当我尝试使用Postman命中URL时,通过使用我的个人证书可以正常工作。但是当我尝试使用Rest Assured测试用例时它会抛出上述异常。
配置类
public class Configuration {
protected SSLConfig config = null;
private static final Logger LOG = LoggerFactory.getLogger(Configuration.class);
@SuppressWarnings("deprecation")
@BeforeClass
public void setKeystore()
{
KeyStore keyStore = null;
KeyStore trustStore = null;
try {
String certPassword = System.getProperty("certPassword");
String certPath = System.getProperty("certPath");
String trustStorePassword = System.getProperty("trustStorePassword");
String trustStorePath = System.getProperty("trustStorePath");
Validate.notNull(certPath, "Path to Certificate on the file system cannot be null");
Validate.notEmpty(certPassword, "Password cannot be empty");
Validate.notNull(trustStorePath, "Path to trustStore on the file system cannot be null");
Validate.notEmpty(trustStorePassword, "TrustStore Password cannot be empty");
keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(certPath), certPassword.toCharArray());
trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
if (keyStore != null) {
org.apache.http.conn.ssl.SSLSocketFactory clientAuthFactory = new org.apache.http.conn.ssl.SSLSocketFactory(
keyStore, certPassword, trustStore);
config = new SSLConfig().with().sslSocketFactory(clientAuthFactory).and().allowAllHostnames();
}
EnvironmentConstants.getEnvironment();
} catch (Exception e) {
LOG.error("Error while loading keystore");
e.printStackTrace();
}
}
@BeforeTest
public Properties loadproperties() {
InputStream input = getClass().getClassLoader().getResourceAsStream("errorMessages.properties");
Properties properties = new Properties();
try {
properties.load(input);
} catch (IOException e) {
e.printStackTrace();
}
return properties;
}
}
这个问题是因为,我们公司配置了新的服务器,但没有在服务器证书中包含DNS。所以我的公司在cert.Now中包含服务器名称它正在工作。
据RFC 2818 (the HTTPS specification)说:
如果主机名可用,客户端必须根据服务器的证书消息中显示的服务器身份进行检查,以防止中间人攻击...如果存在类型为dNSName的subjectAltName扩展名,则必须用作身份。否则,必须使用证书的Subject字段中的(最具体的)Common Name字段。尽管使用Common Name是现有做法,但不推荐使用它,并且鼓励证书颁发机构使用dNSName。
您应该生成包含SAN扩展的证书,其中包含您计划使用证书的所有主机名:
keytool -genkeypair \
-keystore server-keystore.pkcs12 \
-deststoretype pkcs12 \
-dname "CN=mydomain.local" \
-keypass changeit \
-storepass changeit \
-keyalg RSA \
-validity 1825 \
-keysize 4096 \
-alias mydomain.local \
-ext SAN=dns:mydomain.local,dns:mydomain.dev,dns:mydomain.test,dns:localhost