JAVA HttpsURLConnection 忽略对SSL valid 的验证

有时候我们对https进行测试的时候，经常自签署一个证书给server,这个certificate经常是不能通过验证的，但是我们又要用这个https,所以我们经常来忽略对SSL validation的验证。

.NET很简单，就一句话

System.Net.ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror) => { return true; };

Java的稍微麻烦一点

import sun.security.mscapi.SunMSCAPI;
import javax.net.ssl.*;
import java.io.*;
import java.net.URL;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier allHostsValid = new HostnameVerifier(){
public boolean verify(String hostname, SSLSession session) {
return true;
}

};
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
URL url = new URL(https_url);
HttpsURLConnection  conn = (HttpsURLConnection)url.openConnection();
SSLSocketFactory sslSocketFactory = sc.getSocketFactory();
conn.setSSLSocketFactory(sslSocketFactory);