Apache HTTP 客戶端 loadTrustMaterial 不工作

Question

首先，源代碼中沒有注釋。

org.apache.hc.core5.ssl.SSLContextBuilder#loadTrustMaterial(org.apache.hc.core5.ssl.TrustStrategy)

public SSLContextBuilder loadTrustMaterial(
        final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException {
    return loadTrustMaterial(null, trustStrategy);
}

這是代碼會觸發混淆行為，它與apache官方演示Apache演示相同

@Test
void customStrategy() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException, IOException, ParseException {

    SSLContextBuilder sslContextBuilder = SSLContexts.custom();
    sslContextBuilder.loadTrustMaterial((chain, authType) -> false);
    SSLContext sslcontext = sslContextBuilder.build();

    SSLConnectionSocketFactoryBuilder sslConnectionSocketFactoryBuilder = SSLConnectionSocketFactoryBuilder.create();
    sslConnectionSocketFactoryBuilder.setSslContext(sslcontext);
    sslConnectionSocketFactoryBuilder.setTlsVersions(TLS.V_1_2);
    SSLConnectionSocketFactory sslConnectionSocketFactory = sslConnectionSocketFactoryBuilder.build();

    PoolingHttpClientConnectionManagerBuilder poolingHttpClientConnectionManagerBuilder = PoolingHttpClientConnectionManagerBuilder.create();
    poolingHttpClientConnectionManagerBuilder.setSSLSocketFactory(sslConnectionSocketFactory);
    HttpClientConnectionManager httpClientConnectionManager = poolingHttpClientConnectionManagerBuilder.build();

    HttpClientBuilder httpClientBuilder = HttpClients.custom();
    httpClientBuilder.setConnectionManager(httpClientConnectionManager);
    CloseableHttpClient closeableHttpClient = httpClientBuilder.build();

    HttpClientContext clientContext = HttpClientContext.create();

    CloseableHttpResponse response = closeableHttpClient.execute(new HttpGet("https://www.baidu.com"), clientContext);

    System.out.println("BODY-Length " + EntityUtils.toString(response.getEntity()).length());

    SSLSession sslSession = clientContext.getSSLSession();

    System.out.println(sslSession.getPeerHost() + ":" + sslSession.getPeerPort());
}

output 是：

... ...
BODY-Length 2443
www.baidu.com:443

即使我在我的自定義 TrustStrategy 中直接返回false 。

sslContextBuilder.loadTrustMaterial((chain, authType) -> {
    throw new CertificateException();
});

那會中斷連接，但是我不認為接口返回false，而是僅在異常正確使用時才中斷。

問題：為什么 return false 不起作用？ Thorw execption 讓我感覺不對，這是設計的嗎？

Answer 1

請參閱TrustStrategy#isTrusted的 javadocs。 如果TrustStrategy從isTrusted方法返回 false，則證書驗證由 SSL 上下文中配置的信任管理器執行。

Apache HTTP 客戶端 loadTrustMaterial 不工作

問題描述

1 個解決方案

解決方案1
1 已采納 2021-01-06 19:01:38

Apache HTTP 客戶端 loadTrustMaterial 不工作

問題描述

1 個解決方案

解決方案1 1 已采納 2021-01-06 19:01:38

解決方案1
1 已采納 2021-01-06 19:01:38