Skip to content
/ jurl Public

jurl - java utility to inspect a web address. Useful for detecting java cacerts issues, printing all the headers etc

License

Notifications You must be signed in to change notification settings

ahtik/jurl

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

== jurl - java utility to inspect a web address ==
Useful for detecting java cacerts issues, printing all the headers etc


== Installation & Usage Instructions ==
git clone git://github.com/ahtik/jurl.git
cd jurl
ant -Djurl=https://myurl.com


== Sample jurl.out output ==

ant -Djurl=https://mail.google.com
(( Please note that the same command for https://gmail.com fails due to Hostname Verifier failure ))

jurl.out:

====== JURL -- Java URL Inspector
=== java.* properties ===
java.runtime.name=Java(TM) SE Runtime Environment
java.vm.version=19.0-b09
java.vm.vendor=Sun Microsystems Inc.
java.vendor.url=http://java.sun.com/
java.vm.name=Java HotSpot(TM) Client VM
java.vm.specification.name=Java Virtual Machine Specification
java.runtime.version=1.6.0_23-b05
java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment
java.endorsed.dirs=C:\Java\jdk1.6.0_23\jre\lib\endorsed
java.io.tmpdir=C:\DOCUME~1\ahtik\LOCALS~1\Temp\
java.vm.specification.vendor=Sun Microsystems Inc.
java.specification.name=Java Platform API Specification
java.class.version=50.0
java.awt.printerjob=sun.awt.windows.WPrinterJob
java.specification.version=1.6
java.vm.specification.version=1.0
java.home=C:\Java\jdk1.6.0_23\jre
java.specification.vendor=Sun Microsystems Inc.
java.vm.info=mixed mode, sharing
java.version=1.6.0_23
java.ext.dirs=C:\Java\jdk1.6.0_23\jre\lib\ext;C:\WINDOWS\Sun\Java\lib\ext
java.vendor=Sun Microsystems Inc.
java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi
=== Connecting to https://mail.google.com ===
trustStore is: C:\Java\jdk1.6.0_23\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4eb200670c035d4f
  Valid from Wed Oct 25 11:36:00 EEST 2006 until Sat Oct 25 11:36:00 EEST 2036
/SKIPPED/

adding as trusted cert:
  Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
  Issuer:  CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
  Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
  Valid from Thu Jan 12 16:38:43 EET 2006 until Thu Jan 01 00:59:59 EET 2026

trigger seeding of SecureRandom
done seeding SecureRandom
main, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1291169042 bytes = { 20, 154, 167, 100, 4, 65, 171, 90, 141, 165, 195, 22, 254, 4, 196, 12, 249, 170, 239, 208, 129, 18, 19, 39, 61, 140, 224, 4 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 75
main, WRITE: SSLv2 client hello message, length = 101
main, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
RandomCookie:  GMT: 1291169044 bytes = { 120, 122, 205, 209, 145, 246, 25, 144, 188, 22, 109, 85, 251, 172, 242, 222, 82, 248, 211, 196, 119, 214, 204, 147, 210, 123, 222, 222 }
Session ID:  {241, 140, 210, 98, 55, 181, 188, 206, 158, 2, 243, 246, 99, 127, 43, 251, 166, 142, 144, 19, 202, 219, 104, 116, 50, 144, 199, 102, 52, 26, 30, 62}
Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Created:  [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
main, READ: TLSv1 Handshake, length = 1626
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=mail.google.com, O=Google Inc, L=Mountain View, ST=California, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 152491705322563972192887583523678445314711734334266057071961328501334716695971287724785617859903977038951808613916813440592334235621022183140296291353440321659682450979357710584852815479943657884825102455001273827974562341304118879743929772329505595168932646226094744439310014777926497538839711922655414233939
  public exponent: 65537
  Validity: [From: Fri Dec 18 02:00:00 EET 2009,
               To: Mon Dec 19 01:59:59 EET 2011]
  Issuer: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
  SerialNumber: [    1f19f6de 35dd63a1 42918ad5 2cc0ab12]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.thawte.com/ThawteSGCCA.crl]
]]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
  2.16.840.1.113730.4.1
]

