CODEWITHSUNDEEP
javassl
CodeBlue
CodeBlue

Reputation: 15389

How to establish a one way SSL connection to mail.google.com?

I am trying to establish a one way SSL connection to mail.google.com through java. I supposed mail.google.com is the same as gmail, so I created a certificate for gmail.com using the instructions provided here.

I created the cert as follows - 

$ openssl s_client -connect smtp.gmail.com:465

Then I copied the 

-----BEGIN CERTIFICATE-----
...
...
-----END CERTIFICATE-----

section into a file called "gmail.cert".

After that, I created my own keystore using the following command, setting the password to "password" - 

$ keytool -import -alias smtp.gmail.com -keystore simpleKS.jks -file gmail.cert

I used the Java code provided at this link, with minor modifications: 

    System.setProperty("javax.net.ssl.trustStore", "simpleKS.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");
    System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");

    //connect to google          
    SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
    SSLSocket sslSock = (SSLSocket) factory.createSocket("mail.google.com",443);

    System.out.println("Sending request...");         
    //send HTTP get request
    BufferedWriter wr = new BufferedWriter(new OutputStreamWriter(sslSock.getOutputStream(), "UTF8"));           
    wr.write("GET /mail HTTP/1.1\r\nhost: mail.google.com\r\n\r\n");
    wr.flush();

    System.out.println("Reading response...");

    // read response
    BufferedReader rd = new BufferedReader(new InputStreamReader(sslSock.getInputStream()));          
    String string = null;

    while ((string = rd.readLine()) != null) {
        System.out.println(string);
        System.out.flush();
    }

    rd.close();
    wr.close();
    // Close connection.
    sslSock.close();

The class file and the keystore (and all other files) are in the same directory, so I am pretty sure it is not an issue with finding the actual keystore file.

However, when I execute this code, I get 

Sending request...
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

What am I doing wrong?

Upvotes: 0

Views: 444

Answers (1)

jethroo
jethroo

Reputation: 2124

Guess this is because the certs differ a bit for each protocol used see. So you might have to play arround with openssl to convert the cert to be used for another protocol.

Your error message states the same, it doesn't find a cert for mail.google.com since you only provided one for smtp.gmail.com.

(disclaimer i'm no ssl guru, just trying to point in a hopefully right direction)

Upvotes: 1

Related Questions