[英]HttpUnit WebConversation SSL Issues
How can I ignore SSL certificate issues from the context of the WebConversation
or WebRequest
object? 如何从
WebConversation
或WebRequest
对象的上下文中忽略SSL证书问题? I know I can create a fake TrustManager
that accepts all certificates but how can I set this in the HttpUnit context? 我知道我可以创建一个伪造的
TrustManager
来接受所有证书,但是如何在HttpUnit上下文中设置它呢?
Here is the exception I am getting: 这是我得到的例外:
[Security:090508]Certificate chain received from my.domain.com - NUM.NUM.NUM.NUM was incomplete.,
[Security:090477]Certificate chain received from my.domain.com - NUM.NUM.NUM.NUM was not trusted causing SSL handshake failure.
I need to somehow set the SSLSocket settings to the WebConversation or WebRequest object; 我需要以某种方式将SSLSocket设置设置为WebConversation或WebRequest对象; looking at the JavaDocs for HttpUnit there is no such method or constructor to do so.
查看HttpUnit的JavaDocs,没有这样的方法或构造函数。 Is there a way I can wrap this inside some object which has exposed SSLSocket properties?
有什么办法可以将其包装在某些具有SSLSocket属性的对象中?
What worked for me was using this tool to add the server's invalid cert to a new keystore (creates a file jssecacerts), then replace my existing keystore with the new one. 对我有用的是使用此工具将服务器的无效证书添加到新的密钥库(创建文件jssecacerts),然后用新密钥库替换现有的密钥库。
cp cacerts cacerts.bak cp ~/tools/jssecacerts cacerts cp cacerts cacerts.bak cp〜/ tools / jssecacerts cacerts
HttpUnit worked fine after that. HttpUnit在此之后运行良好。
If you have access to the WebClient you can do this to skip SSL certificate validation: 如果您有权访问WebClient,则可以执行以下操作以跳过SSL证书验证:
WebClient client = new WebClient();
client.getOptions().setUseInsecureSSL(true);
According to this FAQ entry , it seems that HttpUnit is using the SSL implementation provided by the Java standard library. 根据此FAQ条目 ,看来HttpUnit正在使用Java标准库提供的SSL实现。 Writing and installing an "accept all"
TrustManager
is straightforward: 编写和安装“全部接受”的
TrustManager
很简单:
private static class AnyTrustManager implements X509TrustManager
{
public void checkClientTrusted(X509Certificate[] chain, String authType)
{
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
{
}
public X509Certificate[] getAcceptedIssuers()
{
return new X509Certificate[0];
}
}
static {
try {
SSLContext ssl = SSLContext.getInstance("SSL");
ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory());
} catch (NoSuchAlgorithmException ex) {
throw new Error(ex);
} catch (KeyManagementException ex) {
throw new Error(ex);
}
}
However you should keep in mind that this code sample may need some modifications to work with HttpUnit (for instance if the library establishes the connections using a custom SocketFactory) 但是,请记住,此代码示例可能需要进行一些修改才能与HttpUnit一起使用(例如,如果库使用自定义SocketFactory建立连接)
Since it seems that HttpUnit does not provide any API to set a custom SSLSocketFactry here is an alternative solution setting the default SSL context (Java 6 only) 由于HttpUnit似乎没有提供任何API来设置自定义SSLSocketFactry,因此这里是设置默认SSL上下文的替代解决方案(仅Java 6)
static {
try {
SSLContext ssl = SSLContext.getDefault();
ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
} catch (NoSuchAlgorithmException ex) {
throw new Error(ex);
} catch (KeyManagementException ex) {
throw new Error(ex);
}
}
A little late, i only just ran into this issue, but i managed to get httpunit 1.7.2
working with AnyTrustManager
as per Jsc
's answer with the following code (httpunit uses HttpsURLConnectionOldImpl
under de hood): 有点晚了,我只是遇到了这个问题,但是我设法按照
Jsc
的回答,使用以下代码使AnyTrustManager
httpunit 1.7.2
与AnyTrustManager
一起工作( AnyTrustManager
在下面使用HttpsURLConnectionOldImpl
):
static {
try {
SSLContext ssl = SSLContext.getInstance("TLS");
ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.setDefaultSSLSocketFactory(ssl.getSocketFactory());
} catch (NoSuchAlgorithmException ex) {
throw new Error(ex);
} catch (KeyManagementException ex) {
throw new Error(ex);
}
}
as of 2019, with an oracle 8 jvm on a mac, and httpunit 1.7, Jcs' answer from 8 years ago is still very close, just needs one more line. 截至2019年,在Mac上使用oracle 8 jvm和httpunit 1.7,8年前的Jcs回答仍然非常接近,只需要多一行即可。
// trust anything.
static void setupSSL() {
if(sslSetupDone) {
return;
}
// System.setProperty("javax.net.debug", "ssl");
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
SSLContext sc = null;
try {
sc = SSLContext.getInstance("TLS"); // formerly "ssl"
sc.init(null, trustAllCerts, null);
SSLContext.setDefault(sc); //<====== one more line needed
} catch (Exception e) {
e.printStackTrace(System.out);
}
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String urlHostname, SSLSession sslSession) {
return true;
}
});
sslSetupDone = true;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.