[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.thawte.com, 
   accessMethod: 1.3.6.1.5.5.7.48.2
   accessLocation: URIName: http://www.thawte.com/repository/Thawte_SGC_CA.crt]
]

[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 89 C8 EE ED F7 B1 CB EC   91 3F 67 6B C7 9E D3 72  .........?gk...r
0010: AA 3E 04 49 51 D4 28 87   35 9D 67 84 F9 92 F5 04  .>.IQ.(.5.g.....
0020: 99 6A E7 43 03 C8 F2 DB   92 0F 55 6B E3 12 06 AA  .j.C......Uk....
0030: D7 71 EB A3 41 E0 DF 66   4D 54 AE 77 A9 C5 F0 8D  .q..A..fMT.w....
0040: 6B 67 08 04 5E A2 3B CD   C2 3E BF C7 50 A2 AB 90  kg..^.;..>..P...
0050: 7A 0F B1 3A 7A 26 03 49   F5 C9 F3 F6 B6 BD 1E 48  z..:z&.I.......H
0060: 6E 06 3C F6 7A BE C2 E1   DA 03 AB EC A4 7E AF 35  n.<.z..........5
0070: 1F 38 F3 13 B7 CF 53 D0   EC 1A C8 8E 76 10 D4 0D  .8....S.....v...

]
chain [1] = [
[
  Version: V3
  Subject: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 149451361202983228678853174673260064915210015568755178121835896813476102975849608236160530025148408068015676874970828987319389099279139710312057178233282042183735250436322343778113029297475176407559067041567861008582560880872235118626093670157751685892563822841241263685435061247717973073679225111084128559129
  public exponent: 65537
  Validity: [From: Thu May 13 03:00:00 EEST 2004,
               To: Tue May 13 02:59:59 EEST 2014]
  Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  SerialNumber: [    30000002]

Certificate Extensions: 7
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL CA
   S/MIME CA
]

[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.verisign.com/pca3.crl]
]]

[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  CN=PrivateLabel3-15
]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
  2.16.840.1.113730.4.1
  2.16.840.1.113733.1.8.1
]

[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.thawte.com]
]

[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 55 AC 63 EA DE A1 DD D2   90 5F 9F 0B CE 76 BE 13  U.c......_...v..
0010: 51 8F 93 D9 05 2B C8 1B   77 4B AD 69 50 A1 EE DE  Q....+..wK.iP...
0020: DC FD DB 07 E9 E8 39 94   DC AB 72 79 2F 06 BF AB  ......9...ry/...
0030: 81 70 C4 A8 ED EA 53 34   ED EF 1E 53 D9 06 C7 56  .p....S4...S...V
0040: 2B D1 5C F4 D1 8A 8E B4   2B B1 37 90 48 08 42 25  +.\.....+.7.H.B%
0050: C5 3E 8A CB 7F EB 6F 04   D1 6D C5 74 A2 F7 A2 7C  .>....o..m.t....
0060: 7B 60 3C 77 CD 0E CE 48   02 7F 01 2F B6 9B 37 E0  .`<w...H.../..7.
0070: 2A 2A 36 DC D5 85 D6 AC   E5 3F 54 6F 96 1E 05 AF  **6......?To....

]
***
Found trusted certificate:
[
[
  Version: V1
  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 141400322044550516865173371773024584879899609644618927642375342633349057300960400037232334924701046781298765077061770383151646234219179990772047200045837817821582483532549791304588064624083040538534190301571832597441704620988055765289140138246856927863523873759538652326729606982847841094220861282830980236711
  public exponent: 65537
  Validity: [From: Mon Jan 29 02:00:00 EET 1996,
               To: Thu Aug 03 02:59:59 EEST 2028]
  Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  SerialNumber: [    3c9131cb 1ff6d01b 0e9ab8d0 44bf12be]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 10 72 52 A9 05 14 19 32   08 41 F0 C5 6B 0A CC 7E  .rR....2.A..k...
0010: 0F 21 19 CD E4 67 DC 5F   A9 1B E6 CA E8 73 9D 22  .!...g._.....s."
0020: D8 98 6E 73 03 61 91 C5   7C B0 45 40 6E 44 9D 8D  ..ns.a....E@nD..
0030: B0 B1 96 74 61 2D 0D A9   45 D2 A4 92 2A D6 9A 75  ...ta-..E...*..u
0040: 97 6E 3F 53 FD 45 99 60   1D A8 2B 4C F9 5E A7 09  .n?S.E.`..+L.^..
0050: D8 75 30 D7 D2 65 60 3D   67 D6 48 55 75 69 3F 91  .u0..e`=g.HUui?.
0060: F5 48 0B 47 69 22 69 82   96 BE C9 C8 38 86 4A 7A  .H.Gi"i.....8.Jz
0070: 2C 73 19 48 69 4E 6B 7C   65 BF 0F FC 70 CE 88 90  ,s.HiNk.e...p...

