Class TrustAllManager
java.lang.Object
cloud.opencode.base.crypto.ssl.TrustAllManager
- All Implemented Interfaces:
TrustManager, X509TrustManager
Trust All Manager - X509TrustManager that Trusts All Certificates
信任所有管理器 - 信任所有证书的 X509TrustManager
WARNING: This trust manager accepts ALL certificates without validation. Use ONLY for development and testing purposes.
警告:此信任管理器接受所有证书而不进行验证。 仅用于开发和测试目的。
Example | 示例:
// Test code: explicit opt-in via createUnsafe(true) — bypasses the property gating below.
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{TrustAllManager.createUnsafe(true)}, null);
// Production-style emergency override via INSTANCE: requires the system property
// -Dopencode.ssl.trustAll.enabled=true
// Without the property, every TLS handshake throws CertificateException.
Features | 主要功能:
- Trusts all certificates without validation - 不验证地信任所有证书
- Development and testing only - 仅用于开发和测试
Usage Examples | 使用示例:
// Development / test only — explicit opt-in via createUnsafe(true)
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[]{TrustAllManager.createUnsafe(true)}, null);
Security | 安全性:
- Thread-safe: Yes - 线程安全: 是
- Null-safe: Partial - 空值安全: 部分
- Since:
- JDK 25, opencode-base-crypto V1.0.0
- Author:
- Leon Soo www.LeonSoo.com
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final TrustAllManagerSingleton instance whosecheckClient/ServerTrustedmethods refuse to skip validation unlessTRUST_ALL_ENABLED_PROPERTYis set to"true".static final StringSystem property to enable TrustAllManager in production (NOT recommended) 在生产环境启用TrustAllManager的系统属性(不推荐) -
Method Summary
Modifier and TypeMethodDescriptionvoidcheckClientTrusted(X509Certificate[] chain, String authType) ThrowsCertificateExceptionfor the property-gatedINSTANCEwhen theTRUST_ALL_ENABLED_PROPERTYsystem property is not set; the explicit-acknowledge variant returned bycreateUnsafe(boolean)accepts unconditionally.voidcheckServerTrusted(X509Certificate[] chain, String authType) ThrowsCertificateExceptionfor the property-gatedINSTANCEwhen theTRUST_ALL_ENABLED_PROPERTYsystem property is not set; the explicit-acknowledge variant returned bycreateUnsafe(boolean)accepts unconditionally.static TrustAllManagercreateUnsafe(boolean acknowledgeSecurityRisk) Creates a new instance with explicit acknowledgment of security risks.Returns empty accepted issuers — JSSE convention for "no preference" / "trust nothing for client-auth selection".
-
Field Details
-
TRUST_ALL_ENABLED_PROPERTY
System property to enable TrustAllManager in production (NOT recommended) 在生产环境启用TrustAllManager的系统属性(不推荐)- See Also:
-
INSTANCE
Singleton instance whosecheckClient/ServerTrustedmethods refuse to skip validation unlessTRUST_ALL_ENABLED_PROPERTYis set to"true". 单例实例:除非TRUST_ALL_ENABLED_PROPERTY设为"true", 否则checkClient/ServerTrusted拒绝放过校验。
-
-
Method Details
-
createUnsafe
Creates a new instance with explicit acknowledgment of security risks. The returned instance is NOT property-gated —checkClient/ServerTrustedunconditionally accept any chain. Suitable for test code where the trust-all behaviour is exactly the contract under test. 创建明确承认安全风险的新实例。返回的实例不再受系统属性门控,checkClient/ServerTrusted无条件接受任何证书链。适合测试代码:trust-all 行为正是被测契约。- Parameters:
acknowledgeSecurityRisk- must be true to create instance | 必须为true才能创建实例- Returns:
- new TrustAllManager instance | 新的TrustAllManager实例
- Throws:
SecurityException- if acknowledgeSecurityRisk is false | 如果acknowledgeSecurityRisk为false则抛出
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException ThrowsCertificateExceptionfor the property-gatedINSTANCEwhen theTRUST_ALL_ENABLED_PROPERTYsystem property is not set; the explicit-acknowledge variant returned bycreateUnsafe(boolean)accepts unconditionally. 属性门控的INSTANCE在TRUST_ALL_ENABLED_PROPERTY未设置时抛CertificateException;createUnsafe(boolean)显式承认风险的变体则无条件接受。- Specified by:
checkClientTrustedin interfaceX509TrustManager- Parameters:
chain- the certificate chain - 证书链authType- the authentication type - 认证类型- Throws:
CertificateException- when property-gated and the system property is absent
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException ThrowsCertificateExceptionfor the property-gatedINSTANCEwhen theTRUST_ALL_ENABLED_PROPERTYsystem property is not set; the explicit-acknowledge variant returned bycreateUnsafe(boolean)accepts unconditionally. 属性门控的INSTANCE在TRUST_ALL_ENABLED_PROPERTY未设置时抛CertificateException;createUnsafe(boolean)显式承认风险的变体则无条件接受。- Specified by:
checkServerTrustedin interfaceX509TrustManager- Parameters:
chain- the certificate chain - 证书链authType- the authentication type - 认证类型- Throws:
CertificateException- when property-gated and the system property is absent
-
getAcceptedIssuers
Returns empty accepted issuers — JSSE convention for "no preference" / "trust nothing for client-auth selection". This method is intentionally NOT property-gated: returning an empty array on every call is the most restrictive answer the API supports, so gating it would only convert a safe answer into an exception with no security upside. The actual trust decision happens incheckClientTrusted(X509Certificate[], String)/checkServerTrusted(X509Certificate[], String), both of which DO check theTRUST_ALL_ENABLED_PROPERTYsystem property. 返回空的"已接受签发者" —— JSSE 用于"无偏好"/"客户端认证选择不信任任何 CA"的惯例。 本方法故意不受属性门控:返回空数组本就是 API 能给的最严回答,门控只会把安全回答换成异常, 无安全收益。真正的信任判断在checkClientTrusted(X509Certificate[], String)/checkServerTrusted(X509Certificate[], String)中完成, 二者均检查TRUST_ALL_ENABLED_PROPERTY系统属性。- Specified by:
getAcceptedIssuersin interfaceX509TrustManager- Returns:
- empty array - 空数组
-