{"id":21177623,"url":"https://github.com/tersesystems/debugjsse","last_synced_at":"2025-07-09T22:30:47.758Z","repository":{"id":57728885,"uuid":"142524816","full_name":"tersesystems/debugjsse","owner":"tersesystems","description":"Debug JSSE Provider","archived":false,"fork":false,"pushed_at":"2024-12-04T17:24:32.000Z","size":160,"stargazers_count":14,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-05T08:01:38.266Z","etag":null,"topics":["debug","java","jca","jsse","provider"],"latest_commit_sha":null,"homepage":"https://tersesystems.com/blog/2018/07/27/debug-java-tls-ssl-provider/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tersesystems.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-27T03:48:39.000Z","updated_at":"2024-12-04T17:24:36.000Z","dependencies_parsed_at":"2022-09-09T10:00:50.042Z","dependency_job_id":null,"html_url":"https://github.com/tersesystems/debugjsse","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/tersesystems/debugjsse","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tersesystems%2Fdebugjsse","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tersesystems%2Fdebugjsse/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tersesystems%2Fdebugjsse/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tersesystems%2Fdebugjsse/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tersesystems","download_url":"https://codeload.github.com/tersesystems/debugjsse/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tersesystems%2Fdebugjsse/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264504573,"owners_count":23618825,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["debug","java","jca","jsse","provider"],"created_at":"2024-11-20T17:16:38.497Z","updated_at":"2025-07-09T22:30:47.753Z","avatar_url":"https://github.com/tersesystems.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DebugJSSE\n\n[ ![Download](https://api.bintray.com/packages/tersesystems/maven/debugjsse/images/download.svg) ](https://bintray.com/tersesystems/maven/debugjsse/_latestVersion)\n\nThis is a JSSE provider that provides logging for entrance and exit of the trust manager, delegating to the original `KeyManager` and `TrustManager`.\n\nThis works on all JSSE implementations, but is transparent, and logs before and after every call.\n\nThis only works on \"SunJSSE\" right now.\n\nMore info in the [blog post](https://tersesystems.com/blog/2018/07/27/debug-java-tls-ssl-provider/).\n\n## Installation\n\n```\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.tersesystems.debugjsse\u003c/groupId\u003e\n    \u003cartifactId\u003edebugjsse\u003c/artifactId\u003e\n    \u003cversion\u003e1.0.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n### sbt\n\n```\nlibraryDependencies += \"com.tersesystems.debugjsse\" % \"debugjsse\" % \"1.0.0\"\n```\n\n## Installing Provider\n\nThe security provider must be installed before it will work.\n\n### Installing Dynamically\n\nCalling `enable` will set the debug provider at the highest level, so it preempts \"SunJSSE\" and then delegates to it.\n\n```java\nDebugJSSEProvider provider = DebugJSSEProvider.enable();\n```\n\n### Installing Statically\n\nYou can install the [provider statically](https://docs.oracle.com/javase/9/security/java-secure-socket-extension-jsse-reference-guide.htm#JSSEC-GUID-8BC473B2-CD64-4E8B-8136-80BB286091B1) by adding the provider as the highest priority item in `\u003cjava-home\u003e/conf/security/java.security`:\n\n```bash\nsecurity.provider.1=debugJSSE|com.tersesystems.debugjsse.DebugJSSEProvider\n```\n\n## Setting Debug\n\nYou can change the `Debug` instance by calling `setDebug`:\n\n```java\nDebug sysErrDebug = new PrintStreamDebug(System.err);\nprovider.setDebug(sysErrDebug);\n```\n\nor use java.util.logging:\n\n```java\nprovider.setDebug(new LoggingDebug(DEBUG, debugLogger));\n```\n\nAnd you can add your own logging framework by extending `AbstractDebug`:\n\n```java\norg.