8

我目前正在覆盖 X509TrustManager 以允许所有证书作为临时“解决方案”(当时不安全)。我试图弄清楚我将如何添加,所以它只接受一个我遇到问题的特定证书,直到可以完成适当的修复(目前这不在我的掌控之中)。这是当前代码。

TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
    @Override
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @Override
    public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
    }

    @Override
    public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
    }
}};

try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (GeneralSecurityException e) {
    System.out.println(e.getStackTrace());
}
4

2 回答 2

7

您需要做的就是从getAcceptedIssuers. 看到这个

 InputStream inStream = new FileInputStream("fileName-of-cert");
 CertificateFactory cf = CertificateFactory.getInstance("X.509");
 X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
 inStream.close();

然后在方法内的数组中返回它

于 2012-08-08T03:59:01.183 回答
0

一种可能性是将有问题的证书作为可信证书临时添加到 JVM 的密钥库中。

于 2012-08-08T04:06:15.537 回答