如何从WebConversation或WebRequest对象的上下文中忽略SSL证书问题?我知道我可以创建一个接受所有证书的假TrustManager但是如何在HttpUnit上下文中设置它?
以下是我得到的例外情况:
[Security:090508]Certificate chain received from my.domain.com - NUM.NUM.NUM.NUM was incomplete.,
[Security:090477]Certificate chain received from my.domain.com - NUM.NUM.NUM.NUM was not trusted causing SSL handshake failure.
我需要以某种方式将SSLSocket设置设置为WebConversation或WebRequest对象;查看用于HttpUnit的JavaDocs,没有这样的方法或构造函数。有没有办法将它包装在一个暴露SSLSocket属性的对象中?
答案 0 :(得分:2)
对我有用的是使用this tool将服务器的无效证书添加到新的密钥库(创建文件jssecacerts),然后用新的密钥库替换现有的密钥库。
cp cacerts cacerts.bak
cp~ / tools / jssecacerts cacerts
之后HttpUnit工作得很好。
答案 1 :(得分:1)
根据this FAQ entry,似乎HttpUnit正在使用Java标准库提供的SSL实现。编写和安装“全部接受”TrustManager非常简单:
private static class AnyTrustManager implements X509TrustManager
{
public void checkClientTrusted(X509Certificate[] chain, String authType)
{
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
{
}
public X509Certificate[] getAcceptedIssuers()
{
return new X509Certificate[0];
}
}
static {
try {
SSLContext ssl = SSLContext.getInstance("SSL");
ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory());
} catch (NoSuchAlgorithmException ex) {
throw new Error(ex);
} catch (KeyManagementException ex) {
throw new Error(ex);
}
}
但是,您应该记住,此代码示例可能需要一些修改才能使用HttpUnit(例如,如果库使用自定义SocketFactory建立连接)
由于HttpUnit似乎没有提供任何API来设置自定义SSLSocketFactry,因此这是另一种设置默认SSL上下文的解决方案(仅限Java 6)
static {
try {
SSLContext ssl = SSLContext.getDefault();
ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
} catch (NoSuchAlgorithmException ex) {
throw new Error(ex);
} catch (KeyManagementException ex) {
throw new Error(ex);
}
}
答案 2 :(得分:1)
如果您有权访问WebClient,则可以跳过SSL证书验证:
WebClient client = new WebClient();
client.getOptions().setUseInsecureSSL(true);
答案 3 :(得分:0)
有点晚了,我只是遇到了这个问题,但我设法让httpunit 1.7.2根据AnyTrustManager的答案使用Jsc使用以下代码( httpunit在引擎盖下使用HttpsURLConnectionOldImpl:
static {
try {
SSLContext ssl = SSLContext.getInstance("TLS");
ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.setDefaultSSLSocketFactory(ssl.getSocketFactory());
} catch (NoSuchAlgorithmException ex) {
throw new Error(ex);
} catch (KeyManagementException ex) {
throw new Error(ex);
}
}
答案 4 :(得分:0)
截至2019年,在Mac上使用oracle 8 jvm和httpunit 1.7,Jcs在8年前的回答仍然非常接近,只需要多一行。
// trust anything.
static void setupSSL() {
if(sslSetupDone) {
return;
}
// System.setProperty("javax.net.debug", "ssl");
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
SSLContext sc = null;
try {
sc = SSLContext.getInstance("TLS"); // formerly "ssl"
sc.init(null, trustAllCerts, null);
SSLContext.setDefault(sc); //<====== one more line needed
} catch (Exception e) {
e.printStackTrace(System.out);
}
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String urlHostname, SSLSession sslSession) {
return true;
}
});
sslSetupDone = true;
}