Class CertHelper


  • public class CertHelper
    extends Object
    • Constructor Detail

      • CertHelper

        public CertHelper()
    • Method Detail

      • createExpiredAcceptingSSLSocketFactory

        public static SSLSocketFactory createExpiredAcceptingSSLSocketFactory​(String subjectPrincipalName)
        Creates a custom SSLSocketFactory that accepts an expired certificate.
        Parameters:
        subjectPrincipalName - RFC 2253 name on the expired certificate
        Returns:
        An SSLSocketFactory that will accept the passed certificate if it is expired
      • createRestrictedSSLSocketFactory

        public static SSLSocketFactory createRestrictedSSLSocketFactory​(String... disabledProtocolsAndCiphers)
        Creates a custom SSLSocketFactory that disallows the use of a set of protocols and/or ciphers, no matter the current default configuration.
        Parameters:
        disabledProtocolsAndCiphers - list of protocol or cipher names to disallow
        Returns:
        An SSLSocketFactory that will never use the passed protocols or ciphers
      • createIncorrectHostnameVerifier

        public static HostnameVerifier createIncorrectHostnameVerifier​(String requestHostname,
                                                                       String certPrincipalName)
        Creates a custom HostnameVerifier that allows a specific certificate to be accepted for a mismatching hostname.
        Parameters:
        requestHostname - hostname used to access the service which offers the incorrectly named certificate
        certPrincipalName - RFC 2253 name on the certificate
        Returns:
        A HostnameVerifier that will accept the provided combination of names
      • trustAllCerts

        @Deprecated
        public static void trustAllCerts()
                                  throws Exception
        Deprecated.
        create an exclusion specific to your need rather than changing all behavior
        Manually override the JVM's TrustManager to accept all HTTPS connections. Use this ONLY for testing, and even at that use it cautiously. Someone could steal your API keys with a MITM attack!
        Throws:
        Exception