允许Java使用不受信任的证书进行SSL / HTTPS连接 [英] Allowing Java to use an untrusted certificate for SSL/HTTPS connection
问题描述
我一直致力于从动态Web应用程序中提取信息的程序,该程序运行正常,直到我将我的tomcat服务器设置为使用自签名(因此不受信任)的证书来使用SSL。错误的堆栈跟踪是:
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
错误:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException :无法在com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
com.sun.net.ssl找到请求目标
的有效证书路径。 internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun。 net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
at com.sun.net.ssl.internal.ssl.ClientHandshak er.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl。 internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
at com.sun。 net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1116)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1100)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:857)
在sun.net.www.protocol.https.HttpsU RLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.certicom.gls.glscs.nongui.URLReader $ PostURL.setupURL(URLReader.java:34)
at com.certicom.gls.glscs。 nongui.URLReader.getLogin(URLReader.java:227)
at com.certicom.gls.glscs.nongui.URLReader.testLogin(URLReader.java:436)
at com.certicom.gls.glscs。 nongui.Controller.loginMenu(Controller.java:384)
at com.certicom.gls.glscs.nongui.Controller.menu(Controller.java:324)
at com.certicom.gls.glscs。 nongui.Controller。< init>(Controller.java:49)
at com.certicom.gls.glscs.nongui.Controller.main(Controller.java:61)
在Web浏览器中,当访问具有不受信任证书的HTTPS站点时,系统会提示用户发出警告,并且如果他喜欢,则要求用户例外继续;我想为我的命令行应用程序实现类似的功能......我承认我是socket编程和网络的新手;任何解决这个问题的建议都会很棒!
这里是一些相关的代码:
//创建一个不验证证书链的信任管理器
TrustManager [] trustAllCerts = new TrustManager [] {
new X509TrustManager(){
public java.security.cert.X509Certificate [] getAcceptedIssuers(){
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate [] certs,String authType){
}
public void checkServerTrusted(
java .security.cert.X509Certificate [] certs,String authType){
}
}
};
//安装所有信任的信任管理器
try {
SSLContext sc = SSLContext.getInstance(SSL);
sc.init(null,trustAllCerts,new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch(例外e){
}
//现在你可以在信任库中没有证书的情况下访问https URL
try {
网址url =新网址(https://hostname/index.html);
} catch(MalformedURLException e){
}
这将完全禁用SSL check-just不要从这些代码中学习异常处理!
要做你想做的事,你必须在你的TrustManager中实现一个提示用户的检查。 / p>
I've been working on a program to extract information from a dynamic web application, and the program worked fine until I set my tomcat server to use SSL using a self-signed(thus, untrusted) certificate. The stack trace of the error is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1116)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1100)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:857)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.certicom.gls.glscs.nongui.URLReader$PostURL.setupURL(URLReader.java:34)
at com.certicom.gls.glscs.nongui.URLReader.getLogin(URLReader.java:227)
at com.certicom.gls.glscs.nongui.URLReader.testLogin(URLReader.java:436)
at com.certicom.gls.glscs.nongui.Controller.loginMenu(Controller.java:384)
at com.certicom.gls.glscs.nongui.Controller.menu(Controller.java:324)
at com.certicom.gls.glscs.nongui.Controller.<init>(Controller.java:49)
at com.certicom.gls.glscs.nongui.Controller.main(Controller.java:61)
In a web browser, the user is prompted a warning when accessing a HTTPS site with an untrusted certificate, and asked to make an exception if he likes to proceed; I would like to implement a similar functionality for my command-line application... I admit that I am new to socket programming and networking in general; any advice solving this problem will be great!
Here is some relevant code:
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
// Now you can access an https URL without having the certificate in the truststore
try {
URL url = new URL("https://hostname/index.html");
} catch (MalformedURLException e) {
}
This will completely disable SSL checking—just don't learn exception handling from such code!
To do what you want, you would have to implement a check in your TrustManager that prompts the user.
这篇关于允许Java使用不受信任的证书进行SSL / HTTPS连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!