Whats an easy way to totally ignore ssl with java url connections?

前端 未结 1 1425
夕颜
夕颜 2020-11-27 16:58

I\'m building an application that periodically checks some rss feeds for new content. Some of these feeds are only reachable via https and some have self signed or somehow b

相关标签:
1条回答
  • 2020-11-27 17:41

    There is a solution at here which gracefully works for me. Just call

    SSLUtilities.trustAllHostnames();
    SSLUtilities.trustAllHttpsCertificates();
    

    Before your SSL connection.

    You can also capture more solution by searching Internet for java ssl trustall.

    Here is the copy of that solution (in case of maybe a broken link in future):

     import java.security.GeneralSecurityException;
     import java.security.SecureRandom;
     import java.security.cert.X509Certificate;
     import javax.net.ssl.HostnameVerifier;
     import javax.net.ssl.HttpsURLConnection;
     import javax.net.ssl.SSLContext;
     import javax.net.ssl.TrustManager;
     import javax.net.ssl.X509TrustManager;
    
     /**
      * This class provide various static methods that relax X509 certificate and 
      * hostname verification while using the SSL over the HTTP protocol.
      *
      * @author    Francis Labrie
      */
     public final class SSLUtilities {
    
       /**
        * Hostname verifier for the Sun's deprecated API.
        *
        * @deprecated see {@link #_hostnameVerifier}.
        */
       private static com.sun.net.ssl.HostnameVerifier __hostnameVerifier;
       /**
        * Thrust managers for the Sun's deprecated API.
        *
        * @deprecated see {@link #_trustManagers}.
        */
       private static com.sun.net.ssl.TrustManager[] __trustManagers;
       /**
        * Hostname verifier.
        */
       private static HostnameVerifier _hostnameVerifier;
       /**
        * Thrust managers.
        */
       private static TrustManager[] _trustManagers;
    
    
       /**
        * Set the default Hostname Verifier to an instance of a fake class that 
        * trust all hostnames. This method uses the old deprecated API from the 
        * com.sun.ssl package.
        *
        * @deprecated see {@link #_trustAllHostnames()}.
        */
       private static void __trustAllHostnames() {
           // Create a trust manager that does not validate certificate chains
           if(__hostnameVerifier == null) {
               __hostnameVerifier = new _FakeHostnameVerifier();
           } // if
           // Install the all-trusting host name verifier
           com.sun.net.ssl.HttpsURLConnection.
               setDefaultHostnameVerifier(__hostnameVerifier);
       } // __trustAllHttpsCertificates
    
       /**
        * Set the default X509 Trust Manager to an instance of a fake class that 
        * trust all certificates, even the self-signed ones. This method uses the 
        * old deprecated API from the com.sun.ssl package.
        *
        * @deprecated see {@link #_trustAllHttpsCertificates()}.
        */
       private static void __trustAllHttpsCertificates() {
           com.sun.net.ssl.SSLContext context;
    
           // Create a trust manager that does not validate certificate chains
           if(__trustManagers == null) {
               __trustManagers = new com.sun.net.ssl.TrustManager[] 
                   {new _FakeX509TrustManager()};
           } // if
           // Install the all-trusting trust manager
           try {
               context = com.sun.net.ssl.SSLContext.getInstance("SSL");
               context.init(null, __trustManagers, new SecureRandom());
           } catch(GeneralSecurityException gse) {
               throw new IllegalStateException(gse.getMessage());
           } // catch
           com.sun.net.ssl.HttpsURLConnection.
               setDefaultSSLSocketFactory(context.getSocketFactory());
       } // __trustAllHttpsCertificates
    
       /**
        * Return true if the protocol handler property java.
        * protocol.handler.pkgs is set to the Sun's com.sun.net.ssl.
        * internal.www.protocol deprecated one, false 
        * otherwise.
        *
        * @return                true if the protocol handler 
        * property is set to the Sun's deprecated one, false 
        * otherwise.
        */
       private static boolean isDeprecatedSSLProtocol() {
           return("com.sun.net.ssl.internal.www.protocol".equals(System.
               getProperty("java.protocol.handler.pkgs")));
       } // isDeprecatedSSLProtocol
    
       /**
        * Set the default Hostname Verifier to an instance of a fake class that 
        * trust all hostnames.
        */
       private static void _trustAllHostnames() {
           // Create a trust manager that does not validate certificate chains
           if(_hostnameVerifier == null) {
               _hostnameVerifier = new FakeHostnameVerifier();
           } // if
             // Install the all-trusting host name verifier:
           HttpsURLConnection.setDefaultHostnameVerifier(_hostnameVerifier);
       } // _trustAllHttpsCertificates
    
       /**
        * Set the default X509 Trust Manager to an instance of a fake class that 
        * trust all certificates, even the self-signed ones.
        */
       private static void _trustAllHttpsCertificates() {
           SSLContext context;
    
           // Create a trust manager that does not validate certificate chains
           if(_trustManagers == null) {
               _trustManagers = new TrustManager[] {new FakeX509TrustManager()};
           } // if
           // Install the all-trusting trust manager:
           try {
           context = SSLContext.getInstance("SSL");
           context.init(null, _trustManagers, new SecureRandom());
           } catch(GeneralSecurityException gse) {
               throw new IllegalStateException(gse.getMessage());
           } // catch
           HttpsURLConnection.setDefaultSSLSocketFactory(context.
               getSocketFactory());
       } // _trustAllHttpsCertificates
    
