使用在许多论坛上发现的“标准代码”存在一些问题,使我可以跳过Java中可信证书的验证。
我的代码实现了一些旧的wsdl客户端实现。我正在使用jdk 1.8。
public class myClass exteds Service{
public SessionProxy(String baseurl, SSLSocketFactory sslFactory, boolean compression) {
// Get the port
port = super.getPort(new QName("http://host.com/d3s/jel/dk/service/something/v2u1.wsdl", "Port"), Port.class);
// Set the endpoint address
Map<String, Object> context = ((BindingProvider) port).getRequestContext();
if (baseurl != null) {
context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, baseurl);
}
SSLTool.disableCertificateValidation();
if (sslFactory != null) {
context.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslFactory);
}
}
public String recordSessions(CasinoGameSessions sessions) throws
SystemFaultException, UserFaultException {
String result= "";
result += port.recordSessions(sessions) + "\n";
disposeSSLSocketFactory();
return result;
}
这是我发现的SSLTool类(许多其他代码示例确实与此相似)
import javax.net.ssl.*;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
public class SSLTool {
public static void disableCertificateValidation() {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {}
public void checkServerTrusted(X509Certificate[] certs, String authType) {}
}};
// Ignore differences between given hostname and certificate hostname
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) { return true; }
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
} catch (Exception e) {}
} }
运行代码时,尽管我调用SSLTool.disableCertificationValidation()却得到了例外:
aused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_162]
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[?:1.8.0_162]
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038) ~[?:1.8.0_162]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135) ~[?:1.8.0_162]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[?:1.8.0_162]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:1.8.0_162]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[?:1.8.0_162]
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) ~[?:1.8.0_162]
at sun.net.www.protocol.https.AbstractDelegateHttpsUR
这应该意味着我的客户端仍在尝试验证服务器证书并与其进行握手。
我的代码有什么问题? 谢谢。