// always verify the host - dont check for certificate
final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier()
{
public boolean verify(String hostname, SSLSession session)
{
return true;
}
};
/**
* Trust every server - dont check for any certificate
*/
private static void trustAllHosts()
{
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]
{
new X509TrustManager()
{
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return new java.security.cert.X509Certificate[] {};
}
public void checkClientTrusted(X509Certificate[] chain,String authType)throws CertificateException
{
}
public void checkServerTrusted(X509Certificate[] chain,String authType) throws CertificateException
{
}
}
};
//Install the all-trusting trust manager
try
{
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
catch (Exception e)
{
e.printStackTrace();
}
}
HttpURLConnection http = null;
if (url.getProtocol().toLowerCase().equals("https"))
{
trustAllHosts();
HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
https.setHostnameVerifier(DO_NOT_VERIFY);
http = https;
}
else
{
http = (HttpURLConnection) url.openConnection();
}
可以实现不需要任何的服务器验证
猜你喜欢
转载自jykenan.iteye.com/blog/1862310
今日推荐
周排行