Java - Trying to log into website with invalid ssl certificate using httpclient

Question

I'm trying to log into site with invalid ssl certificate and I have the following code.

I bypass the the invalid cert by using my all certificate and then bypass the invalid Hostname by using hostnameverifier.

However, the hostnameverifier does not seem to work and I still get the error message

javax.net.ssl.SSLException: hostname in certificate didn't match:

The code is:

public static void main(String[] args) {
    TrustManager[] trustAllCerts = new TrustManager[] {
            new X509TrustManager() {
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { }

                public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { } 
            } 
    };


    HostnameVerifier hv = new HostnameVerifier() {
        public boolean verify(String urlHostName, SSLSession session) {
            System.out.println("Warning: URL Host: "+urlHostName+" vs. "+session.getPeerHost());
            return true;
        }

    };


    try {
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
    } catch (Exception e) {

    }


    try {
        DefaultHttpClient httpclient = new DefaultHttpClient();
        HttpContext localContext = new BasicHttpContext();

        List<NameValuePair> formparams = new ArrayList<NameValuePair>();
        formparams.add(new BasicNameValuePair("username", "user"));
        formparams.add(new BasicNameValuePair("password", "pword"));
        UrlEncodedFormEntity entity;

        entity = new UrlEncodedFormEntity(formparams, "UTF-8");
        HttpPost httppost = new HttpPost("https://www.mysite.com/");
        httppost.setEntity(entity);
        HttpResponse response = httpclient.execute(httppost, localContext);
    } catch (UnsupportedEncodingException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }

}

Answer 1

I had a similar problem with a bad certificate and just bypassed it altogether. Of course depending on your application this may be too dangerous since it will connect anywhere...

//TODO: REMOVE THIS WHEN THE RIGHT CERTIFICATE IS INSTALLED 
static{
    SSLAdapterFactory.getDefaultFactory().setUseDefaultAdapter(true);
    SSLAdapterFactory.getDefaultFactory().setDefaultAdapter(new SSLAdapter(){

        public Socket createSocket(String arg0, int arg1) throws IOException {
            TrustManager[] trustAllCerts = new TrustManager[]{
                    new X509TrustManager() {
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return null;
                        }
                        public void checkClientTrusted(
                                java.security.cert.X509Certificate[] certs, String authType) {
                        }
                        public void checkServerTrusted(
                                java.security.cert.X509Certificate[] certs, String authType) {
                        }
                    }
            };
            try{
            SSLContext sslCtx = SSLContext.getInstance("SSL");
            sslCtx.init(null,trustAllCerts, null);
            SSLSocketFactory socketFactory = sslCtx.getSocketFactory();
            SSLSocket theSocket = (SSLSocket)
            socketFactory.createSocket(arg0, arg1);
            return theSocket;
            }catch(Exception e){
                e.printStackTrace();
                return null;
            }
        }

        public URLConnection openConnection(URL arg0) throws IOException {
        return null;
        }

    });
}