       /**
        * Set the default Hostname Verifier to an instance of a fake class that 
        * trust all hostnames.
        */
       public static void trustAllHostnames() {
           // Is the deprecated protocol setted?
           if(isDeprecatedSSLProtocol()) {
               __trustAllHostnames();
           } else {
               _trustAllHostnames();
           } // else
       } // trustAllHostnames
    
       /**
        * Set the default X509 Trust Manager to an instance of a fake class that 
        * trust all certificates, even the self-signed ones.
        */
       public static void trustAllHttpsCertificates() {
           // Is the deprecated protocol setted?
           if(isDeprecatedSSLProtocol()) {
               __trustAllHttpsCertificates();
           } else {
               _trustAllHttpsCertificates();
           } // else
       } // trustAllHttpsCertificates
    
       /**
        * This class implements a fake hostname verificator, trusting any host 
        * name. This class uses the old deprecated API from the com.sun.
        * ssl package.
        *
        * @author    Francis Labrie
        *
        * @deprecated see {@link SSLUtilities.FakeHostnameVerifier}.
        */
       public static class _FakeHostnameVerifier 
           implements com.sun.net.ssl.HostnameVerifier {
    
           /**
            * Always return true, indicating that the host name is an 
            * acceptable match with the server's authentication scheme.
            *
            * @param hostname        the host name.
            * @param session         the SSL session used on the connection to 
            * host.
            * @return                the true boolean value 
            * indicating the host name is trusted.
            */
           public boolean verify(String hostname, String session) {
               return(true);
           } // verify
       } // _FakeHostnameVerifier
    
    
       /**
        * This class allow any X509 certificates to be used to authenticate the 
        * remote side of a secure socket, including self-signed certificates. This 
        * class uses the old deprecated API from the com.sun.ssl 
        * package.
        *
        * @author    Francis Labrie
        *
        * @deprecated see {@link SSLUtilities.FakeX509TrustManager}.
        */
       public static class _FakeX509TrustManager 
           implements com.sun.net.ssl.X509TrustManager {
    
           /**
            * Empty array of certificate authority certificates.
            */
           private static final X509Certificate[] _AcceptedIssuers = 
               new X509Certificate[] {};
    
    
           /**
            * Always return true, trusting for client SSL 
            * chain peer certificate chain.
            *
            * @param chain           the peer certificate chain.
            * @return                the true boolean value 
            * indicating the chain is trusted.
            */
           public boolean isClientTrusted(X509Certificate[] chain) {
               return(true);
           } // checkClientTrusted
    
           /**
            * Always return true, trusting for server SSL 
            * chain peer certificate chain.
            *
            * @param chain           the peer certificate chain.
            * @return                the true boolean value 
            * indicating the chain is trusted.
            */
           public boolean isServerTrusted(X509Certificate[] chain) {
               return(true);
           } // checkServerTrusted
    
           /**
            * Return an empty array of certificate authority certificates which 
            * are trusted for authenticating peers.
            *
            * @return                a empty array of issuer certificates.
            */
           public X509Certificate[] getAcceptedIssuers() {
               return(_AcceptedIssuers);
           } // getAcceptedIssuers
       } // _FakeX509TrustManager
    
    
       /**
        * This class implements a fake hostname verificator, trusting any host 
        * name.
        *
        * @author    Francis Labrie
        */
       public static class FakeHostnameVerifier implements HostnameVerifier {
    
           /**
            * Always return true, indicating that the host name is 
            * an acceptable match with the server's authentication scheme.
            *
            * @param hostname        the host name.
            * @param session         the SSL session used on the connection to 
            * host.
            * @return                the true boolean value 
            * indicating the host name is trusted.
            */
           public boolean verify(String hostname, 
               javax.net.ssl.SSLSession session) {
               return(true);
           } // verify
       } // FakeHostnameVerifier
    
    
       /**
        * This class allow any X509 certificates to be used to authenticate the 
        * remote side of a secure socket, including self-signed certificates.
        *
        * @author    Francis Labrie
        */
       public static class FakeX509TrustManager implements X509TrustManager {
    
           /**
            * Empty array of certificate authority certificates.
            */
           private static final X509Certificate[] _AcceptedIssuers = 
               new X509Certificate[] {};
    
    
           /**
            * Always trust for client SSL chain peer certificate 
            * chain with any authType authentication types.
            *
            * @param chain           the peer certificate chain.
            * @param authType        the authentication type based on the client 
            * certificate.
            */
           public void checkClientTrusted(X509Certificate[] chain, 
               String authType) {
           } // checkClientTrusted
    
           /**
            * Always trust for server SSL chain peer certificate 
            * chain with any authType exchange algorithm types.
            *
            * @param chain           the peer certificate chain.
            * @param authType        the key exchange algorithm used.
            */
           public void checkServerTrusted(X509Certificate[] chain, 
               String authType) {
           } // checkServerTrusted
    
           /**
            * Return an empty array of certificate authority certificates which 
            * are trusted for authenticating peers.
            *
            * @return                a empty array of issuer certificates.
            */
           public X509Certificate[] getAcceptedIssuers() {
               return(_AcceptedIssuers);
           } // getAcceptedIssuers
       } // FakeX509TrustManager
     } // SSLUtilities
    
    0 讨论(0)
提交回复
热议问题