Java 忽略AsyncClientHttp2多路复用中的自签名证书
我正在尝试使用单个客户端端点创建多个异步HTTP连接,我已经尝试了中给出的多路复用示例 代码片段如下所示Java 忽略AsyncClientHttp2多路复用中的自签名证书,java,self-signed,apache-httpcomponents,apache-httpasyncclient,apache-httpclient-5.x,Java,Self Signed,Apache Httpcomponents,Apache Httpasyncclient,Apache Httpclient 5.x,我正在尝试使用单个客户端端点创建多个异步HTTP连接,我已经尝试了中给出的多路复用示例 代码片段如下所示 final IOReactorConfig ioReactorConfig = IOReactorConfig.custom() .setSoTimeout(Timeout.ofSeconds(5)) .build(); final MinimalHttpAsyncClient client = HttpAsyncClients.cr
final IOReactorConfig ioReactorConfig = IOReactorConfig.custom()
.setSoTimeout(Timeout.ofSeconds(5))
.build();
final MinimalHttpAsyncClient client = HttpAsyncClients.createMinimal(
HttpVersionPolicy.FORCE_HTTP_2, H2Config.DEFAULT, null, ioReactorConfig);
client.start();
final HttpHost target = new HttpHost("localhost", 7070, "https");
final Future<AsyncClientEndpoint> leaseFuture = client.lease(target, null);
final AsyncClientEndpoint endpoint = leaseFuture.get(30, TimeUnit.SECONDS);
try {
final String[] requestUris = new String[] {"/test.html"};
final CountDownLatch latch = new CountDownLatch(requestUris.length);
for (final String requestUri: requestUris) {
final SimpleHttpRequest request = SimpleHttpRequest.get(target, requestUri);
endpoint.execute(
SimpleRequestProducer.create(request),
SimpleResponseConsumer.create(),
new FutureCallback<SimpleHttpResponse>() {
@Override
public void completed(final SimpleHttpResponse response) {
latch.countDown();
System.out.println(requestUri + "->" + response.getCode());
System.out.println(response.getBody());
}
@Override
public void failed(final Exception ex) {
latch.countDown();
System.out.println(requestUri + "->" + ex);
}
@Override
public void cancelled() {
latch.countDown();
System.out.println(requestUri + " cancelled");
}
});
}
latch.await();
} finally {
endpoint.releaseAndReuse();
}
System.out.println("Shutting down");
client.shutdown(ShutdownType.GRACEFUL);
final IOReactorConfig IOReactorConfig=IOReactorConfig.custom()
.setSoTimeout(超时秒数(5))
.build();
最终最小HttpAsyncClient客户端=HttpAsyncClient.createMinimal(
HttpVersionPolicy.FORCE_HTTP_2,H2Config.DEFAULT,null,ioReactorConfig);
client.start();
最终HttpHost目标=新HttpHost(“localhost”,7070,“https”);
最终未来租赁未来=client.lease(target,null);
最终AsyncClientEndpoint端点=leaseFuture.get(30,TimeUnit.SECONDS);
试一试{
最终字符串[]requestUris=新字符串[]{“/test.html”};
最终倒计时闩锁=新倒计时闩锁(requestUris.length);
for(最终字符串requestUri:requestUris){
最终SimpleHttpRequest请求=SimpleHttpRequest.get(目标,请求URI);
endpoint.execute(
SimpleRequestProducer.create(请求),
SimpleResponseConsumer.create(),
新未来回调(){
@凌驾
公共作废已完成(最终SimpleHttpResponse响应){
倒计时();
System.out.println(requestUri+“->”+response.getCode());
System.out.println(response.getBody());
}
@凌驾
公共作废失败(最终例外情况除外){
倒计时();
System.out.println(requestUri+“->”+ex);
}
@凌驾
公众假期取消(){
倒计时();
System.out.println(requestUri+“已取消”);
}
});
}
satch.wait();
}最后{
endpoint.releaseAndReuse();
}
System.out.println(“关闭”);
client.shutdown(ShutdownType.优雅);
此示例适用于具有有效证书的站点,但如果我想尝试证书已过期/自签名的站点,它会抛出以下异常
javax.net.ssl.SSLHandshakeException:General SSLEngine问题javax.net.ssl.SSLHandshakeException:General SSLEngine问题
sun.security.ssl.Handshaker.checkhorn(Handshaker.java:1478)位于
sun.security.ssl.SSLEngineImpl.checktaskshorn(SSLEngineImpl.java:535)
在
sun.security.ssl.SSLEngineImpl.WriteApprocord(SSLEngineImpl.java:1214)
位于sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)
javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)位于
org.apache.hc.core5.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:256)
在
org.apache.hc.core5.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:294)
在
org.apache.hc.core5.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:502)
在
org.apache.hc.core5.reactor.InternalDataChannel.onIOEvent(InternalDataChannel.java:112)
在
org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:50)
在
org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:173)
在
org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:123)
在
org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:80)
在
org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)
在java.lang.Thread.run(Thread.java:748)处,由以下原因引起:
javax.net.ssl.SSLHandshakeException:在
位于的sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)位于
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)位于
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)位于
server证书(ClientHandshaker.java:1514)
在
processMessage(ClientHandshaker.java:216)
位于sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
sun.security.ssl.Handshaker$1.run(Handshaker.java:966)在
sun.security.ssl.Handshaker$1.run(Handshaker.java:963)在
java.security.AccessController.doPrivileged(本机方法)位于
sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)
在
org.apache.hc.core5.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:274)
在
org.apache.hc.core5.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:331)
... 8其他原因:sun.security.validator.validator异常:PKIX
路径生成失败:
sun.security.provider.certpath.SunCertPathBuilderException:无法
在上找到请求目标的有效证书路径
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
在
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
位于sun.security.validator.validator.validate(validator.java:260)
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
在
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
在
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
在
server证书(ClientHandshaker.java:1501)
... 又有16人因以下原因而受伤:
sun.security.provider.certpath.SunCertPathBuilderException:无法
在上找到请求目标的有效证书路径
SunCertPathBuilder.build(SunCertPathBuilder.java:141)
在
sun.security.provider.certpath.SunCertPathBuilder.engineBuil
SSLContext sslContext = SSLContextBuilder
.create()
.loadTrustMaterial(new TrustSelfSignedStrategy())
.build();
// we can optionally disable hostname verification.
// if you don't want to further weaken the security, you don't have to include this.
HostnameVerifier allowAllHosts = new NoopHostnameVerifier();
// create an SSL Socket Factory to use the SSLContext with the trust self signed certificate strategy
// and allow all hosts verifier.
SSLConnectionSocketFactory connectionFactory = new SSLConnectionSocketFactory(sslContext, allowAllHosts);
Registry<ConnectionSocketFactory> r = RegistryBuilder.<ConnectionSocketFactory>create().register("https", connectionFactory).build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(r);
CloseableHttpClient build = HttpClients.custom().setConnectionManager(cm).build();
final SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(new TrustAllStrategy())
.build();
final PoolingAsyncClientConnectionManager connectionManager = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(new H2TlsStrategy(sslContext, NoopHostnameVerifier.INSTANCE))
.build();
final MinimalHttpAsyncClient client = HttpAsyncClients.createMinimal(
HttpVersionPolicy.FORCE_HTTP_2,
H2Config.DEFAULT,
null,
ioReactorConfig,
connectionManager);
final MinimalHttp2AsyncClient h2ClientMinimal = HttpAsyncClients.createHttp2Minimal(
H2Config.DEFAULT,
ioReactorConfig,
new H2TlsStrategy(sslContext, NoopHostnameVerifier.INSTANCE));
final HttpAsyncClient h2Client = HttpAsyncClients.customHttp2()
.setIOReactorConfig(ioReactorConfig)
.setTlsStrategy(new H2TlsStrategy(sslContext, NoopHostnameVerifier.INSTANCE))
.build();