SSLSocketFactory in java

前端未结

关注

 1  865

What role does SSLSocketFactory class in java play when using HttpsURLConnection? The java docs is not of much help.

Are there any ways to

相关标签:

1条回答

心在旅途

2020-12-14 12:19

It is done through SSLContext. You init one and then use it's socket factory to create HttpsConnection instances.

Here is rough example of how I manage this in my application:

SSLContext sc = SSLContext.getInstance("SSL");
sc.init(myKeyManagerFactory.getKeyManagers(), myTrustManagerArray, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

after that your openConnection() calls for https sites will use the sslsocketfactory you initialized here.

Here code for TrustManager to use in your ssl context wich will trust all certificates:

TrustManager[] myTrustManagerArray = new TrustManager[]{new TrustEveryoneManager()};

class TrustEveryoneManager implements X509TrustManager {
    public void checkClientTrusted(X509Certificate[] arg0, String arg1){}
    public void checkServerTrusted(X509Certificate[] arg0, String arg1){}
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}

Upd from Bruno: beware, trusting any certificate, however convenient it is, makes the connection vulnerable to MITM attacks

0 讨论(0)