📄 customsslsocketfactory.java
字号:
package com.sslexplorer.boot;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class CustomSSLSocketFactory extends SocketFactory implements X509TrustManager {
static Log log = LogFactory.getLog(CustomSSLSocketFactory.class);
static CustomSSLSocketFactory instance;
KeyStore trustcacerts;
private CustomSSLSocketFactory() {
String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
try {
FileInputStream is = new FileInputStream(filename);
trustcacerts = KeyStore.getInstance(KeyStore.getDefaultType());
String password = "changeit";
trustcacerts.load(is, password.toCharArray());
} catch (Exception e) {
log.error("Failed to load trusted cacerts keystore from " + filename);
}
}
public static SocketFactory getDefault() {
return instance == null ? instance = new CustomSSLSocketFactory() : instance;
}
public boolean checkForTrustedHost(String hostname) {
return KeyStoreManager.getInstance(KeyStoreManager.TRUSTED_SERVER_CERTIFICATES_KEY_STORE).getCertificate(hostname) != null;
}
public Socket createSocket(String hostname, int port) throws IOException, UnknownHostException {
try {
SSLContext sslCtx = SSLContext.getInstance("SSL");
KeyManager[] aKM = getKeyManagerArray();
TrustManager[] aTM = getTrustManagerArray();
sslCtx.init(aKM, aTM, null);
SSLSocketFactory socketFactory = sslCtx.getSocketFactory();
SSLSocket theSocket = (SSLSocket) socketFactory.createSocket(hostname, port);
return theSocket;
} catch (KeyManagementException e) {
throw new IOException("Cannot create SSL socket: " + e.getMessage());
} catch (NoSuchAlgorithmException e) {
throw new IOException("Cannot create SSL socket: " + e.getMessage());
}
}
public Socket createSocket(String hostname, int port, InetAddress arg2, int arg3) throws IOException, UnknownHostException {
try {
SSLContext sslCtx = SSLContext.getInstance("SSL");
KeyManager[] aKM = getKeyManagerArray();
TrustManager[] aTM = getTrustManagerArray();
sslCtx.init(aKM, aTM, null);
SSLSocketFactory socketFactory = sslCtx.getSocketFactory();
SSLSocket theSocket = (SSLSocket) socketFactory.createSocket(hostname, port, arg2, arg3);
return theSocket;
} catch (KeyManagementException e) {
throw new IOException("Cannot create SSL socket: " + e.getMessage());
} catch (NoSuchAlgorithmException e) {
throw new IOException("Cannot create SSL socket: " + e.getMessage());
}
}
public Socket createSocket(InetAddress arg0, int arg1) throws IOException {
try {
SSLContext sslCtx = SSLContext.getInstance("SSL");
KeyManager[] aKM = getKeyManagerArray();
TrustManager[] aTM = getTrustManagerArray();
sslCtx.init(aKM, aTM, null);
SSLSocketFactory socketFactory = sslCtx.getSocketFactory();
SSLSocket theSocket = (SSLSocket) socketFactory.createSocket(arg0, arg1);
return theSocket;
} catch (KeyManagementException e) {
throw new IOException("Cannot create SSL socket: " + e.getMessage());
} catch (NoSuchAlgorithmException e) {
throw new IOException("Cannot create SSL socket: " + e.getMessage());
}
}
public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2, int arg3) throws IOException {
try {
SSLContext sslCtx = SSLContext.getInstance("SSL");
KeyManager[] aKM = getKeyManagerArray();
TrustManager[] aTM = getTrustManagerArray();
sslCtx.init(aKM, aTM, null);
SSLSocketFactory socketFactory = sslCtx.getSocketFactory();
SSLSocket theSocket = (SSLSocket) socketFactory.createSocket(arg0, arg1, arg2, arg3);
return theSocket;
} catch (KeyManagementException e) {
throw new IOException("Cannot create SSL socket: " + e.getMessage());
} catch (NoSuchAlgorithmException e) {
throw new IOException("Cannot create SSL socket: " + e.getMessage());
}
}
private KeyManager[] getKeyManagerArray() {
KeyStore keyStore = null;
KeyManager[] retVal = null;
try {
keyStore = KeyStoreManager.getInstance(KeyStoreManager.SERVER_AUTHENTICATION_CERTIFICATES_KEY_STORE).getKeyStore();
// Get a key manager factory out of the key store
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, KeyStoreManager.getInstance(
KeyStoreManager.SERVER_AUTHENTICATION_CERTIFICATES_KEY_STORE).getKeyStorePassword().toCharArray());
retVal = keyManagerFactory.getKeyManagers();
} catch (NoSuchAlgorithmException e) {
log.fatal("Error getting algorithm.", e);
} catch (CertificateException e) {
log.fatal("Error loading certificate.", e);
} catch (IOException e) {
log.fatal("I/O issue.", e);
} catch (KeyStoreException e1) {
log.fatal("Error loading keystore instance.", e1);
} catch (UnrecoverableKeyException e) {
log.fatal("Can't recover the key.", e);
} catch (Exception e) {
log.fatal("Unknown error", e);
}
return retVal;
}
private TrustManager[] getTrustManagerArray() {
return new TrustManager[] { this };
}
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
throw new CertificateException("Client certs are not trusted by the custom SSL trust manager.");
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
/**
* This looks for the certificate in our own trust store.
*/
try {
KeyStore trusted = KeyStoreManager.getInstance(KeyStoreManager.TRUSTED_SERVER_CERTIFICATES_KEY_STORE).getKeyStore();
for(int i=0;i<chain.length;i++) {
if(trusted.getCertificateAlias(chain[i])!=null)
return;
}
} catch (KeyStoreException e) {
log.error("Unexpected keystore exception", e);
}
/**
* If we got this far then the certificate was not in our trust store so
* lets check the java cacerts store.
*/
if(trustcacerts==null) {
if (log.isInfoEnabled())
log.info("Cannot validate from cacerts as the keystore failed to load.");
} else {
try {
CertificateFactory certFact = CertificateFactory.getInstance("X.509");
CertPath path = certFact.generateCertPath(Arrays.asList(chain));
PKIXParameters params = new PKIXParameters(trustcacerts);
params.setRevocationEnabled(false);
CertPathValidator certPathValidator
= CertPathValidator.getInstance(CertPathValidator.getDefaultType());
CertPathValidatorResult result = certPathValidator.validate(path, params);
PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult)result;
TrustAnchor ta = pkixResult.getTrustAnchor();
X509Certificate cert = ta.getTrustedCert();
return;
} catch (Exception e) {
if (log.isInfoEnabled())
log.info("Failed to validate certificate path", e);
}
}
throw new CertificateException("Certificate chain is not trusted");
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -