vhyrbi · August 12, 2014 13:03
diff --git a/SslCertificateAuthority.java b/SslCertificateAuthority.java
 import java.io.BufferedInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.MalformedURLException;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;

 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;

 // From https://developer.android.com/training/articles/security-ssl.html#UnknownCa

 public class SslCertificateAuthority {

    public static void addCertificateAuthority(InputStream inputStream) {

        try {
            // Load CAs from an InputStream
            // (could be from a resource or ByteArrayInputStream or ...)
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            // From https://www.washington.edu/itconnect/security/ca/load-der.crt
            InputStream caInput = new BufferedInputStream(inputStream);
            Certificate ca;
            try {
                ca = cf.generateCertificate(caInput);
                System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
            } finally {
                caInput.close();
            }

            // Create a KeyStore containing our trusted CAs
            String keyStoreType = KeyStore.getDefaultType();
            KeyStore keyStore = KeyStore.getInstance(keyStoreType);
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", ca);

            // Create a TrustManager that trusts the CAs in our KeyStore
            String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
            tmf.init(keyStore);

            // Create an SSLContext that uses our TrustManager
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, tmf.getTrustManagers(), null);

            // Tell the URLConnection to use a SocketFactory from our SSLContext
            HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (MalformedURLException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }


    }

 }
	import java.io.BufferedInputStream;
	import java.io.IOException;
	import java.io.InputStream;
	import java.net.MalformedURLException;
	import java.security.KeyManagementException;
	import java.security.KeyStore;
	import java.security.KeyStoreException;
	import java.security.NoSuchAlgorithmException;
	import java.security.cert.Certificate;
	import java.security.cert.CertificateException;
	import java.security.cert.CertificateFactory;
	import java.security.cert.X509Certificate;

	import javax.net.ssl.HttpsURLConnection;
	import javax.net.ssl.SSLContext;
	import javax.net.ssl.TrustManagerFactory;

	// From https://developer.android.com/training/articles/security-ssl.html#UnknownCa

	public class SslCertificateAuthority {

	public static void addCertificateAuthority(InputStream inputStream) {

	try {
	// Load CAs from an InputStream
	// (could be from a resource or ByteArrayInputStream or ...)
	CertificateFactory cf = CertificateFactory.getInstance("X.509");
	// From https://www.washington.edu/itconnect/security/ca/load-der.crt
	InputStream caInput = new BufferedInputStream(inputStream);
	Certificate ca;
	try {
	ca = cf.generateCertificate(caInput);
	System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
	} finally {
	caInput.close();
	}

	// Create a KeyStore containing our trusted CAs
	String keyStoreType = KeyStore.getDefaultType();
	KeyStore keyStore = KeyStore.getInstance(keyStoreType);
	keyStore.load(null, null);
	keyStore.setCertificateEntry("ca", ca);

	// Create a TrustManager that trusts the CAs in our KeyStore
	String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
	TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
	tmf.init(keyStore);

	// Create an SSLContext that uses our TrustManager
	SSLContext context = SSLContext.getInstance("TLS");
	context.init(null, tmf.getTrustManagers(), null);

	// Tell the URLConnection to use a SocketFactory from our SSLContext
	HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
	} catch (CertificateException e) {
	e.printStackTrace();
	} catch (NoSuchAlgorithmException e) {
	e.printStackTrace();
	} catch (KeyStoreException e) {
	e.printStackTrace();
	} catch (KeyManagementException e) {
	e.printStackTrace();
	} catch (MalformedURLException e) {
	e.printStackTrace();
	} catch (IOException e) {
	e.printStackTrace();
	}


	}

	}