証明書無視のHTTPSクライアント 1.3 & JSSE

Java 
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;

import com.sun.net.ssl.HostnameVerifier;
import com.sun.net.ssl.HttpsURLConnection;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.X509TrustManager;
import com.sun.net.ssl.internal.ssl.Provider;

public class HttpsClientTest13
{
  public static SSLContext initSSLContext() throws NoSuchAlgorithmException,
      KeyManagementException
  {
    java.security.Security.addProvider(new Provider());
    System.setProperty("java.protocol.handler.pkgs",
        "com.sun.net.ssl.internal.www.protocol");

    SSLContext ssl = SSLContext.getInstance("SSL");
    X509TrustManager[] tm = new X509TrustManager[] { new X509TrustManager() {
      public X509Certificate[] getAcceptedIssuers()
      {
        return null;
      }

      public boolean isClientTrusted(X509Certificate[] arg0)
      {
        return true;
      }

      public boolean isServerTrusted(X509Certificate[] arg0)
      {
        return true;
      }
    } };
    ssl.init(null, tm, null);

    HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
      public boolean verify(String host1, String host2)
      {
        return true;
      }
    });
    HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory());

    return ssl;
  }

  public static void exec(String urls, OutputStream out) throws Exception
  {
    SSLContext ssl = initSSLContext();
    URL url = new URL(urls);
    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
    InputStream in = conn.getInputStream();
    try {
      byte[] b = new byte[1024 * 128];
      int n = -1;
      while ((n = in.read(b)) != -1)
        out.write(b, 0, n);
    } finally {
      in.close();
    }
  }
}

Download JSSE 1.0.3
Download J2SE v 1.3.1_17
via Archive: Java[tm] Technology Products Download


1.3のJavaには、1.4以降と異なりSSLが組み込まれていないため、その分余計な登録手続きが増える。ちなみに1.4以降だと以下のような感じになり、いくらかコードがスッキリする。

import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;

public class HttpsClientTest14
{
  public static SSLContext initSSLContext() throws NoSuchAlgorithmException,
      KeyManagementException
  {
    SSLContext ssl = SSLContext.getInstance("SSL");
    X509TrustManager[] tm = new X509TrustManager[] { new X509TrustManager() {
      public X509Certificate[] getAcceptedIssuers()
      {
        return null;
      }

      public void checkClientTrusted(X509Certificate[] arg0, String arg)
      {
      }

      public void checkServerTrusted(X509Certificate[] arg0, String arg)
      {
      }
    } };
    ssl.init(null, tm, null);

    HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
      public boolean verify(String host1, SSLSession session)
      {
        return true;
      }
    });
    HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory());

    return ssl;
  }

  public static void exec(String urls, OutputStream out) throws Exception
  {
    // 略
  }
}

import先と X509TrustManager、HostnameVerifier の両インターフェースのメソッドシグネチャが微妙に異なっていることに注意。もっとも、1.4以降のJREに添付されている jsse.jar には、JSSE単体配布時代のコードがそのまま残されているので、HttpsClientTest13 クラスは1.4以降でもコンパイル、および動作が可能となっている。