Java tutorial
/* * Copyright (C) 2012-2016 Japan Smartphone Security Association * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.jssec.android.https.vulnerables; import java.io.IOException; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import org.apache.http.conn.ssl.SSLSocketFactory; public class VulnerableSamples { public void emptyTrustManager() throws IOException, KeyManagementException, NoSuchAlgorithmException { TrustManager tm = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { // ??? ????? } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { // ??? ????? } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; } public void emptyHostnameVerifier() { HostnameVerifier hv = new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { // ?true? ??????? return true; } }; } public void allowAllHostnameVerifier() { SSLSocketFactory sf = null; sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } }