我正在尝试向以下地址发送请求。证书无效,我想忽略它。我根据我对1,2的研究编写了以下代码,但我无法完成。我使用的是Java 1.7,
https://api.stubhubsandbox.com/search/catalog/events/v3
代码
private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers(){
return null;
}
public void checkClientTrusted( X509Certificate[] certs, String authType ){}
public void checkServerTrusted( X509Certificate[] certs, String authType ){}
public void checkClientTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
}
};
public static void main(String[] args) {
TrustStrategy acceptingTrustStrategy =
SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
.loadTrustMaterial(null, acceptingTrustStrategy)
.build();
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(csf)
.build();
HttpComponentsClientHttpRequestFactory requestFactory =
new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
RestTemplate restTemplate = new RestTemplate(requestFactory);
String url = "https://api.stubhubsandbox.com/search/catalog/events/v3";
RestTemplate rest = new RestTemplate();
Map<String, String> mvm = new HashMap<String, String>();
mvm.put("Authorization", "Bearer TOKEEEEEEEN");
Object object = rest.postForObject(url, null, Object.class, mvm);
System.err.println("done");
}
答案 0 :(得分:21)
您可能已经注意到,Spring的RestTemplate将所有与HTTP(S)相关的内容委托给ClientHttpRequestFactory的底层实现。由于您使用的是基于HttpClient的实现,因此以下是有关如何为内部HttpClient实现此目的的一些有用的SO链接:
显然,从版本4.4开始,可以这样做:
CloseableHttpClient httpClient = HttpClients.custom().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
答案 1 :(得分:8)
为了绕过几个spring项目中的SSL检查,我总是重复使用我之前与spring的RestTemplate一起编写(或找到)的SSLUtils类。使用下面提供的类,您只需在发送请求之前调用静态SSLUtil.turnOffSslChecking()方法。
import javax.net.ssl.*;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public final class SSLUtil{
static {
//for localhost testing only
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
new javax.net.ssl.HostnameVerifier(){
public boolean verify(String hostname,
javax.net.ssl.SSLSession sslSession) {
if (hostname.equals("localhost")) {
return true;
}
return false;
}
});
}
private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers(){
return null;
}
public void checkClientTrusted( X509Certificate[] certs, String authType ){}
public void checkServerTrusted( X509Certificate[] certs, String authType ){}
}
};
public static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException {
// Install the all-trusting trust manager
final SSLContext sc = SSLContext.getInstance("SSL");
sc.init( null, UNQUESTIONING_TRUST_MANAGER, null );
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
public static void turnOnSslChecking() throws KeyManagementException, NoSuchAlgorithmException {
// Return it to the initial state (discovered by reflection, now hardcoded)
SSLContext.getInstance("SSL").init( null, null, null );
}
private SSLUtil(){
throw new UnsupportedOperationException( "Do not instantiate libraries.");
}
}
试一试。希望这可行,并为您提供简单的解决方案。
答案 2 :(得分:7)
不确定jdk6之后是否有变化,但上次我尝试这样做时,我们需要将SSL证书导入到JAVA_HOME的密钥库中,该密钥库用于使用可信的ssl运行程序。
首先,您需要将证书导出到文件中。在Windows中,您可以使用任何浏览器将SSL证书保存到个人证书存储区,然后运行mmc,添加证书snapin(文件/添加删除Snapin)并将证书保存到磁盘。
然后,您需要使用keytool将证书导入受信任的域cacerts。但是您需要将它导入到java_home在运行上述程序时使用的密钥库。
以下命令将添加证书文件&#34; mycertificate.cer&#34;到文件中的密钥库&#34; cacerts.jks&#34;。别名是&#34; webservice&#34; :
"%JAVA_HOME%\bin\keytool" -import -trustcacerts -alias webservice -file mycertificate.cer -keystore cacerts.jks
通常,密钥库密码是&#34; changeit&#34;,没有引号。将其更改为生产用途
答案 3 :(得分:7)
将 SSLContext 和 X509TrustManager 以及 HostnameVerifier 实例添加到http ClientBuilders 。 例如,他们可以(举个例子)
这是Apache HttpClient&amp;的示例代码。 OkHttpClient。它用于演示目的但你可以使用它
Apache HttpClient
1和OkHttpClient
<script src="https://cdnjs.cloudflare.com/ajax/libs/ag-grid/7.2.2/ag-grid.min.js"></script>
