对等方未在Java中进行身份验证
[英]Peer not authenticated in java
问题描述
I have gone to almost all the post related to this exception. 
我去了几乎所有与此例外相关的帖子。 Actually my problem is I have an java application through which I am hitting an URL and getting response from it. 实际上,我的问题是我有一个Java应用程序,通过该应用程序可以访问URL并从中获取响应。
code to hit URL is : 到达网址的代码是:
HttpGet getRequest = new HttpGet("https://urlto.esb.com");
HttpResponse httpResponse = null;
DefaultHttpClient httpClient = new DefaultHttpClient();
httpResponse = httpClient.execute(getRequest);
Here I am getting javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 在这里,我得到javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
So after some Google search I come to know that I can import certificate in keystore of java where the application is running. 因此,经过一些Google搜索后,我知道可以在运行应用程序的Java密钥库中导入证书。 so I imported certificate in keystore and this code is working. 所以我在密钥库中导入了证书,并且此代码有效。 but i don't want this solution so after some more searching I come to know that I can use TrustManager for the same thing without importing certificate into keystore. 但是我不想要这种解决方案,因此在进行更多搜索之后,我知道可以将TrustManager用于同一事物,而无需将证书导入密钥库。 So I have written code like: 因此,我编写了如下代码:
@Test
public void withTrustManeger() throws Exception {
DefaultHttpClient httpclient = buildhttpClient();
HttpGet httpGet = new HttpGet("https://urlto.esb.com");
HttpResponse response = httpclient.execute( httpGet );
HttpEntity httpEntity = response.getEntity();
InputStream inputStream = httpEntity.getContent();
BufferedReader reader = new BufferedReader(new InputStreamReader(
inputStream));
StringBuilder sb = new StringBuilder();
String line = null;
while ((line = reader.readLine()) != null) {
sb.append(line + "\n");
}
inputStream.close();
String jsonText = sb.toString();
System.out.println(jsonText);
}
private DefaultHttpClient buildhttpClient() throws Exception {
DefaultHttpClient httpclient = new DefaultHttpClient();
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, getTrustingManager(), new java.security.SecureRandom());
SSLSocketFactory socketFactory = new SSLSocketFactory(sc);
Scheme sch = new Scheme("https", 443, socketFactory);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
return httpclient;
}
private TrustManager[] getTrustingManager() {
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
// Do nothing
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
// Do nothing
}
} };
return trustAllCerts;
}
This code is also working but My question is I am not checking anything related to certificates then how connection is trusted. 该代码也可以正常工作,但是我的问题是我没有检查与证书相关的任何内容,而是如何信任连接。 after debugging I come to know that only checkServerTrusted is hitting. 调试后,我知道只有checkServerTrusted在运行。 So I have write something in checkServerTrusted to validate certificates that come in certs and the one which is in my application like some .cer or .crt file. 因此,我在checkServerTrusted编写了一些内容,以验证证书中附带的certs以及应用程序中的.cer或.crt文件中的certs 。
Every Help will be appreciated. 每个帮助将不胜感激。
Update after @EpicPandaForce (Using Apache HttpClient 4.3) @EpicPandaForce之后更新(使用Apache HttpClient 4.3)
try
{
keyStore = KeyStore.getInstance("JKS");
InputStream inputStream = new FileInputStream("E:\\Desktop\\esbcert\\keystore.jks");
keyStore.load(inputStream, "key".toCharArray());
SSLContextBuilder sslContextBuilder = SSLContexts.custom().loadTrustMaterial(keyStore, new TrustSelfSignedStrategy());
sslcontext = sslContextBuilder.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext);
HttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
HttpGet httpGet = new HttpGet("https://url.esb.com");
HttpResponse response = httpclient.execute( httpGet );
HttpEntity httpEntity = response.getEntity();
InputStream httpStram = httpEntity.getContent();
BufferedReader reader = new BufferedReader(new InputStreamReader(
httpStram));
StringBuilder sb = new StringBuilder();
String line = null;
while ((line = reader.readLine()) != null) {
sb.append(line + "\n");
}
httpStram.close();
inputStream.close();
String jsonText = sb.toString();
System.out.println(jsonText);
}
catch(Exception e)
{
System.out.println("Loading keystore failed.");
e.printStackTrace();
}
1 个解决方案
解决方案1
1 已采纳 2015-01-29 08:56:29
Technically, seeing as you are using Apache HttpClient 4.x, a simpler solution would be the following: 从技术上讲,看到您正在使用Apache HttpClient 4.x时,以下是一个更简单的解决方案:
SSLContext sslcontext = null;
try {
SSLContextBuilder sslContextBuilder = SSLContexts.custom()
.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy());
sslcontext = sslContextBuilder.build();
Where trustStore is initialized like this 像这样初始化trustStore地方
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance("BKS", BouncyCastleProvider.PROVIDER_NAME); //you can use JKS if that is what you have
InputStream inputStream = new File("pathtoyourkeystore");
try {
keyStore.load(inputStream, "password".toCharArray());
} finally {
inputStream.close();
}
} catch(Exception e) {
System.out.println("Loading keystore failed.");
e.printStackTrace();
}
return keyStore;
}
And then create the HttpClient 然后创建HttpClient
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext);
httpclient = HttpClients
.custom()
.setSSLSocketFactory(sslsf).build();
EDIT: Exact code for me was this: 编辑:对我来说确切的代码是这样的:
SSLContextBuilder sslContextBuilder = SSLContexts.custom()
.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy());
sslcontext = sslContextBuilder.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, new String[] {"TLSv1"}, null,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
);
httpclient = HttpClients
.custom()
.setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
.setSSLSocketFactory(sslsf).build();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.