Apache http客户端自签名证书

问题描述 投票:0回答:1

我正在尝试通过Apache HTTP客户端向Web服务发出HTTP请求,但是我收到了javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我遵循以下建议进行测试,但仍然收到相同的错误。我错过了什么吗?https://memorynotfound.com/ignore-certificate-errors-apache-httpclient/

import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.*;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import javax.net.ssl.*;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

public class TestHttpSSL {

    public static void main(String... args)  {

        try (CloseableHttpClient httpclient = createAcceptSelfSignedCertificateClient()) {
            HttpGet httpget = new HttpGet("https://myurl/");
            System.out.println("Executing request " + httpget.getRequestLine());

            httpclient.execute(httpget);
            System.out.println("----------------------------------------");
        } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException | IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static CloseableHttpClient createAcceptSelfSignedCertificateClient()
            throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {

        SSLContext sslContext = SSLContextBuilder
                .create()
                .loadTrustMaterial(new TrustSelfSignedStrategy())
                .build();

        HostnameVerifier allowAllHosts = new NoopHostnameVerifier();

        SSLConnectionSocketFactory connectionFactory = new SSLConnectionSocketFactory(sslContext, allowAllHosts);

        return HttpClients
                .custom()
                .setSSLSocketFactory(connectionFactory)
                .build();
    }
}
java apache http ssl self-signed
1个回答
0
投票

从问题中不清楚您想要实现什么。

如果需要对“ https://myurl/”使用自签名证书,则应向信任库提供此证书。示例(假设您已将证书放置在resources文件夹中,并将其路径分配给certPath变量,并将其密码分配给certPassword):

KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
byte[] certificate = IOUtils.toByteArray(this.getClass().getResourceAsStream(certPath));
ByteArrayInputStream bis = new ByteArrayInputStream(certificate);
trustStore.load(bis, certPassword.toCharArray());

这里,为了简单起见,IOUtils用于将输入流转换为字节数组,但是您可以手动进行。您可以选择将证书类型传递给getInstance方法,而不使用默认的证书类型(例如KeyStore.getInstance("PKCS12");

然后在创建SSLContext时使用准备好的信任库:

SSLContext sslContext = SSLContextBuilder
        .create()
        .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy())
        .build();

相反,如果您想完全禁用SSL检查,则可以使用the another strategy-TrustAllStrategy。在这种情况下,您根本不需要设置任何信任库。示例:

SSLContext sslContext = SSLContextBuilder
        .create()
        .loadTrustMaterial(null, new TrustAllStrategy())
        .build();
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.