当SSL碰到证书不合法(比如证书过期...)

当你用HttpsURLConnection来查看https网页内容而对方证书无效时候，回出现Exception，怎么办。
1.自己有一TrustManager 类
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;
import com.sun.net.ssl.TrustManagerFactory;

public  class MyTrustManager implements X509TrustManager
    {
        private KeyStore keyStore;
        private String   keyStorePath;
        private char[]   keyStorePassword;

         public MyTrustManager(){}
        // MyTrustManager constructor. Save off keyStore object along with
        // the path to the keystore (keyStorePath) and it's password
        // (keyStorePassword).
        public MyTrustManager(KeyStore         keyStore,
                              String           keyStorePath,
                              char[]           keyStorePassword)
        {
            this.keyStore = keyStore;
            this.keyStorePath = keyStorePath;
            this.keyStorePassword = keyStorePassword;
        }

        // isClientTrusted checks to see if the chain is in the keyStore object.
        // This is done with a call to isChainTrusted.
        public boolean isClientTrusted(X509Certificate[] chain)
        {
            return isChainTrusted(chain);
        }

        // isServerTrusted checks to see if the chain is in the keyStore object.
        // This is done with a call to isChainTrusted. If not it queries the
        // user to see if the chain should be trusted and stored into the
        // keyStore object. The keyStore is then saved in the file whose path
        // keyStorePath
        public boolean isServerTrusted(X509Certificate[] chain)
        {
            return true;
        }

        // getAcceptedIssuers retrieves all of the certificates in the keyStore
        // and returns them in an X509Certificate array.
        public X509Certificate[] getAcceptedIssuers()
        {
            X509Certificate[] X509Certs = null;
            try
            {
                // See how many certificates are in the keystore.
                int numberOfEntry = keyStore.size();
                // If there are any certificates in the keystore.
                if(numberOfEntry > 0)
                {
                    // Create an array of X509Certificates
                    X509Certs = new X509Certificate[numberOfEntry];

                    // Get all of the certificate alias out of the keystore.
                    Enumeration aliases = keyStore.aliases();

                    // Retrieve all of the certificates out of the keystore
                    // via the alias name.
                    int i = 0;
                    while (aliases.hasMoreElements())
                    {
                        X509Certs[i] =
                            (X509Certificate)keyStore.
                            getCertificate((String)aliases.nextElement());
                        i++;
                    }

                }
            }
            catch( Exception e )
            {
                System.out.println( "getAcceptedIssuers Exception: "
                                 + e.toString() );
                X509Certs = null;
            }
            return X509Certs;
        }

        // isChainTrusted searches the keyStore for any certificate in the
        // certificate chain.
        private boolean isChainTrusted(X509Certificate[] chain)
        {
            return true;
        }
    }
2.注册你的 TrustManager类
    X509TrustManager xtm = new MyTrustManager();
     TrustManager mytm[] = {
         xtm};
    SSLContext ctx = SSLContext.getInstance("SSL");
    ctx.init(null, mytm, null);

    SSLSocketFactory factory = ctx.getSocketFactory();
   //注册TrustManager类(factory)
   HttpsURLConnection huc = (HttpsURLConnection)
          (new URL(“http://www.aaa.com”).openConnection();
   //huc.setHostnameVerifier(new com.smartghost.ssl.MyHostnameVerifier());
   huc.setSSLSocketFactory(factory);
  ......   //错误不再

最后

以上就是痴情自行车为你收集整理的当SSL碰到证书不合法(比如证书过期...)的全部内容，希望文章能够帮你解决当SSL碰到证书不合法(比如证书过期...)所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错，欢迎将靠谱客网站推荐给程序员好友。