Glassfish如何信任过期的SSL证书

时间:2016-09-24 02:27:27

标签: java security ssl https glassfish

我尝试在玻璃鱼服务器上设置SpringSecurity CAS身份验证,并且服务器具有过期的自签名证书。我设法导入了证书,但我仍然收到以下错误:

  

FAILURE:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径验证失败:java.security.cert.CertPathValidatorException:时间戳检查失败

显然,这意味着我们有一个时间戳(过期的证书)错误。

我已经读过可能有办法编写自定义SSLContext来处理此特定证书并将其列入白名单 - 但我真的很困惑我将如何注入自定义{{1混合。

这是我在SSLContext中执行的操作,还是只是放入代码或其他内容?

由于

1 个答案:

答案 0 :(得分:0)

好吧,看起来我发现了一种可怕的方法。我把这个 SSLHelper 类扔进了我的项目,它只是做了神奇的事情

import com.sun.net.ssl.HostnameVerifier;
import com.sun.net.ssl.HttpsURLConnection;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;

/*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */
/**
 *
 * @author jstein
 */
public class SSLHelper {

    static {
        disableSslVerification();
    }

    private static void disableSslVerification() {
        try {
            TrustManager[] trustAllCerts;
            trustAllCerts = new TrustManager[]{new X509TrustManager() {
                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                @Override
                public boolean isClientTrusted(java.security.cert.X509Certificate[] xcs) {
                    return true;
                }

                @Override
                public boolean isServerTrusted(java.security.cert.X509Certificate[] xcs) {
                    return true;
                }
            }};

            // Install the all-trusting trust manager
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

            HostnameVerifier allHostsValid;
            allHostsValid = new HostnameVerifier() {

                @Override
                public boolean verify(String string, String string1) {
                    return true;
                }
            };

            // Install the all-trusting host verifier
            HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
    }
}

突然一切正常:)

相关问题
最新问题