[英]Apache HTTP Client loadTrustMaterial not working
首先,源代碼中沒有注釋。
org.apache.hc.core5.ssl.SSLContextBuilder#loadTrustMaterial(org.apache.hc.core5.ssl.TrustStrategy)
public SSLContextBuilder loadTrustMaterial(
final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException {
return loadTrustMaterial(null, trustStrategy);
}
這是代碼會觸發混淆行為,它與apache官方演示Apache演示相同
@Test
void customStrategy() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException, IOException, ParseException {
SSLContextBuilder sslContextBuilder = SSLContexts.custom();
sslContextBuilder.loadTrustMaterial((chain, authType) -> false);
SSLContext sslcontext = sslContextBuilder.build();
SSLConnectionSocketFactoryBuilder sslConnectionSocketFactoryBuilder = SSLConnectionSocketFactoryBuilder.create();
sslConnectionSocketFactoryBuilder.setSslContext(sslcontext);
sslConnectionSocketFactoryBuilder.setTlsVersions(TLS.V_1_2);
SSLConnectionSocketFactory sslConnectionSocketFactory = sslConnectionSocketFactoryBuilder.build();
PoolingHttpClientConnectionManagerBuilder poolingHttpClientConnectionManagerBuilder = PoolingHttpClientConnectionManagerBuilder.create();
poolingHttpClientConnectionManagerBuilder.setSSLSocketFactory(sslConnectionSocketFactory);
HttpClientConnectionManager httpClientConnectionManager = poolingHttpClientConnectionManagerBuilder.build();
HttpClientBuilder httpClientBuilder = HttpClients.custom();
httpClientBuilder.setConnectionManager(httpClientConnectionManager);
CloseableHttpClient closeableHttpClient = httpClientBuilder.build();
HttpClientContext clientContext = HttpClientContext.create();
CloseableHttpResponse response = closeableHttpClient.execute(new HttpGet("https://www.baidu.com"), clientContext);
System.out.println("BODY-Length " + EntityUtils.toString(response.getEntity()).length());
SSLSession sslSession = clientContext.getSSLSession();
System.out.println(sslSession.getPeerHost() + ":" + sslSession.getPeerPort());
}
output 是:
... ...
BODY-Length 2443
www.baidu.com:443
即使我在我的自定義 TrustStrategy 中直接返回false
。
sslContextBuilder.loadTrustMaterial((chain, authType) -> {
throw new CertificateException();
});
那會中斷連接,但是我不認為接口返回false,而是僅在異常正確使用時才中斷。
問題:為什么 return false 不起作用? Thorw execption 讓我感覺不對,這是設計的嗎?
請參閱TrustStrategy#isTrusted
的 javadocs。 如果TrustStrategy
從isTrusted
方法返回 false,則證書驗證由 SSL 上下文中配置的信任管理器執行。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.