我使用okHTTP way 到customize 受信任的证书,然后我包装 TrustManager 和证书以返回关键扩展的空列表。
这是一个果冻豆类时的 TrustManager 包装:
if(trustManagers[0].getClass().toString().equals("class org.apache.harmony.xnet.provider.jsse.TrustManagerImpl")) {
logger.debug("Wrapping TrustManager to return no critical extension");
return new TrustManagerNoCritical((X509TrustManager) trustManagers[0]);
}
这是用于在链中包装证书的 TrustManager 包装类:
public class TrustManagerNoCritical implements X509TrustManager {
protected X509TrustManager trustManager;
public TrustManagerNoCritical(X509TrustManager realTrustManager) {
trustManager = realTrustManager;
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
trustManager.checkClientTrusted(chain, authType);
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
List<X509Certificate> certifs = new ArrayList<X509Certificate>();
for (X509Certificate certif : chain) {
certifs.add(new CertificateNoCritical(certif));
}
X509Certificate[] newChain = new X509Certificate[certifs.size()];
newChain = certifs.toArray(newChain);
trustManager.checkServerTrusted(newChain, authType);
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return trustManager.getAcceptedIssuers();
}
}
这是一个证书类,用于包装真实证书并且不返回关键扩展:
public class CertificateNoCritical extends X509Certificate {
protected X509Certificate certif;
public CertificateNoCritical(X509Certificate certificateToWrap) {
certif = certificateToWrap;
}
@Override
public boolean hasUnsupportedCriticalExtension() {
return certif.hasUnsupportedCriticalExtension();
}
@Override
public Set<String> getCriticalExtensionOIDs() {
// Return empty Set to avoid "critical extension" Exception
return new HashSet<String>();
}
@Override
public Set<String> getNonCriticalExtensionOIDs() {
return certif.getNonCriticalExtensionOIDs();
}
@Override
public byte[] getExtensionValue(String oid) {
return certif.getExtensionValue(oid);
}
@Override
public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
certif.checkValidity();
}
@Override
public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
certif.checkValidity(date);
}
@Override
public int getVersion() {
return certif.getVersion();
}
@Override
public BigInteger getSerialNumber() {
return certif.getSerialNumber();
}
@Override
public Principal getIssuerDN() {
return certif.getIssuerDN();
}
@Override
public Principal getSubjectDN() {
return certif.getSubjectDN();
}
@Override
public Date getNotBefore() {
return certif.getNotBefore();
}
@Override
public Date getNotAfter() {
return certif.getNotAfter();
}
@Override
public byte[] getTBSCertificate() throws CertificateEncodingException {
return certif.getTBSCertificate();
}
@Override
public byte[] getSignature() {
return certif.getSignature();
}
@Override
public String getSigAlgName() {
return certif.getSigAlgName();
}
@Override
public String getSigAlgOID() {
return certif.getSigAlgOID();
}
@Override
public byte[] getSigAlgParams() {
return certif.getSigAlgParams();
}
@Override
public boolean[] getIssuerUniqueID() {
return certif.getIssuerUniqueID();
}
@Override
public boolean[] getSubjectUniqueID() {
return certif.getSubjectUniqueID();
}
@Override
public boolean[] getKeyUsage() {
return certif.getKeyUsage();
}
@Override
public int getBasicConstraints() {
return certif.getBasicConstraints();
}
@Override
public byte[] getEncoded() throws CertificateEncodingException {
return certif.getEncoded();
}
@Override
public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SignatureException {
certif.verify(key);
}
@Override
public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException, SignatureException {
certif.verify(key, sigProvider);
}
@Override
public String toString() {
return certif.toString();
}
@Override
public PublicKey getPublicKey() {
return certif.getPublicKey();
}
}