[英]Restore SSL X509TrustManager in Java
I have the following code which conditionally (based on a boolean
) disables SSL certificate checking. 我有以下代码,这些代码有条件地(基于
boolean
)禁用SSL证书检查。
However, if I set the boolean
to false
and re-run my code, the SSL checking still seems to be disabled (when it should be re-enabled). 但是,如果我将
boolean
设置为false
并重新运行代码,则SSL检查似乎仍处于禁用状态(应重新启用)。
So, what's the opposite logic of this, so that checking is restored? 那么,与此相反的逻辑是什么,以便恢复检查?
if (bIgnoreSSL) {
TrustManager[] trustAllCertificates = new TrustManager[] {
new X509TrustManager()
{
@Override
public X509Certificate[] getAcceptedIssuers() { return null; // Not relevant.}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) { // Do nothing. Just allow them all. }
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType){ // Do nothing. Just allow them all.}
}
};
HostnameVerifier trustAllHostnames = new HostnameVerifier()
{
@Override
public boolean verify(String hostname, SSLSession session) { return true; // Just allow them all. }
};
try
{
System.setProperty("jsse.enableSNIExtension", "false");
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCertificates, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(trustAllHostnames);
}
catch (GeneralSecurityException e)
{
throw new ExceptionInInitializerError(e);
}
}
else {
// Code to restore here (Opposite of above?)
}
One alternative is to first save the defaults in a variable, so you can restore them later: 一种选择是先将默认值保存在变量中,以便以后可以将其还原:
// save defaults (do this before setting another defaults)
HostnameVerifier defaultVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
SSLSocketFactory defaultFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
if (bIgnoreSSL) {
...
} else {
// restore defaults
HttpsURLConnection.setDefaultHostnameVerifier(defaultVerifier);
HttpsURLConnection.setDefaultSSLSocketFactory(defaultFactory);
}
Another alternative (a better one, IMO) is to not set the default for all connections, but set for each individual connection instead: 另一种替代方法(更好的方法是IMO)是不为所有连接设置默认值,而是为每个单独的连接设置:
HttpsURLConnection conn = // create connection
if (bIgnoreSSL) {
// set custom verifier and factory only for this connection
conn.setHostnameVerifier(trustAllHostnames);
conn.setSSLSocketFactory(sc.getSocketFactory());
}
// no need to restore (else), as I didn't change the defaults
This changes the verifier and factory only for the specified connection, without affecting the defaults (so there's no need to restore). 这仅更改指定连接器的验证程序和工厂,而不会影响默认设置(因此无需还原)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.