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(\"Main\");\nDebug slf4jDebug = new AbstractDebug() {\n    @Override\n    public void enter(String message) {\n        logger.debug(message);\n    }\n\n    @Override\n    public void exit(String message) {\n        logger.debug(message);\n    }\n\n    @Override\n    public void exception(String message, Exception e) {\n        logger.error(message, e);\n    }\n};\n```\n\n## Full Example\n\nFull example here:\n\n```java\nimport com.tersesystems.debugjsse.AbstractDebug;\nimport com.tersesystems.debugjsse.Debug;\nimport com.tersesystems.debugjsse.DebugJSSEProvider;\nimport org.slf4j.LoggerFactory;\n\nimport javax.net.ssl.TrustManager;\nimport javax.net.ssl.TrustManagerFactory;\nimport javax.net.ssl.X509ExtendedKeyManager;\nimport javax.net.ssl.X509ExtendedTrustManager;\nimport java.security.KeyStore;\nimport java.security.Security;\nimport java.security.cert.X509Certificate;\nimport java.util.Arrays;\n\npublic class Main {\n\n    private static final org.slf4j.Logger logger = LoggerFactory.getLogger(\"Main\");\n\n    private static final Debug slf4jDebug = new AbstractDebug() {\n        @Override\n        public void enter(String message) {\n            logger.debug(message);\n        }\n\n        @Override\n        public void exit(String message) {\n            logger.debug(message);\n        }\n\n        @Override\n        public void exception(String message, Exception e) {\n            logger.error(message, e);\n        }\n    };\n\n    public static void main(String[] args) throws Exception {\n        DebugJSSEProvider.enable().setDebug(slf4jDebug);\n\n        SSLContext sslContext = SSLContext.getInstance(\"TLS\");\n        sslContext.init(null, null, null);\n        SSLEngine sslEngine = sslContext.createSSLEngine();\n\n        System.out.println(\"sslEngine = \" + sslEngine);\n    }\n}\n```\n\nProduces the output:\n\n```\n2018-08-05 11:47:15,108 DEBUG [main] - enter: javax.net.ssl.SSLContext@50cbc42f.init(keyManagers = null, trustManagers = null, secureRandom = null)\n2018-08-05 11:47:15,111 DEBUG [main] - enter: trustManagerFactory1-1533494835111@1265210847.init: args = null\n2018-08-05 11:47:15,184 DEBUG [main] - exit:  trustManagerFactory1-1533494835111@1265210847.init: args = null =\u003e null\n2018-08-05 11:47:15,184 DEBUG [main] - enter: trustManagerFactory1-1533494835111@1265210847.getTrustManagers()\n2018-08-05 11:47:15,185 DEBUG [main] - exit:  trustManagerFactory1-1533494835111@1265210847.getTrustManagers() =\u003e [trustManager1-1533494835185@627185331]\n2018-08-05 11:47:15,186 DEBUG [main] - exit:  javax.net.ssl.SSLContext@50cbc42f.init(keyManagers = null, trustManagers = null, secureRandom = null) =\u003e null\n2018-08-05 11:47:15,186 DEBUG [main] - enter: javax.net.ssl.SSLContext@50cbc42f.createSSLEngine()\n2018-08-05 11:47:15,190 DEBUG [main] - exit:  javax.net.ssl.SSLContext@50cbc42f.createSSLEngine() =\u003e 2a18f23c[SSLEngine[hostname=null port=-1] SSL_NULL_WITH_NULL_NULL]\nsslEngine = 2a18f23c[SSLEngine[hostname=null port=-1] SSL_NULL_WITH_NULL_NULL]\n```\n\n## Further Reading\n\n* https://github.com/cloudfoundry/java-buildpack-security-provider/tree/master/src/main/java/org/cloudfoundry/security\n* https://github.com/scholzj/AliasKeyManager\n* https://tersesystems.com/blog/2014/07/07/play-tls-example-with-client-authentication/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftersesystems%2Fdebugjsse","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftersesystems%2Fdebugjsse","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftersesystems%2Fdebugjsse/lists"}