Insecurity HTTPS Connection
The basic idea is to initial the SSLContext with a TrustManager that would never throw exception.
This method is not secure, and can be attacked by Man-in-the-middle attack. THIS METHOD SHOULD NEVER USE IN PRODUCTION. For production, consider using Adding crt to Java cacerts.
Do not say I did not warn you. A better method would be add the keystore to your Java trust store, which would not be show here.
Create a class with the following static methods. Note that only getContentFromURL() method is public, as I want to hide the other two methods from the others.
class HttpsTools {
public static String getContentFromURL(String httpsURL) throws NoSuchAlgorithmException, KeyManagementException, MalformedURLException, IOException {
URL url;
url = new URL(httpsURL);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
SSLContext ctx = SSLContext.getInstance("TLS");
TrustManager[] trustManagers = HttpsTools.getTrustManagers;
ctx.init(null, trustManagers, null);
con.setSSLSocketFactory(ctx.getSocketFactory());
con.setRequestMethod("GET");
//dump all the content
return getHttpContent(con);
}
private static String getHttpContent(HttpsURLConnection con) {
StringBuilder sb = new StringBuilder();
if (con != null) {
try {
BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream()));
String input;
while ((input = br.readLine()) != null) {
sb.append(input);
}
br.close();
} catch (IOException e) {
e.printStackTrace();
}
}
return sb.toString();
}
private static TrustManager[] getTrustManagers = new TrustManager[]{
new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
}
}
To use it, import the above file to your java, and call:
String myString = HttpsTools.getContentFromURL("https://www.google.com")