我正在尝试使用Apache HttpComponents库对JBoss服务器进行HTTP GET调用。当我使用http URL执行此操作时,它可以正常工作,但是当我使用https URL时,它不起作用。这是我的代码:
public static String HttpGET(String requestURL, Cookie cookie)
throws HttpException {
DefaultHttpClient httpClient = new DefaultHttpClient();
if (cookie != null) {
CookieStore store = new BasicCookieStore();
store.addCookie(cookie);
((AbstractHttpClient) httpClient).setCookieStore(store);
}
HttpGet httpGet = new HttpGet(requestURL);
HttpResponse response = null;
HttpEntity responseEntity = null;
String responseBody = null;
try {
response = httpClient.execute(httpGet);
// Do some more stuff...
} catch (SSLPeerUnverifiedException ex) {
// Message "peer not authenticated" means the server presented
// a certificate that was not found in the local truststore.
throw new HttpException("HTTP GET request failed; possible"
+ " missing or invalid certificate: " + ex.getMessage());
} catch (IOException e) {
e.printStackTrace();
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpClient.getConnectionManager().shutdown();
}
return responseBody;
}
我在SSLPeerUnverifiedException我的GET电话时收到了execute()。错误消息是:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
经过一些广泛的谷歌搜索并搜索StackOverflow问题后,我一直看到这个建议,所以我在DefaultHttpClient周围添加了这个包装器,如下所示:
private static HttpClient wrapClient(HttpClient httpClient) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs,
String string) {
}
public void checkServerTrusted(X509Certificate[] xcs,
String string) {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
X509HostnameVerifier verifier = new X509HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return false;
}
@Override
public void verify(String arg0, SSLSocket arg1)
throws IOException { }
@Override
public void verify(String arg0, X509Certificate arg1)
throws SSLException { }
@Override
public void verify(String arg0, String[] arg1, String[] arg2)
throws SSLException { }
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory socketFactory = new SSLSocketFactory(ctx);
socketFactory.setHostnameVerifier(verifier);
Scheme sch = new Scheme("https", 443, socketFactory);
httpClient.getConnectionManager().getSchemeRegistry().register(sch);
return httpClient;
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
但这只会产生不同的错误:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
我相信证书设置正确,因为使用Jersey库编写的与此服务器建立连接的其他代码能够成功完成。但是,我没有看到我在Apache HttpComponents上做错了什么。有任何想法吗?如果我犯了明显的错误,我很抱歉,我是SSL的新手,并且我还没有完全理解我在做什么。谢谢你的帮助!
答案 0 :(得分:0)
这可能是由于您的服务器需要服务器名称指示。
由于Apache HTTP Client 4.2.2似乎不支持SNI(即使使用Java 7也不会发送server_name扩展名),您可能获得的证书与您获得的证书不同与其他使用SNI的库。
似乎有办法拥有SNI support with Apache HTTP Client 4.3(但你至少还需要Java 7)。