Dropwizard客户端处理自签名证书

时间:2016-10-17 04:54:33

标签: ssl ssl-certificate dropwizard jersey-client

Dropwizard相当新。

我找到了很多解决方案来处理Jersey和ssl自签名证书。 Dropwizard版本是0.9.2

我试过设置SSLContext但是我得到了

The method sslContext(SSLContext) is undefined for the type JerseyClientBuilder

代码:

   TrustManager[] certs = new TrustManager[]{
          new X509TrustManager() {
              @Override
              public X509Certificate[] getAcceptedIssuers() {
                  return null;
              }

              @Override
              public void checkServerTrusted(X509Certificate[] chain, String authType)
                      throws CertificateException {
              }

              @Override
              public void checkClientTrusted(X509Certificate[] chain, String authType)
                      throws CertificateException {
              }
          }
  };

  public static class TrustAllHostNameVerifier implements HostnameVerifier {

      public boolean verify(String hostname, SSLSession session) {
          return true;
      }

  }
  private Client getWebClient(AppConfiguration configuration, Environment env) {
      SSLContext ctx = SSLContext.getInstance("SSL");
      ctx.init(null, certs, new SecureRandom());
      Client client = new JerseyClientBuilder(env)
          .using(configuration.getJerseyClient())
          .sslContext(ctx)
          .build("MyClient");
      return client;
  }

配置部分:

private JerseyClientConfiguration jerseyClient = new JerseyClientConfiguration();

public JerseyClientConfiguration getJerseyClient() {
    return jerseyClient;   
}

2 个答案:

答案 0 :(得分:3)

我发现只使用配置

的简单解决方案 
jerseyClient:
  tls:
    verifyHostname: false
    trustSelfSignedCertificates: true

答案 1 :(得分:0)

我认为要在0.9.2中创建一个不安全的客户端,你会使用一个ConnectionSocketFactory注册表,比如...... 

    final SSLContext sslContext = SSLContext.getInstance("SSL");

    sslContext.init(null, new TrustManager[] { new X509TrustManager() {
            @Override
            public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
                    throws java.security.cert.CertificateException {
            }
            @Override
            public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
                    throws java.security.cert.CertificateException {
            }
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        } }, new SecureRandom());


    final SSLConnectionSocketFactory sslConnectionSocketFactory =
            new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

    final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
            .register("https", sslConnectionSocketFactory)
            .register("http", PlainConnectionSocketFactory.INSTANCE)
            .build();

    builder.using(registry);

    Client client = new JerseyClientBuilder(env)
      .using(configuration.getJerseyClient())
      .using(registry)
      .build("MyInsecureClient");
相关问题
最新问题