考虑以下函数:
public Certificate[] getCertificates(String ip) throws Exception {
try (SSLSocket sslSocket = (SSLSocket) sslContext.getSocketFactory().createSocket()) {
SocketAddress socketAddress = new InetSocketAddress(ip, port);
sslSocket.connect(socketAddress, 10000);
Certificate[] certificates = sslSocket.getSession().getPeerCertificates();
return certificates;
}
}
此代码可以在哪些条件下挂起?基本上,我为连接阶段设置了 10 秒超时,但是代码是否有可能在 getSession().getPeerCertificates() 部分阻塞很长时间?
请考虑以下事实:IP 和端口可以是任意的(甚至不是 SSL,有时甚至不可路由)
此外,这就是我启动 sslContext
private SSLContext getSslContext() throws Exception {
SSLContext sslCtx;
sslCtx = SSLContext.getInstance("TLSv1.2");
sslCtx.init(null, new TrustManager[]{new X509TrustManager() {
private X509Certificate[] accepted;
@Override
public void checkClientTrusted(X509Certificate[] xcs, String string) {
}
@Override
public void checkServerTrusted(X509Certificate[] xcs, String string) {
accepted = xcs;
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return accepted;
}
}}, null);
return sslCtx;
}
最佳答案
but is it possible that the code will block for a long time on the
getSession().getPeerCertificates()
没有。对 SSLSession 的 getPeerCertificates() 调用会返回对等方在 SSL 握手中提供的证书的副本。通过上一行的 connect 调用返回的调用,握手已完成。
关于java - getPeerCertificates() 可以无限期或长时间阻塞吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62849700/