Assignment: Load a remote URL via https, verifying the site certificate against a local root CA certificate.

Java, Android SDK:

1// Load CAs from an InputStream


2// (could be from a resource or ByteArrayInputStream or ...)


3CertificateFactory cf = CertificateFactory.getInstance("X.509");


4// From https://www.washington.edu/itconnect/security/ca/load-der.crt


5InputStream caInput = new BufferedInputStream(new FileInputStream("load-der.crt"));


6Certificate ca;


7try {


8    ca = cf.generateCertificate(caInput);


9    System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());


10} finally {


11    caInput.close();


12}


13


14// Create a KeyStore containing our trusted CAs


15String keyStoreType = KeyStore.getDefaultType();


16KeyStore keyStore = KeyStore.getInstance(keyStoreType);


17keyStore.load(null, null);


18keyStore.setCertificateEntry("ca", ca);


19


20// Create a TrustManager that trusts the CAs in our KeyStore


21String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();


22TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);


23tmf.init(keyStore);


24


25// Create an SSLContext that uses our TrustManager


26SSLContext context = SSLContext.getInstance("TLS");


27context.init(null, tmf.getTrustManagers(), null);


28


29// Tell the URLConnection to use a SocketFactory from our SSLContext


30URL url = new URL("https://certs.cac.washington.edu/CAtest/");


31HttpsURLConnection urlConnection =


32    (HttpsURLConnection)url.openConnection();


33urlConnection.setSSLSocketFactory(context.getSocketFactory());


34InputStream in = urlConnection.getInputStream();


35copyInputStreamToOutputStream(in, System.out);

Python:

1import requests


2x = requests.get('https://certs.cac.washington.edu/CAtest/', verify='load-der.crt')