diff --git a/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/SSLUtil.java b/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/SSLUtil.java
index 41d42ef97..c1651e231 100644
--- a/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/SSLUtil.java
+++ b/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/SSLUtil.java
@@ -12,11 +12,15 @@
package org.dromara.hutool.core.net.ssl;
+import org.dromara.hutool.core.exceptions.UtilException;
import org.dromara.hutool.core.io.IORuntimeException;
+import org.dromara.hutool.core.text.StrUtil;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
+import javax.net.ssl.*;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
/**
* SSL(Secure Sockets Layer 安全套接字协议)相关工具封装
@@ -26,6 +30,60 @@ import javax.net.ssl.TrustManager;
*/
public class SSLUtil {
+ /**
+ * 获取指定的{@link X509TrustManager}
+ * 此方法主要用于获取自签证书的{@link X509TrustManager}
+ *
+ * @param keyStore {@link KeyStore}
+ * @param provider 算法提供者,如bc,{@code null}表示默认
+ * @return {@link X509TrustManager} or {@code null}
+ * @since 6.0.0
+ */
+ public static X509TrustManager getTrustManager(final KeyStore keyStore, final Provider provider) {
+ return getTrustManager(keyStore, null, provider);
+ }
+
+ /**
+ * 获取指定的{@link X509TrustManager}
+ * 此方法主要用于获取自签证书的{@link X509TrustManager}
+ *
+ * @param keyStore {@link KeyStore}
+ * @param algorithm 算法名称,如"SunX509",{@code null}表示默认SunX509
+ * @param provider 算法提供者,如bc,{@code null}表示默认SunJSSE
+ * @return {@link X509TrustManager} or {@code null}
+ * @since 6.0.0
+ */
+ public static X509TrustManager getTrustManager(final KeyStore keyStore, String algorithm, final Provider provider) {
+ final TrustManagerFactory tmf;
+
+ if(StrUtil.isEmpty(algorithm)){
+ algorithm = TrustManagerFactory.getDefaultAlgorithm();
+ }
+ try {
+ if(null == provider){
+ tmf = TrustManagerFactory.getInstance(algorithm);
+ } else{
+ tmf = TrustManagerFactory.getInstance(algorithm, provider);
+ }
+ } catch (final NoSuchAlgorithmException e) {
+ throw new UtilException(e);
+ }
+ try {
+ tmf.init(keyStore);
+ } catch (final KeyStoreException e) {
+ throw new UtilException(e);
+ }
+
+ final TrustManager[] tms = tmf.getTrustManagers();
+ for (final TrustManager tm : tms) {
+ if (tm instanceof X509TrustManager) {
+ return (X509TrustManager) tm;
+ }
+ }
+
+ return null;
+ }
+
/**
* 创建{@link SSLContext},信任全部,协议为TLS
*
@@ -46,10 +104,10 @@ public class SSLUtil {
*/
public static SSLContext createTrustAnySSLContext(final String protocol) throws IORuntimeException {
return SSLContextBuilder.of()
- .setProtocol(protocol)
- // 信任所有服务端
- .setTrustManagers(new TrustManager[]{TrustAnyTrustManager.INSTANCE})
- .build();
+ .setProtocol(protocol)
+ // 信任所有服务端
+ .setTrustManagers(new TrustManager[]{TrustAnyTrustManager.INSTANCE})
+ .build();
}
/**
@@ -62,10 +120,10 @@ public class SSLUtil {
* @throws IORuntimeException 包装 GeneralSecurityException异常
*/
public static SSLContext createSSLContext(final String protocol, final KeyManager keyManager, final TrustManager trustManager)
- throws IORuntimeException {
+ throws IORuntimeException {
return createSSLContext(protocol,
- keyManager == null ? null : new KeyManager[]{keyManager},
- trustManager == null ? null : new TrustManager[]{trustManager});
+ keyManager == null ? null : new KeyManager[]{keyManager},
+ trustManager == null ? null : new TrustManager[]{trustManager});
}
/**
@@ -79,8 +137,8 @@ public class SSLUtil {
*/
public static SSLContext createSSLContext(final String protocol, final KeyManager[] keyManagers, final TrustManager[] trustManagers) throws IORuntimeException {
return SSLContextBuilder.of()
- .setProtocol(protocol)
- .setKeyManagers(keyManagers)
- .setTrustManagers(trustManagers).build();
+ .setProtocol(protocol)
+ .setKeyManagers(keyManagers)
+ .setTrustManagers(trustManagers).build();
}
}