Package org.knowm.xchange.utils
Class CertHelper
java.lang.Object
org.knowm.xchange.utils.CertHelper
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic SSLSocketFactory
createExpiredAcceptingSSLSocketFactory
(String subjectPrincipalName) Creates a customSSLSocketFactory
that accepts an expired certificate.static HostnameVerifier
createIncorrectHostnameVerifier
(String requestHostname, String certPrincipalName) Creates a customHostnameVerifier
that allows a specific certificate to be accepted for a mismatching hostname.static SSLSocketFactory
createRestrictedSSLSocketFactory
(String... disabledProtocolsAndCiphers) Creates a customSSLSocketFactory
that disallows the use of a set of protocols and/or ciphers, no matter the current default configuration.static void
Deprecated.create an exclusion specific to your need rather than changing all behavior
-
Constructor Details
-
CertHelper
public CertHelper()
-
-
Method Details
-
createExpiredAcceptingSSLSocketFactory
Creates a customSSLSocketFactory
that accepts an expired certificate.- Parameters:
subjectPrincipalName
- RFC 2253 name on the expired certificate- Returns:
- An
SSLSocketFactory
that will accept the passed certificate if it is expired
-
createRestrictedSSLSocketFactory
public static SSLSocketFactory createRestrictedSSLSocketFactory(String... disabledProtocolsAndCiphers) Creates a customSSLSocketFactory
that disallows the use of a set of protocols and/or ciphers, no matter the current default configuration.- Parameters:
disabledProtocolsAndCiphers
- list of protocol or cipher names to disallow- Returns:
- An
SSLSocketFactory
that will never use the passed protocols or ciphers
-
createIncorrectHostnameVerifier
public static HostnameVerifier createIncorrectHostnameVerifier(String requestHostname, String certPrincipalName) Creates a customHostnameVerifier
that allows a specific certificate to be accepted for a mismatching hostname.- Parameters:
requestHostname
- hostname used to access the service which offers the incorrectly named certificatecertPrincipalName
- RFC 2253 name on the certificate- Returns:
- A
HostnameVerifier
that will accept the provided combination of names
-
trustAllCerts
Deprecated.create an exclusion specific to your need rather than changing all behaviorManually override the JVM's TrustManager to accept all HTTPS connections. Use this ONLY for testing, and even at that use it cautiously. Someone could steal your API keys with a MITM attack!- Throws:
Exception
-