以编程方式信任java证书
在单元测试中使用Hoverfly java模拟web服务,并使用HttpClient作为web客户端,发现使用以编程方式信任java证书,java,ssl,mocking,keystore,hoverfly,Java,Ssl,Mocking,Keystore,Hoverfly,在单元测试中使用Hoverfly java模拟web服务,并使用HttpClient作为web客户端,发现使用useSystemProperties()正确传播了Hoverfly代理设置,但是我仍然有TLS错误:未知证书,我必须使用 wget https://raw.githubusercontent.com/SpectoLabs/hoverfly/master/core/cert.pem sudo $JAVA_HOME/bin/keytool -import -alias hoverfly -
useSystemProperties()
正确传播了Hoverfly代理设置,但是我仍然有TLS错误:未知证书,我必须使用
wget https://raw.githubusercontent.com/SpectoLabs/hoverfly/master/core/cert.pem
sudo $JAVA_HOME/bin/keytool -import -alias hoverfly -keystore $JAVA_HOME/jre/lib/security/cacerts -file cert.pem
我需要添加Hoverfly SSL上下文而不使用上述两个命令,我已尝试:
CloseableHttpClient httpClient = httpClientBuilder.useSystemProperties().setSSLContext(SomeTestClass.hoverflyRule.getSslConfigurer().getSslContext()).build();
但仍然有TLS错误,有什么想法吗
我知道可以使用ProcessBuilder
从java代码中运行以上两个命令,但这会带来安全问题,因为它需要sudo访问和不必要的漏洞(这也不起作用) 联系后,我的工作如下
CloseableHttpClient httpClient = HttpClients.custom()
//.setConnectionManager(poolingConnectionManager) //this causes TLS errors so I commented it out until this final issue is solved.
.setRetryHandler(new DefaultHttpRequestRetryHandler(2, true))
.setKeepAliveStrategy(new DefaultConnectionKeepAliveStrategy())
.setDefaultRequestConfig(requestConfig)
.setDefaultCredentialsProvider(credsProvider)
.setDefaultHeaders(headers)
.useSystemProperties()
.build();
我在使用setConnectionManager()
时仍然存在问题(它再次导致TLS错误),这些是我需要为新创建的HttpCleint
添加的设置
PoolingHttpClientConnectionManager poolingConnectionManager = new PoolingHttpClientConnectionManager(30, TimeUnit.SECONDS);
poolingConnectionManager.setMaxTotal(1000);
poolingConnectionManager.setDefaultMaxPerRoute(1000);
更新
解决了问题,在搜索并联系我找到的hoverfly支持人员后,sol我使用
private PoolingHttpClientConnectionManager getPoolingHttpClientConnectionManager() {
SSLConnectionSocketFactory sslsocketFactory = null;
try {
sslsocketFactory = new SSLConnectionSocketFactory(SSLContext.getDefault(), new DefaultHostnameVerifier());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("https", sslsocketFactory)
.register("http", PlainConnectionSocketFactory.INSTANCE)
.build();
PoolingHttpClientConnectionManager poolingConnectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
poolingConnectionManager.setMaxTotal(1000);
poolingConnectionManager.setDefaultMaxPerRoute(1000);
// Used these settings instead of constructor parameters (long timeToLive, TimeUnit timeUnit)
poolingConnectionManager.closeIdleConnections(30, TimeUnit.SECONDS);
return poolingConnectionManager;
}
private poolighttpclientconnectionmanager getpoolighttpclientconnectionmanager(){
SSLConnectionSocketFactory sslsocketFactory=null;
试一试{
sslsocketFactory=新的SSLConnectionSocketFactory(SSLContext.getDefault(),新的DefaultHostnameVerifier());
}捕获(无算法异常){
e、 printStackTrace();
}
注册表socketFactoryRegistry=RegistryBuilder.create()
.register(“https”,sslsocketFactory)
.register(“http”,PlainConnectionSocketFactory.INSTANCE)
.build();
PoolightPClientConnectionManager PooligConnectionManager=新的PoolightPClientConnectionManager(socketFactoryRegistry);
PoolgConnectionManager.setMaxTotal(1000);
PoolgConnectionManager.setDefaultMaxPerRoute(1000);
//使用这些设置而不是构造函数参数(long-timeToLive、TimeUnit-TimeUnit)
PoolgConnectionManager.closeIdleConnections(30,时间单位:秒);
返回池连接管理器;
}
我希望Hoverfly能做这些麻烦事