Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSLSocketFactory in java

Tags:

java

https

ssl

What role does SSLSocketFactory class in java play when using HttpsURLConnection? The java docs is not of much help.

Are there any ways to bind the keystore and the truststore to with the sslsocketfactory object, to make it point to the keystore and the truststore?

Otherwise how will the connection know the location of the keystore and the truststore(I don't want to use java System Properties)?

like image 1000
Ashwin Avatar asked Mar 29 '12 08:03

Ashwin

People also ask

How SSL work in java?

Simply put, the Secured Socket Layer (SSL) enables a secured connection between two parties, usually clients and servers. SSL provisions a secure channel between two devices operating over a network connection. One usual example for SSL is to enable secure communications between web browsers and web servers.

What is the use of SSLContext in Java?

SSLContext is an engine class for an implementation of a secure socket protocol. An instance of this class acts as a factory for SSL socket factories and SSL engines. An SSLContext holds all of the state information shared across all objects created under that context.

1 Answers

It is done through SSLContext. You init one and then use it's socket factory to create HttpsConnection instances.

Here is rough example of how I manage this in my application:

SSLContext sc = SSLContext.getInstance("SSL");
sc.init(myKeyManagerFactory.getKeyManagers(), myTrustManagerArray, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

after that your openConnection() calls for https sites will use the sslsocketfactory you initialized here.

Here code for TrustManager to use in your ssl context wich will trust all certificates:

TrustManager[] myTrustManagerArray = new TrustManager[]{new TrustEveryoneManager()};

class TrustEveryoneManager implements X509TrustManager {
    public void checkClientTrusted(X509Certificate[] arg0, String arg1){}
    public void checkServerTrusted(X509Certificate[] arg0, String arg1){}
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}

Upd from Bruno: beware, trusting any certificate, however convenient it is, makes the connection vulnerable to MITM attacks

like image 178
yggdraa Avatar answered Oct 12 '22 10:10

yggdraa
Sign in to Comment

Related questions

@ElementCollection Java Persistence (Hibernate) Causes Loading of Duplicate Instances
Is there a built-in Spring environment variable for the web context root?
Java list that automatically sorts elements as I add them [duplicate]
Being asynchronously notified of a BlockingQueue having an item available
Open Source dictionary libraries [closed]
Java generics bug?
Guice eager/lazy singleton instantiations
Eclipse shortcut to run launch files
Drawing on a transparent image using Java SWT
How can I link source to a jar package in eclipse?
Error: `error - java.lang.IllegalArgumentException: URI is not hierarchical while getting a file from a classpath
Apache Tiles alternatives
How do I get unit test to run in java 7: java.lang.VerifyError: Expecting a stackmap frame at branch target
REST Java web service using protobuf [closed]
JDK, JRE an JARs compatibility
Error handling - is this a decent pattern?
JNI , call boolean method
Why is guava's Cache.invalidate(Object key) method not generic?
Java error: "Comparison method violates its general contract!"
MD5 checksums of Android APK files differ. Why?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!