X509TrustManager覆盖而不允许所有证书？ [英] X509TrustManager Override without allowing ALL certs?

问题描述

我目前正在重写X509TrustManager以允许所有证书作为临时解决方案（此时不安全）。我试图弄清楚我将如何添加，所以它只接受我遇到问题的特定证书，直到可以进行适当的修复（目前不在我的手中）。这是当前代码。

I am currently overriding X509TrustManager to allow all certs as a temporarily 'solution' (an unsafe one at that). I am trying to figure out how I would go about adding in so it accepts just a specific cert that I'm having issues with until a proper fix can be done (which is out of my hands at the moment). Here is the current code.

TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
    @Override
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @Override
    public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
    }

    @Override
    public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
    }
}};

try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (GeneralSecurityException e) {
    System.out.println(e.getStackTrace());
}

推荐答案

所有你需要做的就是从 getAcceptedIssuers 返回证书。请参阅此

All you need to do is return the certificate from getAcceptedIssuers. See this

 InputStream inStream = new FileInputStream("fileName-of-cert");
 CertificateFactory cf = CertificateFactory.getInstance("X.509");
 X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
 inStream.close();

然后在方法中的数组中返回

and then return that in an array within the method

这篇关于X509TrustManager覆盖而不允许所有证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！