通过HTTP /基本认证向具有不可信证书的网站发出GET请求?

问题描述 投票:1回答:1

[基本上,我需要通过带有标题中基本身份验证的http GET请求访问“安全”(过期证书)服务器,并打印(现在)从中获取的XML。我有在C#上运行的代码,例如:

var request = HttpWebRequest.CreateHttp(new Uri(BaseUri, apiUrl));
        request.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
        if (accept != null)
            request.Accept = accept;
        request.ServerCertificateValidationCallback = (s, crt, chain, ssl) => true;
        AddAuthHeaderBasicFromCredentials(request, ApiCredentials);
        try
        {
            var response = request.GetResponse();
            return response.GetResponseStream();
        }
        catch (WebException)
        {
            return null;
        }

就我的Java代码而言,这就是我所拥有的:

public class Main {
static {
    //for localhost testing only
    javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
    new javax.net.ssl.HostnameVerifier(){

        public boolean verify(String hostname,
                javax.net.ssl.SSLSession sslSession) {    
                return true;
        }
    });
}   

public static void main(String[] args) {

    try {
        String webPage = "https://blabla.com";
        String name = "user";
        String password = "pass";

        String authString = name + ":" + password;
        System.out.println("auth string: " + authString);
        byte[] authEncBytes = Base64.encodeBase64(authString.getBytes());
        String authStringEnc = new String(authEncBytes);
        System.out.println("Base64 encoded auth string: " + authStringEnc);

        URL url = new URL(webPage);
        HttpURLConnection HttpurlConnection = (HttpURLConnection) url.openConnection();
        HttpurlConnection.setRequestMethod("GET");
        HttpurlConnection.setRequestProperty("Authorization", "Basic " + authStringEnc);
        InputStream is = HttpurlConnection.getInputStream();
        InputStreamReader isr = new InputStreamReader(is);

        int numCharsRead;
        char[] charArray = new char[1024];
        StringBuffer sb = new StringBuffer();
        while ((numCharsRead = isr.read(charArray)) > 0) {
            sb.append(charArray, 0, numCharsRead);
        }
        String result = sb.toString();

        System.out.println("*** BEGIN ***");
        System.out.println(result);
        System.out.println("*** END ***");
    } catch (MalformedURLException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
}

}

它在不需要身份验证的任何网站上都能正常工作,但是每当我尝试访问该网站时,都会出现错误提示:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
    PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
    unable to find valid certification path to requested target

课程开始时的静态块是我试图绕过证书所遇到的问题。我知道这不是推荐的方法,但这仅用于测试,我需要运行它。

感谢您,我很乐意提供您可能需要的任何信息。

java ssl get basic-authentication
1个回答
0
投票

-清除java en以url属类的证明书为基础。https://mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.