Package org.knowm.xchange.utils

Class CertHelper

java.lang.Object

org.knowm.xchange.utils.CertHelper

public class CertHelper
extends Object

Constructor Summary

Constructors

Constructor	Description
CertHelper()

Method Summary

Modifier and Type	Method	Description
static SSLSocketFactory	createExpiredAcceptingSSLSocketFactory(String subjectPrincipalName)	Creates a custom SSLSocketFactory that accepts an expired certificate.
static HostnameVerifier	createIncorrectHostnameVerifier(String requestHostname, String certPrincipalName)	Creates a custom HostnameVerifier that allows a specific certificate to be accepted for a mismatching hostname.
static SSLSocketFactory	createRestrictedSSLSocketFactory(String... disabledProtocolsAndCiphers)	Creates a custom SSLSocketFactory that disallows the use of a set of protocols and/or ciphers, no matter the current default configuration.
static void	trustAllCerts()	Deprecated. create an exclusion specific to your need rather than changing all behavior

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CertHelper

public CertHelper()

Method Details

createExpiredAcceptingSSLSocketFactory

public static SSLSocketFactory createExpiredAcceptingSSLSocketFactory(String subjectPrincipalName)

Creates a custom SSLSocketFactory that accepts an expired certificate.

Parameters:

subjectPrincipalName - RFC 2253 name on the expired certificate

Returns:

An SSLSocketFactory that will accept the passed certificate if it is expired

createRestrictedSSLSocketFactory

public static SSLSocketFactory createRestrictedSSLSocketFactory(String... disabledProtocolsAndCiphers)

Creates a custom SSLSocketFactory that disallows the use of a set of protocols and/or ciphers, no matter the current default configuration.

Parameters:

disabledProtocolsAndCiphers - list of protocol or cipher names to disallow

Returns:

An SSLSocketFactory that will never use the passed protocols or ciphers

createIncorrectHostnameVerifier

public static HostnameVerifier createIncorrectHostnameVerifier(String requestHostname,
 String certPrincipalName)

Creates a custom HostnameVerifier that allows a specific certificate to be accepted for a mismatching hostname.

Parameters:

requestHostname - hostname used to access the service which offers the incorrectly named certificate

certPrincipalName - RFC 2253 name on the certificate

Returns:

A HostnameVerifier that will accept the provided combination of names

trustAllCerts

@Deprecated
public static void trustAllCerts()
                          throws Exception

Deprecated.

create an exclusion specific to your need rather than changing all behavior

Manually override the JVM's TrustManager to accept all HTTPS connections. Use this ONLY for testing, and even at that use it cautiously. Someone could steal your API keys with a MITM attack!

Throws:

Exception