如何将侦听器挂钩到 SSL 握手？

发布于 2024-12-10 12:23:33 字数 486 浏览 0 评论 0原文

我希望在新的 SSL 连接启动和握手开始时收到通知。我需要在调用密钥库之前获取证书。

有没有某种方法可以向此过程注册侦听器，以便我可以决定证书是否正常并且应该根据密钥库进行检查或立即取消它。

像这样的东西，但对于 SMTP 连接：

URL req = new URL(getUrl);

HttpsURLConnection con = (HttpsURLConnection) req.openConnection();

con.setHostnameVerifier(new HostnameVerifier()
{

    public boolean verify(String hostname, SSLSession session)
    {
        return true; //My decision
    }
});

我正在使用 JAMES 电子邮件服务器 2.3.2（如果这意味着什么）。

先感谢您！

原文

i would like to be notifyed when a new SSL Connection starts and the handshake begins.
I need to get the Certificate before the keystore gets invoked.

Is there some way to register a listener to this process so i get to decide whether the certificate is ok and should be checked against the keystore or cancel it rightaway.

Something like this, but for SMTP Connections:

URL req = new URL(getUrl);

HttpsURLConnection con = (HttpsURLConnection) req.openConnection();

con.setHostnameVerifier(new HostnameVerifier()
{

    public boolean verify(String hostname, SSLSession session)
    {
        return true; //My decision
    }
});

I'm using the JAMES Email server 2.3.2 (if that means something).

Thank you in advance!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

魔法少女 2024-12-17 12:23:33

您需要设置连接的 SSLFactory。以下示例不使用密钥管理器，而是使用默认的 TrustManager。您的检查将进入 checkServerTrusted 方法。

HttpsURLConnection con = (HttpsURLConnection) req.openConnection();
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, // No Key Manager
             new TrustManager[] { new X509TrustManager()
               {
                 @Override
                 public void checkClientTrusted(X509Certificate[] arg0, String arg1)
                     throws CertificateException
                   {}

                 @Override
                 public void checkServerTrusted(X509Certificate[] arg0, String arg1)
                     throws CertificateException {
                      // check the certs
                 }

                 @Override
                 public X509Certificate[] getAcceptedIssuers()
                   {
                     return null;
                   }

               } }, // TrustManager 
             new java.security.SecureRandom());
con.setSSLSocketFactory(context.getSocketFactory());

You need to set the SSLFactory of the connection. The following example uses no key-manager and a default TrustManager. Your checks will go in the checkServerTrusted method.

HttpsURLConnection con = (HttpsURLConnection) req.openConnection();
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, // No Key Manager
             new TrustManager[] { new X509TrustManager()
               {
                 @Override
                 public void checkClientTrusted(X509Certificate[] arg0, String arg1)
                     throws CertificateException
                   {}

                 @Override
                 public void checkServerTrusted(X509Certificate[] arg0, String arg1)
                     throws CertificateException {
                      // check the certs
                 }

                 @Override
                 public X509Certificate[] getAcceptedIssuers()
                   {
                     return null;
                   }

               } }, // TrustManager 
             new java.security.SecureRandom());
con.setSSLSocketFactory(context.getSocketFactory());

回复收藏 0 原文

~没有更多了~