SSLSocketFactory in java

Question

SSLSocketFactory in java

What role does the SSLSocketFactory class SSLSocketFactory in java when using HttpsURLConnection ? Java docs don't really help.

Is there a way to bind the keystore and power of attorney to the sslsocketfactory object so that it points to the keystore and trust store?

Otherwise, how does the connection know the location of the keystore and trust store (I do not want to use java System Properties )?

+4

java ssl https

Ashwin Mar 29 2018-12-12T00:

source share

1 answer

yggdraa · Accepted Answer · 2012-03-29 08:35

This is done through SSLContext. You start one and then use its factory socket to instantiate the HttpsConnection.

Here is an example of how I manage this in my application:

 SSLContext sc = SSLContext.getInstance("SSL"); sc.init(myKeyManagerFactory.getKeyManagers(), myTrustManagerArray, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

after which your openConnection () calls for https sites will use the sslsocketfactory initialized here.

Here is the code for TrustManager to use in your ssl context, which will trust all certificates:

 TrustManager[] myTrustManagerArray = new TrustManager[]{new TrustEveryoneManager()}; class TrustEveryoneManager implements X509TrustManager { public void checkClientTrusted(X509Certificate[] arg0, String arg1){} public void checkServerTrusted(X509Certificate[] arg0, String arg1){} public X509Certificate[] getAcceptedIssuers() { return null; } }

Bruno Update: Be careful trusting any certificate, no matter how convenient, makes the connection vulnerable to MITM attacks.

SSLSocketFactory in java

More articles: