X509TrustManager信任SSL证书

做个笔记

private Discovery getTrustDiscovery() throws KeyManagementException, NoSuchAlgorithmException, NoSuchProviderException, IOException {

// 对用户提供的标识符执行发现

Discovery dd = new Discovery();

// //创建SSLContext对象，并使用我们指定的信任管理器初始化

// TrustManager[] tm = {new MyX509TrustManager ()};

// SSLContext sslContext = SSLContext.getInstance("SSL","SunJSSE");

// sslContext.init(null, tm, new java.security.SecureRandom());

//

// //从上述SSLContext对象中得到SSLSocketFactory对象

// SSLSocketFactory ssf = sslContext.getSocketFactory();

//

// //创建HttpsURLConnection对象，并设置其SSLSocketFactory对象

// URL url=new URL(ENDPOINT);

// HttpsURLConnection httpsConn = (HttpsURLConnection)url.openConnection();

// httpsConn.setSSLSocketFactory(ssf);
```
	// 获取一个SSLContext实例
	SSLContext s = SSLContext.getInstance("SSL");
	X509TrustManager x509m = new X509TrustManager() {
```
// 返回受信任的X509证书数组。

@Override

public X509Certificate[] getAcceptedIssuers() {

return null;

}

// 该方法检查服务器的证书，若不信任该证书同样抛出异常。通过自己实现该方法，可以使之信任我们指定的任何证书。

// 在实现该方法时，也可以简单的不做任何处理，即一个空的函数体，由于不会抛出异常，它就会信任任何证书。

@Override

public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {

}

// 该方法检查客户端的证书，若不信任该证书则抛出异常。由于我们不需要对客户端进行认证，

// 因此我们只需要执行默认的信任管理器的这个方法。JSSE中，默认的信任管理器类为TrustManager。

@Override

public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {

}

};

s.init(null, new TrustManager[] { x509m }, new java.security.SecureRandom());

// 打印这个SSLContext实例使用的协议

// System.out.println("缺省安全套接字使用的协议: " + s.getProtocol());

// 获取SSLContext实例相关的SSLEngine

dd.setYadisResolver(new YadisResolver(new HttpFetcherFactory(s, new X509HostnameVerifier() {
```
		@Override
		public boolean verify(String hostname, SSLSession session) {
			// TODO Auto-generated method stub
			return true;
		}

		@Override
		public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException {
			// TODO Auto-generated method stub

		}

		@Override
		public void verify(String host, X509Certificate cert) throws SSLException {
			// TODO Auto-generated method stub

		}

		@Override
		public void verify(String host, SSLSocket ssl) throws IOException {
			// TODO Auto-generated method stub

		}
	})));
	return dd;

}
```
package com.jiuqi.crcc.util;

import java.security.cert.CertificateException;

import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;

import javax.net.ssl.HttpsURLConnection;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLSession;

import javax.net.ssl.TrustManager;

import javax.net.ssl.X509TrustManager;

/**

*
- TODO SSL忽略安全证书
*/

public class SslUtils {

private static void trustAllHttpsCertificates() throws Exception {

TrustManager[] trustAllCerts = new TrustManager[1];

TrustManager tm = new miTM();

trustAllCerts[0] = tm;

SSLContext sc = SSLContext.getInstance("SSL");

sc.init(null, trustAllCerts, null);

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

}
```
static class miTM implements TrustManager,X509TrustManager {
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public boolean isServerTrusted(X509Certificate[] certs) {
        return true;
    }

    public boolean isClientTrusted(X509Certificate[] certs) {
        return true;
    }

    public void checkServerTrusted(X509Certificate[] certs, String authType)
            throws CertificateException {
        return;
    }

    public void checkClientTrusted(X509Certificate[] certs, String authType)
            throws CertificateException {
        return;
    }
}
 
/**
 * 忽略HTTPS请求的SSL证书，必须在openConnection之前调用
 * @throws Exception
 */
public static void ignoreSsl() throws Exception{
    HostnameVerifier hv = new HostnameVerifier() {
        public boolean verify(String urlHostName, SSLSession session) {
            return true;
        }
    };
    trustAllHttpsCertificates();
    HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
```
}