当SSL碰到证书不合法(比如证书过期...)
2004-12-02 17:53
309 查看
当你用HttpsURLConnection来查看https网页内容而对方证书无效时候,回出现Exception,怎么办。
1.自己有一TrustManager 类
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;
import com.sun.net.ssl.TrustManagerFactory;
public class MyTrustManager implements X509TrustManager
{
private KeyStore keyStore;
private String keyStorePath;
private char[] keyStorePassword;
public MyTrustManager(){}
// MyTrustManager constructor. Save off keyStore object along with
// the path to the keystore (keyStorePath) and it's password
// (keyStorePassword).
public MyTrustManager(KeyStore keyStore,
String keyStorePath,
char[] keyStorePassword)
{
this.keyStore = keyStore;
this.keyStorePath = keyStorePath;
this.keyStorePassword = keyStorePassword;
}
// isClientTrusted checks to see if the chain is in the keyStore object.
// This is done with a call to isChainTrusted.
public boolean isClientTrusted(X509Certificate[] chain)
{
return isChainTrusted(chain);
}
// isServerTrusted checks to see if the chain is in the keyStore object.
// This is done with a call to isChainTrusted. If not it queries the
// user to see if the chain should be trusted and stored into the
// keyStore object. The keyStore is then saved in the file whose path
// keyStorePath
public boolean isServerTrusted(X509Certificate[] chain)
{
return true;
}
// getAcceptedIssuers retrieves all of the certificates in the keyStore
// and returns them in an X509Certificate array.
public X509Certificate[] getAcceptedIssuers()
{
X509Certificate[] X509Certs = null;
try
{
// See how many certificates are in the keystore.
int numberOfEntry = keyStore.size();
// If there are any certificates in the keystore.
if(numberOfEntry > 0)
{
// Create an array of X509Certificates
X509Certs = new X509Certificate[numberOfEntry];
// Get all of the certificate alias out of the keystore.
Enumeration aliases = keyStore.aliases();
// Retrieve all of the certificates out of the keystore
// via the alias name.
int i = 0;
while (aliases.hasMoreElements())
{
X509Certs[i] =
(X509Certificate)keyStore.
getCertificate((String)aliases.nextElement());
i++;
}
}
}
catch( Exception e )
{
System.out.println( "getAcceptedIssuers Exception: "
+ e.toString() );
X509Certs = null;
}
return X509Certs;
}
// isChainTrusted searches the keyStore for any certificate in the
// certificate chain.
private boolean isChainTrusted(X509Certificate[] chain)
{
return true;
}
}
2.注册你的 TrustManager类
X509TrustManager xtm = new MyTrustManager();
TrustManager mytm[] = {
xtm};
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, mytm, null);
SSLSocketFactory factory = ctx.getSocketFactory();
//注册TrustManager类(factory)
HttpsURLConnection huc = (HttpsURLConnection)
(new URL(“http://www.aaa.com”).openConnection();
//huc.setHostnameVerifier(new com.smartghost.ssl.MyHostnameVerifier());
huc.setSSLSocketFactory(factory);
...... //错误不再
1.自己有一TrustManager 类
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;
import com.sun.net.ssl.TrustManagerFactory;
public class MyTrustManager implements X509TrustManager
{
private KeyStore keyStore;
private String keyStorePath;
private char[] keyStorePassword;
public MyTrustManager(){}
// MyTrustManager constructor. Save off keyStore object along with
// the path to the keystore (keyStorePath) and it's password
// (keyStorePassword).
public MyTrustManager(KeyStore keyStore,
String keyStorePath,
char[] keyStorePassword)
{
this.keyStore = keyStore;
this.keyStorePath = keyStorePath;
this.keyStorePassword = keyStorePassword;
}
// isClientTrusted checks to see if the chain is in the keyStore object.
// This is done with a call to isChainTrusted.
public boolean isClientTrusted(X509Certificate[] chain)
{
return isChainTrusted(chain);
}
// isServerTrusted checks to see if the chain is in the keyStore object.
// This is done with a call to isChainTrusted. If not it queries the
// user to see if the chain should be trusted and stored into the
// keyStore object. The keyStore is then saved in the file whose path
// keyStorePath
public boolean isServerTrusted(X509Certificate[] chain)
{
return true;
}
// getAcceptedIssuers retrieves all of the certificates in the keyStore
// and returns them in an X509Certificate array.
public X509Certificate[] getAcceptedIssuers()
{
X509Certificate[] X509Certs = null;
try
{
// See how many certificates are in the keystore.
int numberOfEntry = keyStore.size();
// If there are any certificates in the keystore.
if(numberOfEntry > 0)
{
// Create an array of X509Certificates
X509Certs = new X509Certificate[numberOfEntry];
// Get all of the certificate alias out of the keystore.
Enumeration aliases = keyStore.aliases();
// Retrieve all of the certificates out of the keystore
// via the alias name.
int i = 0;
while (aliases.hasMoreElements())
{
X509Certs[i] =
(X509Certificate)keyStore.
getCertificate((String)aliases.nextElement());
i++;
}
}
}
catch( Exception e )
{
System.out.println( "getAcceptedIssuers Exception: "
+ e.toString() );
X509Certs = null;
}
return X509Certs;
}
// isChainTrusted searches the keyStore for any certificate in the
// certificate chain.
private boolean isChainTrusted(X509Certificate[] chain)
{
return true;
}
}
2.注册你的 TrustManager类
X509TrustManager xtm = new MyTrustManager();
TrustManager mytm[] = {
xtm};
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, mytm, null);
SSLSocketFactory factory = ctx.getSocketFactory();
//注册TrustManager类(factory)
HttpsURLConnection huc = (HttpsURLConnection)
(new URL(“http://www.aaa.com”).openConnection();
//huc.setHostnameVerifier(new com.smartghost.ssl.MyHostnameVerifier());
huc.setSSLSocketFactory(factory);
...... //错误不再
相关文章推荐
- ATL实现Connection Point的一种简单的方法
- PHP 的 MySQL 操作类,跟手册上的函数一样用,但是更方便了。多说无益,看了就知道了。
- Java测试规范(引用)
- oracle中的分页
- Java面试题目
- delphi中的时间操作技术(2)
- 解析IP地址为主机域名
- 将某一主机域名解析为IP地址
- JCreator Pro 3.0与WTK2.0配置心得
- 有关TrueDBGrid的问题向各位大虾请教
- 力争最简单把*、&说清楚
- 一个画图类,类似ms_chart的线图,适用于科学仿真数据分析(一)
- 怎样为任何控件和区域添加提示信息:用自己封装的CTip类
- 从注册表中还原MSNMessenger口令
- Ant应用(1)
- 使用C#开发COM+组件
- 使用FSO把文本信息导入数据库
- CA证书服务器(7) 软考相关试题分析