我试图通过atlassian rest api java框架连接到我的Jira:
JiraRestClientFactory factory = new AsynchronousJiraRestClientFactory();
JiraRestClient client = factory.createWithBasicHttpAuthentication(uri, userName, password);
但这会导致错误:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我认为这是因为我为我的Jira使用了自签名证书。有没有办法为JiraRestClientFactory转换证书验证至少用于开发目的?
答案 0 :(得分:2)
您可以尝试以下方式。以下代码将跳过证书验证并使用CloseableHTTPClient实例来访问Jira rest API
private void getTicketDetails(URI url, String userid, String password)
throws NoSuchAlgorithmException, KeyManagementException {
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] arg0, String arg1)
throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] arg0, String arg1)
throws CertificateException {
}
} };
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
JiraRestClientFactory factory = new AsynchronousJiraRestClientFactory();
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(new AuthScope(url.getHost(), url.getPort()),
new UsernamePasswordCredentials(userid, password));
CloseableHttpClient httpClient = HttpClients.custom().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
.setSslcontext(sc).setDefaultCredentialsProvider(credsProvider).build();
JiraRestClient client = factory.create(url, (HttpClient) httpClient);
}
答案 1 :(得分:1)
将自签名证书添加到本地JVM TrustStore会更为谨慎。
但是,您可以通过使用A方法创建客户端对象来禁用检查。应该可以提供您自己的operator =(const A&)实例来禁用证书验证。看起来Atlassian使用自定义工厂和装饰器重新打包Apache HttpClient库,因此您必须深入研究int库源代码。
有AsynchronousJiraRestClientFactory.create(URI, HttpClient)标志。应该可以创建自己的HttpClient方法版本,其中当前创建了一个空的attlassian-httpclient-*:
com.atlassian.httpclient.api.factory.HttpClientOptions#setTrustSelfSignedCertificates(boolean)答案 2 :(得分:0)
感谢您的回复!我最终得到的解决方案是基于Karol Dowbeckis的回答:
JiraRestClientFactory factory = new AsynchronousJiraRestClientFactory();
HttpClientOptions options = new HttpClientOptions();
options.setTrustSelfSignedCertificates(true);
DefaultHttpClientFactory defaultHttpClientFactory = new DefaultHttpClientFactory(new NoOpEventPublisher(),
new RestClientApplicationProperties(JIRA_URI), new ThreadLocalContextManager() {
@Override
public Object getThreadLocalContext() {
return null;
}
@Override
public void setThreadLocalContext(Object context) {
}
@Override
public void clearThreadLocalContext() {
}
});
HttpClient httpClient = defaultHttpClientFactory.create(options);
AtlassianHttpClientDecorator atlassianHttpClientDecorator = new AtlassianHttpClientDecorator(httpClient, new BasicHttpAuthenticationHandler(userName, password)) {
@Override
public void destroy() throws Exception {
defaultHttpClientFactory.dispose(httpClient);
}
};
JiraRestClient client = factory.create(JIRA_URI, atlassianHttpClientDecorator);
我必须添加自己的NoOpEventPublisher和RestClientApplicationProperties的简单实现,因为atlassian类是私有的。
答案 3 :(得分:0)
我知道你在不使用信任存储的情况下寻找解决方案。但我不认为你的解决方案是一个好的做法。例如,您现在将信任每个证书,并且您必须在生产环境中部署时禁用您的解决方法。
正如您所注意到的 - 这是由您的自签名ssl证书未在信任存储中注册引起的。但是,不应该信任所有证书,而应该将自己的自签名证书添加到java信任库。解决起来既简单又快捷。
keytool -genkeypair -alias alias_name -keyalg RSA -validity #_of_days -keysize 2048 -keystore path_to_keystore_file
可以在
找到默认信任库{JAVA_HOME}/jre/lib/security/cacerts
您还可以创建自定义信任存储区,并在启动应用程序时将路径作为参数传递。
有关信任商店的更多信息和示例,请访问:
https://docs.oracle.com/cd/E54932_01/doc.705/e54936/cssg_create_ssl_cert.htm#CSVSG178