[英]In java how can I connect to https sites without worrying about security certificates
When I try to connect to https website like follows:当我尝试连接到 https 网站时,如下所示:
StringBuilder sb = new StringBuilder();
URL oracle = new URL("https://company.com");
URLConnection yc = oracle.openConnection();
BufferedReader in = new BufferedReader(new InputStreamReader(yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
sb.append(inputLine);
in.close();
return sb.toString();
I get我得到
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
If I use the http://company.com
instead it works but I want to use the https one because that is what they say to use and I think the non secure one may be removed.如果我使用
http://company.com
代替它可以工作,但我想使用 https ,因为这是他们所说的使用,我认为可能会删除不安全的。
However when i have looked at similar answers about this it talks about copying certificates from my browser ectera.但是,当我查看有关此的类似答案时,它谈到了从我的浏览器 ectera 复制证书。 I need a solution that will work for anyone running the code on any computer without having to do anything special.
我需要一个解决方案,它适用于在任何计算机上运行代码的任何人,而无需执行任何特殊操作。
Im not concerned about the security advantages of SSL for this project I just want to be able to connect to the wenbsite.我不关心 SSL 在这个项目中的安全优势,我只是希望能够连接到 wenbsite。
It seems you've already been warned against the approach, so I'll stick to answering your question.似乎您已经被警告不要使用这种方法,所以我会坚持回答您的问题。 I was able to reproduce the problem on my machine, although I can't tell why: My browser accepts the site's certificate without a hitch.
我能够在我的机器上重现这个问题,但我不知道为什么:我的浏览器毫无问题地接受了该站点的证书。
I've tried expanding on your code to make it work, but soon found myself messing with SSLContext
, various crypto-providers and service provider interfaces.我曾尝试扩展您的代码以使其工作,但很快发现自己弄乱了
SSLContext
、各种加密提供程序和服务提供程序接口。 I didn't manage to complete this approach, and wouldn't actually recommend going that way, as it changes the global security settings of your JVM and may have unpredictable consequences depending on what else it's doing.我没有设法完成这种方法,实际上也不建议采用这种方法,因为它会更改 JVM 的全局安全设置,并且可能会产生不可预测的后果,具体取决于它在做什么。
Instead I suggest you take a look at the Apache HttpComponents library , which allows for more fine-grained control of the connection's security settings.相反,我建议您查看Apache HttpComponents 库,它允许对连接的安全设置进行更细粒度的控制。
The following will disable all certificate validation for the created HttpClient
instance:以下将禁用创建的
HttpClient
实例的所有证书验证:
TrustStrategy veryNaive = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
};
SSLContext sslcontext = SSLContexts.custom()
.loadTrustMaterial(veryNaive)
.build();
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(new SSLConnectionSocketFactory(sslcontext))
.build();
try {
HttpGet httpget = new HttpGet("https://company.com");
try (CloseableHttpResponse response = httpclient.execute(httpget);) {
HttpEntity entity = response.getEntity();
System.out.println(EntityUtils.toString(entity));
EntityUtils.consume(entity);
}
} finally {
httpclient.close();
}
Changing the SSLContext
to SSLContexts.createSystemDefault();
将
SSLContext
更改为SSLContexts.createSystemDefault();
re-introduces the problem, just to demonstrate that it's also present for the Apache library.重新介绍这个问题,只是为了证明它也存在于 Apache 库中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.