Replace SSLContext default with own implementation and trust manger

Question

Based on this answer from Jcs (HttpUnit WebConversation SSL Issues) I tried to replace the SSLContext.getDefault() with my own trust manager.

SSLContext ssl = SSLContext.getDefault();
ssl.init(null, new X509TrustManager[]{new AnyTrustManager()}, null);
ssl.setDefault(ssl);

AnyTrustManager():

import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;

public class AnyTrustManager implements X509TrustManager
{
  X509Certificate[] client = null;
  X509Certificate[] server = null;

  public void checkClientTrusted(X509Certificate[] chain, String authType)
  {
    client = chain;
  }

  public void checkServerTrusted(X509Certificate[] chain, String authType)
  {
    server = chain;
  }

  public X509Certificate[] getAcceptedIssuers()
  {
    return new X509Certificate[0];
  }
}

I need to do this because a 3rd party .jar is only using the SSLContext default which causes me some issues so for the duration of this action I have to change the default to something else and change it back later.

This will unfortunately throw a java.security.KeyManagementException: Default SSLContext is initialized automatically exception.

How can I get this to work on Java 8?

score 7 · Accepted Answer · answered Feb 19 '16 at 13:27

7

The "default" SSLContext is immutable. Therefore it is not possible the TrustManager instance. Instead you should replace

SSLContext ssl = SSLContext.getDefault();

by (for instance)

SSLContext ssl = SSLContext.getInstance("TLSv1");

answered Feb 19 '16 at 13:27

Jcs

13,279
5
53
70

Replace SSLContext default with own implementation and trust manger

1 Answers1

Linked