有些服务器拥有的可能是无签名或非法的 SSL 证明书。倘若涉及这类服务器的URL,使用此方法就需要注意。这种情况下,如果试图从URL的连接对象中检索输入或输出流时(例如运行以下代码),就会抛出一个 SSLException 异常,并显示 "untrusted server cer chain." 消息。如果该服务器拥有合法且有签名的证明书,则不会抛出任何异常。
URL url = new URL("https://[your server]");
URLConnection con = URL.openConnection();
//SSLException thrown here if server certificate is invalid
con.getInputStream();
URL url = new URL("https://[your server]");
URLConnection con = url.openConnection();
//IOException thrown here if server certificate is invalid
con.getInputStream();
URL url = new URL("https://[your server]");
URLConnection con = url.openConnection();
//causes the VM to display a dialog when connecting
//to untrusted servers
con.setAllowUserInteraction(true);
con.getInputStream();
在 Windows NT4.0 ,Windows2000 和 Windows9x 操作系统中,com.ms.net.wininet 包被缺省安装到系统的类路径下。此外,根据微软的JDK文档,WinInetStreamHandlerFactory 是"… the same handler that is installed by default when running applets.",即运行applet时,同样的流句柄也会被缺省安装。
String strVendor = System.getProperty("java.vendor");
String strVersion = System.getProperty("java.version");
//Assumes a system version string of the form:
//[major].[minor].[release] (eg. 1.2.2)
Double dVersion = new Double(strVersion.substring(0, 3));
//If we are running in a MS environment, use the MS stream handler.
if( -1 < strVendor.indexOf("Microsoft") )
{
try
{
Class clsFactory =
Class.forName("com.ms.net.wininet.WininetStreamHandlerFactory" );
if ( null != clsFactory )
URL.setURLStreamHandlerFactory(
(URLStreamHandlerFactory)clsFactory.newInstance());
}
catch( ClassNotFoundException cfe )
{
throw new Exception("Unable to load the Microsoft SSL " +
"stream handler. Check classpath." + cfe.toString());
}
//If the stream handler factory has
//already been successfully set
//make sure our flag is set and eat the error
catch( Error err ){m_bStreamHandlerSet = true;}
}
//If we are in a normal Java environment,
//try to use the JSSE handler.
//NOTE: JSSE requires 1.2 or better
else if( 1.2 <= dVersion.doubleValue() )
{
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
try
{
//if we have the JSSE provider available,
//and it has not already been
//set, add it as a new provide to the Security class.
Class clsFactory = Class.forName("com.sun.net.ssl.internal.ssl.Provider");
if( (null != clsFactory) && (null == Security.getProvider("SunJSSE")) )
Security.addProvider((Provider)clsFactory.newInstance());
}
catch( ClassNotFoundException cfe )
{
throw new Exception("Unable to load the JSSE SSL stream handler." +
"Check classpath." + cfe.toString());
}
}
关于applets
在 applet 中进行基于 HTTPS 的通讯,看起来似乎是上述内容的自然扩展。事实上,在大多数情况下applet中的HTTPS通讯更易于实现。在 Netscape Navigator 和 Internet Explorer 的4.0或更高版本中,它们各自的虚拟机都缺省许可HTTPS协议。因此,倘若你要在applet代码中创建一个HTTPS连接,只要在创建 URL实例时将协议名称指定为"HTTPS"便可。