可以在没有证书验证的情况下进行httpS连接的kotlin库(如curl --insecure)

问题描述 投票:6回答:1

我需要抓取已过期/自签名证书的公司内部网站。没有人会为该主机配置有效的证书,所以我必须使用不安全的连接。

curl为此目的有--insecure旗帜,

Scala finagle库有.tlsWithoutValidation()模式。

问题:Kotlin库有类似的选择吗?

UPD:到目前为止,我正在使用Fuel与javish解决方法找到here但仍在寻找更好的方法..

fun useInsecureSSL() {

    // Create a trust manager that does not validate certificate chains
    val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager {
        override fun getAcceptedIssuers(): Array<X509Certificate>? = null
        override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) = Unit
        override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) = Unit
    })

    val sc = SSLContext.getInstance("SSL")
    sc.init(null, trustAllCerts, java.security.SecureRandom())
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.socketFactory)

    // Create all-trusting host name verifier
    val allHostsValid = HostnameVerifier { _, _ -> true }

    // Install the all-trusting host verifier
    HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid)
}

上面的解决方法是有效的,但它太冗长,似乎为我的应用程序所做的每个连接设置了不安全的模式,不仅仅是针对特定的连接。

ssl https kotlin insecure-connection
1个回答
3
投票

Fuel允许您通过FuelManager类创建自己的Fuel客户端实例。经理让您可以设置自己的HostnameVerifierSSLSocketFactory,然后创建一个配置了这些客户端的客户端。见https://github.com/kittinunf/Fuel/blob/1.16.0/fuel/src/main/kotlin/com/github/kittinunf/fuel/core/FuelManager.kt#L31-L43

val manager : FuelManager = FuelManager().apply {
  val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager {
    override fun getAcceptedIssuers(): Array<X509Certificate>? = null
    override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) = Unit
    override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) = Unit
  })

  socketFactory = SSLContext.getInstance("SSL").apply {
    init(null, trustAllCerts, java.security.SecureRandom())
  }.socketFactory

  hostnameVerifier = HostnameVerifier { _, _ -> true }
}

然后,要检查只有通过此自定义FuelManager的连接是否不受信任且不受信任的连接,我们这样做:

val (_, untrustedResp, untrustedResult) = manager.request(Method.GET, "https://internal/company/site").response()
assert(untrustedResp.statusCode == 200)
val (bytes, _) = untrustedResult
assert(bytes != null)


val (_, trustedResp, trustedResult) = "https://internal/company/site".httpGet().response()
assert(trustedResp.statusCode != 200)
val (bytes, error) = trustedResult
assert(bytes == null)
println(error) // javax.net.ssl.SSLHandshakeException: PKIX path building failed: ...

自定义FuelManager能够成功发出请求,因为它信任所有证书,但对于没有使用自定义管理器的连接,我们可以看到它返回javax.net.ssl.SSLHandshakeException

© www.soinside.com 2019 - 2024. All rights reserved.