Java：覆盖禁用SSL证书检查的功能 [英] Java: Overriding function to disable SSL certificate check

问题描述

Web服务是通过SSL进行的，它具有自签名证书，托管在远程系统中。我已经创建了一个访问该Web服务的客户端。这是通过以编程方式将证书添加到密钥存储区来完成的。 。

The web service is rest over SSL and it has self signed certificate, hosted in remote system.I have already created a client accessing that web service. This is done by adding the certificate to the key store programatically.

现在我听说，没有必要将证书添加到密钥存储区以访问自签名的Web服务。 我们可以通过覆盖某些方法来禁用证书检查。这是真的？这些方法是哪些？请帮忙。

Now I heard that, it is not necessary to add certificate to key store for accesing a self signed web service. Instead we can disable the certificate check by overriding some methods. Is this true? Which are those methods? Please help.

推荐答案

这应该足够了。我在测试代码时测试和暂存我们没有正确签名证书的服务器时使用它。 但是，您真的应该考虑在生产服务器上获取有效的SSL证书 。没有人想要被窃听并且侵犯他们的隐私。

This should be sufficient. I use this when testing code against testing and staging servers where we don't have properly signed certificates. However, you should really really strongly consider getting a valid SSL certificate on your production server. Nobody wants to be wiretapped and have their privacy violated.

SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager[] { new TrustAllX509TrustManager() }, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier( new HostnameVerifier(){
    public boolean verify(String string,SSLSession ssls) {
        return true;
    }
});

这就是。

import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;

/**
 * DO NOT USE IN PRODUCTION!!!!
 * 
 * This class will simply trust everything that comes along.
 * 
 * @author frank
 *
 */
public class TrustAllX509TrustManager implements X509TrustManager {
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public void checkClientTrusted(java.security.cert.X509Certificate[] certs,
            String authType) {
    }

    public void checkServerTrusted(java.security.cert.X509Certificate[] certs,
            String authType) {
    }

}

祝你好运！

=== UPDATE ===

我只想指出有一项名为让我们加密的服务，自动化生成和设置几乎所有人都认可的SSL / TLS证书的过程，并且它是完全免费的！

I just wanted to point out that there's a service called Let's Encrypt which automates the process of generating and setting up SSL/TLS certificates recognised by virtually everybody, and it's absolutely free!

这篇关于Java：覆盖禁用SSL证书检查的功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！