我是Java Web Start的新手,目前正在为私有服务器使用的applet上遇到一些奇怪的行为。
我试图在下载发生之前动态检查是否忽略服务器的SSL证书。为此,我正在使用
public class TrustModifier {
private static SSLSocketFactory factory;
private static final HostnameVerifier TRUSTING_HOSTNAME_VERIFIER = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
public TrustModifier() {
}
public static void relaxHostChecking(URLConnection conn) {
if (conn instanceof HttpsURLConnection) {
try {
HttpsURLConnection httpsConnection = (HttpsURLConnection)conn;
httpsConnection.setSSLSocketFactory(getFactory());
httpsConnection.setHostnameVerifier(TRUSTING_HOSTNAME_VERIFIER);
} catch (Exception var2) {
}
}
}
private static synchronized SSLSocketFactory getFactory() throws Exception {
if (factory == null) {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init((KeyManager[])null, new X509TrustManager[]{new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}}, (SecureRandom)null);
factory = ctx.getSocketFactory();
}
return factory;
}
}
当我尝试忽略证书时,applet可以正常工作,但是当我不想忽略它们时,即使服务器具有不受信任的(自签名)证书,下载仍然会发生。
进行一些研究后,我发现Java可能将其受信任的证书与MacOS的受信任的证书绑定在一起,但是还无法验证这一点。我的Mac设置为Always trust我服务器的证书。有谁知道MacOS中如何正确处理Java可信证书,并且即使服务器正在使用自签名证书,这是否可能仍是下载的原因?