveSSLCertificate { static { disableSslVerification(); } /** * @param args the command line arguments */ public static void main(String[] args) throws Exception { // TODO code application logic here testConnectionTo(args[0], args[1], args[2]); } public static void testConnectionTo(String aURL, String clientKeystore, String keystorePassword) throws Exception { URL destinationURL = new URL(aURL); HttpsURLConnection conn = (HttpsURLConnection) destinationURL.openConnection(); /* //ssl HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } }); TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { //return new X509Certificate[0]; return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } }}; KeyStore ks = KeyStore.getInstance("PKCS12"); KeyManagerFactory kmf; try (FileInputStream fis = new FileInputStream(clientKeystore)) { ks.load(fis, keystorePassword.toCharArray()); kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, keystorePassword.toCharArray()); } SSLContext sc = SSLContext.getInstance("TLS"); sc.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom()); conn.setSSLSocketFactory(sc.getSocketFactory()); // */ conn.connect(); Certificate[] certs = conn.getServerCertificates(); System.out.println("nb = " + certs.length); int i = 1; for (Certificate cert : certs) { System.out.println(""); System.out.println(""); System.out.println(""); System.out.println("################################################################"); System.out.println(""); System.out.println(""); System.out.println(""); System.out.println("Certificate is: " + cert); if (cert instanceof X509Certificate) { try { ((X509Certificate) cert).checkValidity(); System.out.println("Certificate is active for current date"); FileOutputStream os = new FileOutputStream("myCert" + i + ".cer"); i++; os.write(cert.getEncoded()); } catch (CertificateExpiredException cee) { System.out.println("Certificate is expired"); } } else { System.err.println("Unknown certificate type: " + cert); } } } private static void disableSslVerification() { try { // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; // Install the all-trusting trust manager SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } } }