Java ApacheHttpClient使用自己的SSL证书
我正在尝试使用带有Java7的httpclient 4.0.3连接到https安全的restwebservice。 我的代码如下所示:Java ApacheHttpClient使用自己的SSL证书,java,ssl,apache-httpclient-4.x,Java,Ssl,Apache Httpclient 4.x,我正在尝试使用带有Java7的httpclient 4.0.3连接到https安全的restwebservice。 我的代码如下所示: public static void main(String[] args) throws Exception { ClientRequest req = new ClientRequest("https://127.0.0.16:8443/rest/lstgs/create", new ApacheHttpClient4Executor(do
public static void main(String[] args) throws Exception {
ClientRequest req = new ClientRequest("https://127.0.0.16:8443/rest/lstgs/create", new ApacheHttpClient4Executor(doSSLBlackMagic()));
// ... random stuff that has nothing to do with SSL
ClientResponse<String> response = req.post(String.class);
if (response.getStatus() != 201) {
throw new RuntimeException("error, status: " + response.getStatus() + " / " + response.getEntity());
} else {
System.out.println(response.getEntity());
}
}
public static KeyStore loadTrustStore() throws Exception {
KeyStore trustStore = KeyStore.getInstance("jks");
trustStore.load(new FileInputStream(new File("path-to-truststore")), "password".toCharArray());
return trustStore;
}
protected static TrustManager[] getTrustManagers() throws Exception {
KeyStore trustStore = loadTrustStore();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
return tmf.getTrustManagers();
}
public static HttpClient doSSLBlackMagic() throws Exception {
SSLContext ctx = SSLContext.getInstance("TLS");
TrustManager[] trustManagers = getTrustManagers();
ctx.init(null, trustManagers, new SecureRandom());
SSLSocketFactory factory = new SSLSocketFactory(ctx);
HttpClient client = new DefaultHttpClient();
ClientConnectionManager manager = client.getConnectionManager();
manager.getSchemeRegistry().register(new Scheme("https", factory, 8443));
return client;
}
编辑2:
我在没有HttpClient的情况下尝试了这段纯代码:
public static void main(String[] args) throws Exception {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
System.err.println("foobar");
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
System.err.println("foobar");
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
System.err.println("foobar");
}
} };
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
System.err.println("foobar");
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
URL url = new URL("https://127.0.0.16:8443/rest/lstgs/ofclient/23891");
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
con.connect();
}
它失败并且根本不打印foobar:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1837)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1019)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
at ScrewYouApacheHttpClient.main(ScrewYouApacheHttpClient.java:48)
服务器正在使用的证书在2010年之前是“有效”的,这可能是个问题?昨天,我确实尝试使用我为此测试创建的另一个证书,但得到了相同的结果。可能是您的
TrustManager
正在验证证书,但HTTPS主机名验证失败。考虑添加
factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
我刚刚找到了解决方案:
我们最近刚刚切换到Java7,我在测试中使用的Eclipseprojekt仍然使用Java6。然而,我正在使用的服务器已经使用了Java7。使用Java 7运行上述代码对这两个代码段都有效。:)
糟糕的是,异常没有给出任何关于这方面的信息,它花费了我几个小时的生命://请发布完整的堆栈跟踪。
factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);