Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 如何使用ApacheHttpClient忽略SSL证书错误,但记录它_Java_Ssl_Httpclient_Apache Httpclient 4.x_Apache Httpcomponents - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 如何使用ApacheHttpClient忽略SSL证书错误,但记录它

Java 如何使用ApacheHttpClient忽略SSL证书错误,但记录它

java ssl

Java 如何使用ApacheHttpClient忽略SSL证书错误,但记录它,java,ssl,httpclient,apache-httpclient-4.x,apache-httpcomponents,Java,Ssl,Httpclient,Apache Httpclient 4.x,Apache Httpcomponents,有很多关于如何使用ApacheHttpClient忽略SSL证书的示例;我创建了一个客户机。到现在为止,一直都还不错。问题是,当证书无效时,客户端盲目地接受它,就像我告诉它的一样。但我不想静静地接受它;我想记录某种警告,让我知道接受了无效的证书 有没有办法做到这一点 注意:这是用于内部工具,而不是产品代码。我理解并接受忽略证书的风险,因此,请不要开始“比你更神圣”的讲座。这只是一个简单的装饰X509TrustManager实例传递给SSLContext\init方法的问题 static clas

有很多关于如何使用ApacheHttpClient忽略SSL证书的示例;我创建了一个客户机。到现在为止,一直都还不错。问题是,当证书无效时,客户端盲目地接受它,就像我告诉它的一样。但我不想静静地接受它;我想记录某种警告,让我知道接受了无效的证书

有没有办法做到这一点

注意:这是用于内部工具,而不是产品代码。我理解并接受忽略证书的风险,因此,请不要开始“比你更神圣”的讲座。

这只是一个简单的装饰
X509TrustManager
实例传递给
SSLContext\init
方法的问题

static class TrustManagerDelegate implements X509TrustManager {

    private final X509TrustManager trustManager;

    TrustManagerDelegate(final X509TrustManager trustManager) {
        super();
        this.trustManager = trustManager;
    }

    @Override
    public void checkClientTrusted(
            final X509Certificate[] chain, final String authType) throws CertificateException {
        trustManager.checkClientTrusted(chain, authType);
    }

    @Override
    public void checkServerTrusted(
            final X509Certificate[] chain, final String authType) {
        try {
            trustManager.checkServerTrusted(chain, authType);
        } catch (CertificateException ex) {
            // Implement proper logging;
            System.out.println(chain[0]);
            ex.printStackTrace(System.out);
        }
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return trustManager.getAcceptedIssuers();
    }

}


TrustManagerFactory tmfactory=TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmfactory.init((密钥库)null);
最终信任管理器[]tms=tmfactory.getTrustManager();
如果(tms!=null){
对于(int i=0;i
证明了
证书例外
在告诉我失败的域名时是毫无用处的。我最后做了一件事 
TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmfactory.init((KeyStore) null);
final TrustManager[] tms = tmfactory.getTrustManagers();
if (tms != null) {
    for (int i = 0; i < tms.length; i++) {
        final TrustManager tm = tms[i];
        if (tm instanceof X509TrustManager) {
            tms[i] = new TrustManagerDelegate((X509TrustManager) tm);
        }
    }
}
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tms, null);

CloseableHttpClient client = HttpClientBuilder.create()
        .setSSLContext(sslContext)
        .build();