可以进行httpS连接而无需证书验证的kotlin库(例如curl --insecure) [英] kotlin library that can do httpS connection without certificate verification (like curl --insecure)
问题描述
我需要抓取已过期/自签名证书的公司内部网站.没有人会为该主机配置有效的证书,因此我必须使用不安全的连接.
I need to crawl internal company site that has expired/self-signed certificate. Noone is ever going to configure valid certificate for that host, so I have to use insecure connection.
curl为此具有--insecure标志,
Scala Finagle库具有.tlsWithoutValidation()模式.
Scala finagle library has .tlsWithoutValidation() mode.
问题:是否有一个具有类似选项的Kotlin库?
QUESTION: Is there a Kotlin library that has similar option?
UPD :到目前为止,我正在使用燃料,并找到了可行的解决方法此处,但仍在寻找更好的方法方式.
UPD: so far I am using Fuel with the javish workaround found here but still searching for better ways..
fun useInsecureSSL() {
// Create a trust manager that does not validate certificate chains
val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager {
override fun getAcceptedIssuers(): Array<X509Certificate>? = null
override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) = Unit
override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) = Unit
})
val sc = SSLContext.getInstance("SSL")
sc.init(null, trustAllCerts, java.security.SecureRandom())
HttpsURLConnection.setDefaultSSLSocketFactory(sc.socketFactory)
// Create all-trusting host name verifier
val allHostsValid = HostnameVerifier { _, _ -> true }
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid)
}
上述解决方法有效,但是它太冗长,似乎为我的应用程序建立的每个连接设置了不安全的模式,而不仅是针对特定的连接.
The above workaround works however it is too verbose and seems to set insecure mode for every connection made by my app, not only for the particular one.
推荐答案
Fuel允许您通过FuelManager类创建自己的Fuel客户端实例.管理器允许您设置自己的HostnameVerifier和SSLSocketFactory,然后使用配置的客户端创建一个客户端.参见 https://github.com/kittinunf/Fuel/blob/1.16.0/fuel/src/main/kotlin/com/github/kittinunf/fuel/core/FuelManager.kt#L31-L43
Fuel allows you to create your own instance of the Fuel client through the FuelManager class. The manager lets you can set your own HostnameVerifier and SSLSocketFactory and then creates a client with those configured. See https://github.com/kittinunf/Fuel/blob/1.16.0/fuel/src/main/kotlin/com/github/kittinunf/fuel/core/FuelManager.kt#L31-L43
val manager : FuelManager = FuelManager().apply {
val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager {
override fun getAcceptedIssuers(): Array<X509Certificate>? = null
override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) = Unit
override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) = Unit
})
socketFactory = SSLContext.getInstance("SSL").apply {
init(null, trustAllCerts, java.security.SecureRandom())
}.socketFactory
hostnameVerifier = HostnameVerifier { _, _ -> true }
}
然后检查仅通过此自定义FuelManager进行的连接是不受信任的,并且不信任的连接是不可信的,我们执行以下操作:
Then to check that only connections that goes through this custom FuelManager is untrusted and connections that don't are trusted, we do this:
val (_, untrustedResp, untrustedResult) = manager.request(Method.GET, "https://internal/company/site").response()
assert(untrustedResp.statusCode == 200)
val (bytes, _) = untrustedResult
assert(bytes != null)
val (_, trustedResp, trustedResult) = "https://internal/company/site".httpGet().response()
assert(trustedResp.statusCode != 200)
val (bytes, error) = trustedResult
assert(bytes == null)
println(error) // javax.net.ssl.SSLHandshakeException: PKIX path building failed: ...
自定义FuelManager之所以能够成功发出请求,是因为它信任所有证书,但是对于未使用自定义管理器的连接,我们可以看到它返回了javax.net.ssl.SSLHandshakeException.
The custom FuelManager was able to make the request successfully because it trusts all certs but for the connection that didn't use the custom manager, we can see that it returns with javax.net.ssl.SSLHandshakeException.
这篇关于可以进行httpS连接而无需证书验证的kotlin库(例如curl --insecure)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