]
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 56 36 28 78 CC 0D   CB 96 74 CA 41 73 AF DA  ..V6(x....t.As..
0010: 13 E4 CB 1A 6D 9D 4A 60   B3 C6 D3 37 9A 7E F1 D5  ....m.J`...7....
0020: ED F1 79 43 AB AE 49 65   BF 7E 8D 9E B1 85 00 6D  ..yC..Ie.......m
CONNECTION KEYGEN:
Client Nonce:
0000: 4D F6 AD 12 14 9A A7 64   04 41 AB 5A 8D A5 C3 16  M......d.A.Z....
0010: FE 04 C4 0C F9 AA EF D0   81 12 13 27 3D 8C E0 04  ...........'=...
Server Nonce:
0000: 4D F6 AD 14 78 7A CD D1   91 F6 19 90 BC 16 6D 55  M...xz........mU
0010: FB AC F2 DE 52 F8 D3 C4   77 D6 CC 93 D2 7B DE DE  ....R...w.......
Master Secret:
0000: 74 6A 4F 35 CE 2A 35 62   32 EB 0F E1 2C AA 15 B7  tjO5.*5b2...,...
0010: 1B DC 68 F9 23 86 84 9E   B7 2F 74 4A 95 84 49 42  ..h.#..../tJ..IB
0020: B8 CF 08 AC 87 54 F1 6F   45 54 55 78 4D BF 64 E5  .....T.oETUxM.d.
Client MAC write Secret:
0000: 58 23 4F 11 3C D9 1F 6F   92 B6 1D C7 54 C6 31 A2  X#O.<..o....T.1.
0010: 04 A1 11 A2                                        ....
Server MAC write Secret:
0000: 88 3E FD FC CD 92 A3 1B   FC F7 D3 F1 BC 1A D8 7C  .>..............
0010: 2C F8 7F 35                                        ,..5
Client write key:
0000: 2D 40 58 94 60 3D 67 46   A3 D4 04 E4 63 9D 51 85  -@X.`=gF....c.Q.
Server write key:
0000: 35 6F 67 33 16 66 79 04   F2 70 50 90 25 B2 47 EA  5og3.fy..pP.%.G.
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 150, 197, 98, 40, 19, 100, 205, 73, 146, 104, 202, 162 }
***
main, WRITE: TLSv1 Handshake, length = 36
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 36
*** Finished
verify_data:  { 255, 59, 12, 190, 43, 206, 128, 43, 189, 118, 42, 136 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
main, setSoTimeout(0) called
main, WRITE: TLSv1 Application Data, length = 133
main, READ: TLSv1 Application Data, length = 376
Protocol version: HTTP/1.1
Status code: 200
Reason: OK
Status: HTTP/1.1 200 OK
=== HEADERS ===
Cache-Control=private, max-age=604800
Expires=Tue, 14 Jun 2011 00:36:37 GMT
Date=Tue, 14 Jun 2011 00:36:37 GMT
Refresh=0;URL=https://mail.google.com/mail/
Content-Type=text/html; charset=ISO-8859-1
X-Content-Type-Options=nosniff
X-Frame-Options=SAMEORIGIN
X-XSS-Protection=1; mode=block
Content-Length=234
Server=GSE
=== EOF ===

About

jurl - java utility to inspect a web address. Useful for detecting java cacerts issues, printing all the headers etc

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published