JAX-WS,信任所有ssl证书不工作
是的,我知道,我不应该信任所有的ssl证书。但是,由于有一个VPN隧道,并且根据登台阶段的不同,需要请求不同的服务器(具有不同的SSL证书),因此我更喜欢忽略服务器SSL证书的方法 我遵循如下建议:JAX-WS,信任所有ssl证书不工作,ssl,certificate,jax-ws,ignore,Ssl,Certificate,Jax Ws,Ignore,是的,我知道,我不应该信任所有的ssl证书。但是,由于有一个VPN隧道,并且根据登台阶段的不同,需要请求不同的服务器(具有不同的SSL证书),因此我更喜欢忽略服务器SSL证书的方法 我遵循如下建议: 相关的代码snippest看起来很像(来自“erikwramner”的想法) 对我来说,这表明已咨询默认的sun.security.ssl.X509TrustManagerImpl。通过调试,我看到我的SocketFactory/TrustManager至少在org.apache.cxf
克莱门斯您正在使用CXF。您可以使用
client.getconductor().SettlesClientParameters()如果重要:jdk 1.8(92)cxf 3.0.1如何设置TrustManager?请添加刚刚添加的相关代码段您正在使用CXF。您可以使用
client.getconductor().setTlsClientParameters()final BindingProvider bp = (BindingProvider) tmpSoapService;
final Map<String, Object> requestContext = bp.getRequestContext();
requestContext.put( BindingProvider.ENDPOINT_ADDRESS_PROPERTY, serviceUrl );
requestContext.put( BindingProvider.USERNAME_PROPERTY, username );
requestContext.put( BindingProvider.PASSWORD_PROPERTY, ntlmPassword );
requestContext.put( com.sun.xml.internal.ws.developer.JAXWSProperties.SSL_SOCKET_FACTORY, getTrustingSSLSocketFactory());
requestContext.put( com.sun.xml.internal.ws.developer.JAXWSProperties.HOSTNAME_VERIFIER, new NaiveHostnameVerifier() );
...
public static SSLSocketFactory getTrustingSSLSocketFactory ()
{
return SSLSocketFactoryHolder.INSTANCE;
}
private static SSLSocketFactory createSSLSocketFactory ()
{
TrustManager[] trustManagers = new TrustManager[] { new NaiveTrustManager() };
SSLContext sslContext;
try
{
sslContext = SSLContext.getInstance( "SSL" );
sslContext.init( null, trustManagers, new java.security.SecureRandom() );
return sslContext.getSocketFactory();
}
catch ( GeneralSecurityException e )
{
return null;
}
}
private static interface SSLSocketFactoryHolder
{
public static final SSLSocketFactory INSTANCE = createSSLSocketFactory();
}
private static class NaiveHostnameVerifier implements HostnameVerifier
{
@Override
public boolean verify ( String hostName, SSLSession session )
{
return true;
}
}
private static class NaiveTrustManager implements X509TrustManager
{
@Override
public void checkClientTrusted ( X509Certificate[] certs, String authType ) throws CertificateException
{
}
@Override
public void checkServerTrusted ( X509Certificate[] certs, String authType ) throws CertificateException
{
}
@Override
public X509Certificate[] getAcceptedIssuers ()
{
return new X509Certificate[0];
}
}
org.apache.cxf.interceptor.Fault: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[na:1.8.0_92]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_92]
at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_92]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_92]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[na:1.8.0_92]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_92]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[na:1.8.0_92]
Client client = ClientProxy.getClient(service);
HTTPConduit conduit = client.getHttpConduit();
TLSClientParameters params = conduit.getTlsClientParameters();
if (params == null) {
params = new TLSClientParameters();
conduit.setTlsClientParameters(params);
}
params.setTrustManagers( new TrustManager[] { new NaiveTrustManager() });
params.setDisableCNCheck(true);