如何禁用特定 http 请求的证书验证?
[英]How to disable certificate validation for particular http request?
问题描述
I am quite a beginner in Java Spring world and I don't how to deal with my situation.
我是 Java Spring 世界的初学者,我不知道如何处理我的情况。 I have to work with some API over HTTPS which have certificates issued by non-trusted CA.我必须通过 HTTPS 使用一些 API,这些 API 具有由不受信任的 CA 颁发的证书。 I have a code for this:我有一个代码:
RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.add("Content-Type", "application/json;charset=UTF-8");
headers.add("Accept", "*/*");
ResponseEntity<byte[]> responseEntity = restTemplate.getForEntity(url, byte[].class, headers);
Of course because certificates is not trusted I used to get Java error:当然,因为证书不受信任,我曾经遇到 Java 错误:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
So I disabled certificate validation with code:所以我用代码禁用了证书验证:
public class SSLCertificateValidation {
public static void disable() {
try {
SSLContext sslc = SSLContext.getInstance("TLS");
TrustManager[] trustManagerArray = { new NullX509TrustManager() };
sslc.init(null, trustManagerArray, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new NullHostnameVerifier());
}
catch(Exception e) {
e.printStackTrace();
}
}
private static class NullX509TrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
System.out.println();
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
System.out.println();
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
private static class NullHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
}
Now my app works with this APIs, but on the other hand I am working with some AWS services from this app.现在我的应用程序可以使用此 API,但另一方面,我正在使用此应用程序中的一些 AWS 服务。 And now I get AWS error:现在我收到 AWS 错误:
c.a.h.AmazonHttpClient - Unable to execute HTTP request: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Is there any way to disable certificate validation just for particular URLs?有什么方法可以仅针对特定 URL 禁用证书验证吗? I don't know what should I do now.我不知道我现在该怎么办。
PS I know about installing the certificate to the Java cacerts. PS 我知道如何将证书安装到 Java cacerts。 But unfortunately, it doesn't fit for my situation.但不幸的是,它不适合我的情况。
1 个解决方案
解决方案1
-2 2016-01-24 17:56:00
Instead of disabling the SSL check, try installing the certificate to the java cacerts, this way the (I assume self-signed cert) is treated as a trusted certificate.不要禁用 SSL 检查,而是尝试将证书安装到 java cacerts,这样(我假设自签名证书)被视为受信任的证书。
Best way to get the certificate would be for the owner of the service to provide it for you, other wise you should be able to export the certificate file pretty easily from a browser.获得证书的最佳方式是让服务的所有者为您提供证书,否则您应该能够很容易地从浏览器导出证书文件。
I won't go into too much detail on installing the certificate, because there are some really good answers on this question How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?我不会详细介绍如何安装证书,因为在这个问题上有一些非常好的答案How to properly import a selfsigned certificate into Java keystore that is available for all Java applications by default?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.