堆栈内存溢出
  简体   繁体   English

如何测试X509TrustManager子类?

[英]How to test X509TrustManager subclass?

 原文  2012-05-22 21:44:32       java/ ssl/ junit/ cryptography/ x509certificate

问题描述

I subclassed javax.net.ssl.X509TrustManager so I could use a private SSL cert. 我将javax.net.ssl.X509TrustManager子类化,因此可以使用私有SSL证书。 Now I am trying to write a JUnit test for my class, but the test cases keep giving me a null pointer exception. 现在,我正在尝试为我的类编写一个JUnit测试,但是测试用例不断给我一个空指针异常。

Eg my implementation of checkClientTrusted() is an empty method. 例如,我的checkClientTrusted()是一个空方法。 However, when I call that method with a (supposedly) valid instance of X509Certificate[] (and any sort of String for that matter), JUnit reports a NullException at that line of test code. 但是,当我使用(假定)有效的X509Certificate[]实例(以及与此相关的任何类型的String)调用该方法时,JUnit在该行测试代码中报告NullException Any suggestions as to what I am missing? 关于我所缺少的任何建议吗?

2 个解决方案

解决方案1
 7  2012-05-22 22:06:06

Subclassing 'X509TrustManager' just for the use of a self signed certificate (I assume thats what you mean with 'private SSL cert' ?) is a bit overkill. 仅仅为了使用自签名证书而将“ X509TrustManager”子类化(我假设这是您所说的“专用SSL证书”的意思?),有点过头了。 Easier ways to use such a certificate are: 使用这种证书的更简单方法是:

Use a keystore file (truststore) with the certificate (or the certificate of the CA with which you created your self signed certificate) and point your application to that. 将密钥库文件(信任库)与证书(或用于创建自签名证书的CA的证书)一起使用,然后将应用程序指向该证书。 All you have to do is make sure the 'SSLContext' knows about your truststore. 您要做的就是确保“ SSLContext”了解您的信任库。 Take a look at the (really well written) article Custom SSL for advanced JSSE developers for details. 有关详细信息,请参阅(写得很好) 为高级JSSE开发人员定制的SSL文章。 Technically this is even safer then using the global JRE truststore since only your certificate will be accepted as valid. 从技术上讲,这比使用全局JRE信任库更为安全,因为仅将您的证书视为有效证书。

Add the certificate (or the certificate of the CA with which you created your self signed certificate) to the global truststore of the JRE with 'keytool'. 使用“ keytool”将证书(或用于创建自签名证书的CA的证书)添加到JRE的全局信任库中。 The global JRE truststore is located in '$JAVA_HOME/lib/security/cacerts'. 全局JRE信任库位于“ $ JAVA_HOME / lib / security / cacerts”中。 The password of the JRE truststore is always 'changeit'. JRE信任库的密码始终为“ changeit”。 Although this way obviously makes deployment harder, since sometimes you don't control the JRE installation. 尽管这种方式显然使部署更加困难,但是由于有时您无法控制JRE安装。

解决方案2
 1 已采纳  2012-05-23 13:11:14

The problem was I subclassed my test class from junit.framework.TestCase , which caused my @BeforeClass setup method not to get called (and therefore the variables I instantiated there were still null). 问题是我从junit.framework.TestCase我的测试类,这导致我的@BeforeClass设置方法没有被调用(因此我实例化的变量仍然为null)。 After deleting that, things are working now. 删除后,一切正常。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在X509TrustManager中启用OCSP? - How to enable OCSP in X509TrustManager? 实现 X509TrustManager - Implementing X509TrustManager X509TrustManager实现不可用htmlunit - No X509TrustManager implementation available htmlunit 没有X509TrustManager实现可用 - No X509TrustManager Implementation available 在Java中还原SSL X509TrustManager - Restore SSL X509TrustManager in Java X509TrustManager覆盖而不允许所有证书? - X509TrustManager Override without allowing ALL certs? 使用X509TrustManager:checkServerTrusted的自签名证书验证 - Self signed cert validation using X509TrustManager:checkServerTrusted X509TrustManager checkServerTrusted with TLSv1.3 - X509TrustManager checkServerTrusted with TLSv1.3 默认 X509TrustManager 和通配符主机名验证? - Default X509TrustManager and wildcard hostname validation? 在X509TrustManager中,方法“ getAcceptedIssuers”用于什么? - In X509TrustManager, what are method “getAcceptedIssuers” used for?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM