使用MATLAB的urlread命令处理无效的安全证书 [英] Handling an invalid security certificate using MATLAB's urlread command

问题描述

我正在使用MATLAB的 访问内部数据库urlread 命令，一切正常，直到服务被移动到安全服务器（即使用HTTPS地址而不是HTTP地址）。现在 urlread 不再成功检索结果。它给出了一个错误：

I'm accessing an internal database using MATLAB's urlread command, everything was working fine until the service was moved to a secure server (i.e. with an HTTPS address rather than an HTTP address). Now urlread no longer successfully retrieves results. It gives an error:

下载URL时出错。您的网络连接可能已关闭或您的代理设置配置不正确。

Error downloading URL. Your network connection may be down or your proxy settings improperly configured.

我认为问题是该服务使用的是无效的数字证书因为如果我尝试直接在Web浏览器中访问资源，我会收到不受信任的连接警告，我可以通过将该站点添加到例外列表来传递该警告。 urlread 没有明显的方法来解决这个问题。

I believe the problem is that the service is using an invalid digital certificate since if I try to access the resource directly in a web browser I get "untrusted connection" warning which I am able to pass through by adding the site to an Exception list. urlread doesn't have an obvious way of handling this problem.

引擎盖 urlread 正在使用Java访问Web资源，并在此行引发错误：

Under the hood urlread is using Java to access web resources, and the error is thrown at this line:

inputStream = urlConnection.getInputStream;

其中 urlConnection 是一个Java对象： sun.net.www.protocol.https.HttpsURLConnectionImpl 。

where urlConnection is a Java object: sun.net.www.protocol.https.HttpsURLConnectionImpl.

有人建议解决此问题的方法吗？

Anyone suggest a workaround for this problem?

推荐答案

考虑以下Java类。我使用此页面作为参考：

Consider the following Java class. I used this page as reference:

在HTTPS连接中禁用证书验证

C：\\ \\ MATLAB\MyJavaClasses\com\stackoverflow\Downloader.java

C:\MATLAB\MyJavaClasses\com\stackoverflow\Downloader.java

package com.stackoverflow;

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.net.ssl.HostnameVerifier;

public class Downloader {
    public static String getData(String address) throws Exception {
        // Create a trust manager that does not validate certificate chains
        TrustManager[] trustAllCerts = new TrustManager[] {
            new X509TrustManager() {
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                }
                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                }
            }
        };

        // Create a host name verifier that always passes
        HostnameVerifier allHostsValid = new HostnameVerifier() {
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        };

        // Install the all-trusting trust manager
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

        // Install the all-trusting host verifier
        HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);

        // open connection
        URL page = new URL(address);
        HttpURLConnection conn = (HttpURLConnection) page.openConnection();
        BufferedReader buff = new BufferedReader(new InputStreamReader(conn.getInputStream()));

        // read text
        String line;
        StringBuffer text = new StringBuffer();
        while ( (line = buff.readLine()) != null ) {
            //System.out.println(line);
            text.append(line + "\n");
        }
        buff.close();

        return text.toString();
    }

    public static void main(String[] argv) throws Exception {
        String str = getData("https://expired.badssl.com/");
        System.out.println(str);
    }
}

MATLAB

首先我们编译Java类（我们必须使用与MATLAB兼容的JDK版本）：

MATLAB

First we compile the Java class (we must use a JDK version compatible with MATLAB):

>> version -java
>> system('javac C:\MATLAB\MyJavaClasses\com\stackoverflow\Downloader.java');

接下来我们实例化并使用MATLAB作为：

Next we instantiate and use it MATLAB as:

javaaddpath('C:\MATLAB\MyJavaClasses')
dl = com.stackoverflow.Downloader;
str = char(dl.getData('https://expired.badssl.com/'));
web(['text://' str], '-new')

以下是一些要测试错误SSL证书的网址：

Here are a few URLs with bad SSL certificates to test:

urls = {
    'https://expired.badssl.com/'       % expired
    'https://wrong.host.badssl.com/'    % wrong host
    'https://self-signed.badssl.com/'   % self-signed
    'https://revoked.grc.com/'          % revoked
};

---

更新：我应该提一下，从R2014b开始，MATLAB有一个新功能 webread 取代 urlread 。

---

UPDATE: I should mention that starting with R2014b, MATLAB has a new function webread that supersedes urlread.

这篇关于使用MATLAB的urlread命令处理无效的安全证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！