[英]HttpUnit WebConversation SSL Issues
如何从WebConversation
或WebRequest
对象的上下文中忽略SSL证书问题? 我知道我可以创建一个伪造的TrustManager
来接受所有证书,但是如何在HttpUnit上下文中设置它呢?
这是我得到的例外:
[Security:090508]Certificate chain received from my.domain.com - NUM.NUM.NUM.NUM was incomplete.,
[Security:090477]Certificate chain received from my.domain.com - NUM.NUM.NUM.NUM was not trusted causing SSL handshake failure.
我需要以某种方式将SSLSocket设置设置为WebConversation或WebRequest对象; 查看HttpUnit的JavaDocs,没有这样的方法或构造函数。 有什么办法可以将其包装在某些具有SSLSocket属性的对象中?
对我有用的是使用此工具将服务器的无效证书添加到新的密钥库(创建文件jssecacerts),然后用新密钥库替换现有的密钥库。
cp cacerts cacerts.bak cp〜/ tools / jssecacerts cacerts
HttpUnit在此之后运行良好。
如果您有权访问WebClient,则可以执行以下操作以跳过SSL证书验证:
WebClient client = new WebClient();
client.getOptions().setUseInsecureSSL(true);
根据此FAQ条目 ,看来HttpUnit正在使用Java标准库提供的SSL实现。 编写和安装“全部接受”的TrustManager
很简单:
private static class AnyTrustManager implements X509TrustManager
{
public void checkClientTrusted(X509Certificate[] chain, String authType)
{
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
{
}
public X509Certificate[] getAcceptedIssuers()
{
return new X509Certificate[0];
}
}
static {
try {
SSLContext ssl = SSLContext.getInstance("SSL");
ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory());
} catch (NoSuchAlgorithmException ex) {
throw new Error(ex);
} catch (KeyManagementException ex) {
throw new Error(ex);
}
}
但是,请记住,此代码示例可能需要进行一些修改才能与HttpUnit一起使用(例如,如果库使用自定义SocketFactory建立连接)
由于HttpUnit似乎没有提供任何API来设置自定义SSLSocketFactry,因此这里是设置默认SSL上下文的替代解决方案(仅Java 6)
static {
try {
SSLContext ssl = SSLContext.getDefault();
ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
} catch (NoSuchAlgorithmException ex) {
throw new Error(ex);
} catch (KeyManagementException ex) {
throw new Error(ex);
}
}
有点晚了,我只是遇到了这个问题,但是我设法按照Jsc
的回答,使用以下代码使AnyTrustManager
httpunit 1.7.2
与AnyTrustManager
一起工作( AnyTrustManager
在下面使用HttpsURLConnectionOldImpl
):
static {
try {
SSLContext ssl = SSLContext.getInstance("TLS");
ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.setDefaultSSLSocketFactory(ssl.getSocketFactory());
} catch (NoSuchAlgorithmException ex) {
throw new Error(ex);
} catch (KeyManagementException ex) {
throw new Error(ex);
}
}
截至2019年,在Mac上使用oracle 8 jvm和httpunit 1.7,8年前的Jcs回答仍然非常接近,只需要多一行即可。
// trust anything.
static void setupSSL() {
if(sslSetupDone) {
return;
}
// System.setProperty("javax.net.debug", "ssl");
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
SSLContext sc = null;
try {
sc = SSLContext.getInstance("TLS"); // formerly "ssl"
sc.init(null, trustAllCerts, null);
SSLContext.setDefault(sc); //<====== one more line needed
} catch (Exception e) {
e.printStackTrace(System.out);
}
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String urlHostname, SSLSession sslSession) {
return true;
}
});
sslSetupDone = true;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.