Fatal编程技术网
  • java/
  • 使用Java套接字连接到未签名的HTTPs站点

使用Java套接字连接到未签名的HTTPs站点

java sockets

使用Java套接字连接到未签名的HTTPs站点,java,sockets,ssl-certificate,Java,Sockets,Ssl Certificate,我正在尝试设置一个Java程序来连接到使用SSL的我自己的网站。我让它完全适用于标准HTTP站点,但不适用于HTTPs。我的问题是我的证书没有签名 我怎么能让java忽略它没有签名的事实,让我以任何方式连接呢?我在尝试连接时遇到此错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.ce

我正在尝试设置一个Java程序来连接到使用SSL的我自己的网站。我让它完全适用于标准HTTP站点,但不适用于HTTPs。我的问题是我的证书没有签名

我怎么能让java忽略它没有签名的事实,让我以任何方式连接呢?我在尝试连接时遇到此错误:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at util.Watchlist.getWatchListWebsiteReaderSSL(Watchlist.java:51)
    at util.Watchlist.updateWLDP(Watchlist.java:64)
    at util.Watchlist.getWLDP(Watchlist.java:24)
    at commands.devices.cpt.WldpMessage.run(WldpMessage.java:52)
    at cli.Parser.Parse(Parser.java:74)
    at fromUI.UISocketReader.run(UISocketReader.java:54)
    at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 19 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 25 more
您需要创建一个接受未签名证书的TrustManager,并将其与用于HTTPS连接的SSLContext相关联。下面是一个简单的例子

请注意,链接的示例不会对服务器的SSL证书进行任何验证,因此您将无法完全信任您连接到的网站的标识。

您需要创建一个接受未签名证书的TrustManager,并将其与用于HTTPS连接的SSLContext相关联。下面是一个简单的例子

请注意,链接的示例对服务器的SSL证书没有任何验证,因此您将无法完全信任您连接到的网站的身份。

这让我更进一步。我现在收到一个致命警报:坏记录。我认为这可能与服务器上的SSL版本有关。如果你碰巧知道,请告诉我。你的帮助真是太好了!该TrustManager不符合其规范。接受所有证书的技术决不能用于生产代码中,因为它从根本上破坏了SSL安全性。请参阅RFC2246中的讨论。@EJP我只是在进行概念验证,所以削弱SSL是可以的。在生产中SSL将被签署。这让我更进一步。我现在收到一个致命警报:坏记录。我认为这可能与服务器上的SSL版本有关。如果你碰巧知道,请告诉我。你的帮助真是太好了!该TrustManager不符合其规范。接受所有证书的技术决不能用于生产代码中,因为它从根本上破坏了SSL安全性。请参阅RFC2246中的讨论。@EJP我只是在进行概念验证,所以削弱SSL是可以的。将在生产中签署SSL。 
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
  new X509TrustManager() {
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }
    public void checkClientTrusted(
        java.security.cert.X509Certificate[] certs, String authType) {}
    public void checkServerTrusted(
        java.security.cert.X509Certificate[] certs, String authType) {}
  }
};

// Install the all-trusting trust manager
try {
  SSLContext sc = SSLContext.getInstance("SSL");
  sc.init(null, trustAllCerts, new java.security.SecureRandom());
  HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}

// Now you can access an https URL without having the certificate in the 
// truststore
try {
  URL url = new URL("https://hostname/index.html");
} catch (MalformedURLException e) {
}