<div id="myGrid" style="height: 100%; height:200px;" class="ag-fresh"></div>
<script type="text/javascript">
var columnDefs = [
{headerName: "Make", field: "make"},
{headerName: "Model", field: "model"},
{headerName: "Price", field: "price"}
];
var rowData = [
{make: "Toyota", model: "Celica", price: 35000},
{make: "Ford", model: "Mondeo", price: 32000},
{make: "Porsche", model: "Boxter", price: 72000}
];
var gridOptions = {
columnDefs: columnDefs,
rowData: rowData
};
var eGridDiv = document.querySelector('#myGrid');
new agGrid.Grid(eGridDiv, gridOptions);
</script>SSLClientFactory是自定义类
RestTemplate restTemplate = new RestTemplate(SSLClientFactory.getClientHttpRequestFactory(HttpClientType.HttpClient));
答案 4 :(得分:1)
如果您正在使用Apache httpClient 4.5:
public static void main(String... args) {
try (CloseableHttpClient httpclient = createAcceptSelfSignedCertificateClient()) {
HttpGet httpget = new HttpGet("https://example.com");
System.out.println("Executing request " + httpget.getRequestLine());
httpclient.execute(httpget);
System.out.println("----------------------------------------");
} catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException | IOException e) {
throw new RuntimeException(e);
}
}
private static CloseableHttpClient createAcceptSelfSignedCertificateClient()
throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
// use the TrustSelfSignedStrategy to allow Self Signed Certificates
SSLContext sslContext = SSLContextBuilder
.create()
.loadTrustMaterial(new TrustSelfSignedStrategy())
.build();
// we can optionally disable hostname verification.
// if you don't want to further weaken the security, you don't have to include this.
HostnameVerifier allowAllHosts = new NoopHostnameVerifier();
// create an SSL Socket Factory to use the SSLContext with the trust self signed certificate strategy
// and allow all hosts verifier.
SSLConnectionSocketFactory connectionFactory = new SSLConnectionSocketFactory(sslContext, allowAllHosts);
// finally create the HttpClient using HttpClient factory methods and assign the ssl socket factory
return HttpClients
.custom()
.setSSLSocketFactory(connectionFactory)
.build();
}
答案 5 :(得分:0)
@Bean
public RestTemplate getRestTemplate() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
return new RestTemplate(requestFactory);
}
此代码绕过证书验证,您可以通过接受所有主机和证书以不安全的方式进行连接。这段代码对我有用
答案 6 :(得分:0)
@SebastiánEzquerro发布的SSLUtils解决方案已被发现。我使用RestTemplate和FeignClient进行了测试-像冠军一样。非常感谢所有贡献者。如果您想知道Feign客户解决方案,这里是:
@Bean
public BasicAuthRequestInterceptor basicAuthRequestInterceptor() {
BasicAuthRequestInterceptor auth = new BasicAuthRequestInterceptor(username, password);
RequestTemplate template = new RequestTemplate();
template.header(HttpHeaders.ACCEPT, "application/json");
template.header(HttpHeaders.CONTENT_TYPE, "application/json");
auth.apply(template);
// disable SSL self signed certificate check
try {
SSLUtil.turnOffSslChecking();
} catch (NoSuchAlgorithmException e) {
log.error("Error disabling SSL check", e);
} catch (KeyManagementException e) {
log.error("Error disabling SSL check", e);
}
return auth;
}
答案 7 :(得分:-1)
您可以使用此代码:
@Bean
public RestTemplate restTemplate()
throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
.loadTrustMaterial(null, acceptingTrustStrategy)
.build();
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(csf)
.build();
HttpComponentsClientHttpRequestFactory requestFactory =
new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
RestTemplate restTemplate = new RestTemplate(requestFactory);
return restTemplate;
}
将lambda表达式替换为:
TrustStrategy acceptingTrustStrategy = new TrustStrategy() {
@Override public boolean isTrusted(X509Certificate[] x509Certificates, String s)
throws CertificateException {
return true;
}
};