How to programmatically add self signed certificat

2019-04-10 19:46发布

站内问答 / Java
924 2 5

Following code snippet is to get JSon response from a HTTP URL:

private static void getJson(String location) {
    try {
        try {
            createSSLSocket();
            URL url = new URL(
                    "https://abc.com/key/one");
            HttpURLConnection conn = (HttpURLConnection) url
                    .openConnection();
            conn.setRequestMethod("GET");
            conn.setRequestProperty("Accept", "application/json");
            if (conn.getResponseCode() != 200) {
                throw new RuntimeException("Failed : HTTP error code : "
                        + conn.getResponseCode());
            }
            BufferedReader br = new BufferedReader(new InputStreamReader(
                    (conn.getInputStream())));
            String output;
            System.out.println("Output from Server .... \n");
            while ((output = br.readLine()) != null) {
                System.out.println(output);
            }
            conn.disconnect();

        } catch (MalformedURLException e) {
            e.printStackTrace();

        } catch (IOException e) {
            e.printStackTrace();

        }
    } catch (Exception ex) {
        ex.printStackTrace();
    }

}

But it is throwing SSLHandshaking exception because i didn't added self signed certification exception to the code. I have done this in C# but not in java. What steps should i perform? Need your suggestion :)

Thanks in advance.

2条回答
姐就是有狂的资本
2楼-- · 2019-04-10 19:57

To add trust for a self signed certificate, you can create a truststore java keystore file and set the javax.net.ssl.trustStore property to point at this file. The openConnection method will check the truststore to see if the certificate can be trusted.

To create a truststore file you can use the keytool command which is part of the JDK and should be in your JAVA_HOME/bin directory.

keytool -import -file yourcert.cert -alias abc -keystore truststore.jks

The command will prompt you for a password which you will need if you want to edit the truststore. After entering the password it will create a truststore.jks file. To programmatically set the truststore in Java you can either pass it as a property with -Djavax.net.ssl.trustStore=/path/truststore.jks or you can call System.setProperty

System.setProperty("javax.net.ssl.trustStore", "/path/truststore.jks");

To have a look at ssl properties used by Java have a look here.

查看更多
0人赞 添加讨论(0) 举报
来,给爷笑一个
3楼-- · 2019-04-10 19:58

You can configure the HttpsURLConnection socket factory to accept all certificate without any validation:

private class TrustAll implements X509TrustManager
{
    public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException
    {
    }

    public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException
    {
    }

    public X509Certificate[] getAcceptedIssuers()
    {
        return new X509Certificate[0];
    }
}

SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] { new TrustAll() }, null);
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());

UPDATE

You just have to call this code once at the start of the application. All HTTPS connections opened with URL.openConnection() will use this socket factory. Another solution could be adding this code in the createSSLSocket() method body.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)