java X509TrustManager 覆盖而不允许所有证书?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11857417/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
X509TrustManager Override without allowing ALL certs?
提问by user1015523
I am currently overriding X509TrustManager to allow all certs as a temporarily 'solution' (an unsafe one at that). I am trying to figure out how I would go about adding in so it accepts just a specific cert that I'm having issues with until a proper fix can be done (which is out of my hands at the moment). Here is the current code.
我目前正在覆盖 X509TrustManager 以允许所有证书作为临时“解决方案”(一个不安全的解决方案)。我试图弄清楚我将如何添加,以便它只接受我遇到问题的特定证书,直到可以完成正确的修复(目前我无法控制)。这是当前的代码。
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
}};
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (GeneralSecurityException e) {
System.out.println(e.getStackTrace());
}
采纳答案by dfb
All you need to do is return the certificate from getAcceptedIssuers. See this
您需要做的就是从 返回证书getAcceptedIssuers。看到这个
InputStream inStream = new FileInputStream("fileName-of-cert");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
inStream.close();
and then return that in an array within the method
然后在方法中的数组中返回它
回答by Stephen C
One possibility would be to temporarily add the problematic certificate to your JVM's key store as a trusted certificate.
一种可能性是将有问题的证书作为受信任的证书临时添加到 JVM 的密钥库中。
