如何使用Java Mail API验证SMTP服务器的SSL/TLS证书? [英] How to validate SMTP server's SSL/TLS certificate using java mail API?

问题描述

我们添加了通过SMTP发送电子邮件的功能.基本上，当用户尝试通过UI添加和保存SMTP服务器详细信息时，我将需要验证服务器的证书.我可以完成发送邮件"代码；有足够多的示例:)但是，我试图查看是否有任何方法可以从SMTP服务器获取证书详细信息并使用Java邮件API在客户端进行验证；我可以看到Transport.connect()方法隐式地验证了服务器证书，但是我试图了解是否有任何显式的方法来进行验证.简而言之，以下是我要实现的两件事:

We are adding a functionality to send email through SMTP. Basically, when the user tries to add and save the SMTP server details through UI, I will need to validate the server's certificate. I could get the "sending mail" code done; there are enough number of examples :) However, I'm trying to see if there is any way to get the certificate details from the SMTP server and validate at client side using java mail API; I can see the Transport.connect() method implicitly validates the server certificate,but i'm trying to understand if there is any explicit way of doing it. In short, these are the 2 things i'm trying to achieve:

1)从服务器获取SLL/TLS证书，并提示用户相关的详细信息(例如，该证书是否有效). 2)如果证书无效，请提供将其添加到密钥存储区的选项.

1) Get the SLL/TLS certificate from the server and prompt the user with relevant details(like, whether the certificate is valid). 2) If the certificate is not valid, provide the option to add it to the key store.

任何通过Java邮件API完成此操作的提示将不胜感激.

Any hints to get this done through java mail API would be appreciated.

推荐答案

您可以使用openssl获取SSL/TLS或STARTTLS的服务器证书.

You can use openssl to get server certificates for SSL/TLS or STARTTLS.

对于SSL/TLS:

openssl s_client -connect smtp.gmail.com:465 -CApath /etc/ssl/ </dev/null

对于STARTTLS:

For STARTTLS:

openssl s_client -starttls smtp -crlf -connect smtp.gmail.com:587 -CApath /etc/ssl/ </dev/null

我不知道如何使用Java Mail API来执行此操作，但是也许您可以使用Java的openssl包装器来执行与上述命令行中的调用等效的调用.

I don't know how to do this using the Java Mail API, but perhaps you can use an openssl wrapper for Java to execute the calls equivalent to the those in the command lines above.

这篇关于如何使用Java Mail API验证SMTP服务器的SSL/TLS证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！