13 May 2009

Testing https requests I need all trust certificates

Ohhh, how many times you attempt to test java code that call https pages, any time you do something like this you need to fight against boring issues such as keystore and so on.

Below a snippet of code that allow you to trust aaaaaalll the certificates of the world, but be carefull this is just for quick and dirty testing!


public void createTrustALLManager() {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String arg0, String arg1) {
return true;
}
});
} catch (Exception e) {
}
}

private TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isClientTrusted(X509Certificate[] arg0) {
return true;
}
public boolean isServerTrusted(X509Certificate[] arg0) {
return true;
}
} };

No comments: