使用HTTPS进行基本身份验 [英] Basic authentication with HTTPS
问题描述
我目前正在尝试使用HTTP和HTTPS访问网址。我尝试访问的URL需要基本身份验证。使用HTTP它工作正常,但使用HTTPS却没有。我不确定是否需要使用HTTPS添加不同的内容。该URL应该返回给我的文本,该文本是键值格式,我可以加载到属性对象中。
I'm currently trying to access a URL with both HTTP and HTTPS. The URL that I'm trying to access requires basic authentication. With HTTP it works fine, but with HTTPS it doesn't. I'm not sure if there's anything I need to add differently with HTTPS. The URL is supposed to return to me text that is in key value format that I can load into a Properties Object.
这是我到目前为止尝试的代码。
Here is the code I have tried so far.
if (cpUrl.getProtocol().equals("https")) {
out.println("https", 0);
HttpsURLConnection connection = (HttpsURLConnection) cpUrl.openConnection();
TrustManager[] trustAllCerts = new TrustManager[] { new BusinessIntelligenceX509TrustManager() };
SSLContext sc;
try {
sc = SSLContext.getInstance("SSL");
}
catch (NoSuchAlgorithmException noSuchAlgorithmException) {
return;
}
HostnameVerifier hv = new BusinessIntelligenceHostnameVerifier();
try {
sc.init(null, trustAllCerts, new java.security.SecureRandom());
}
catch (KeyManagementException keyManagementException) {
return;
}
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
connection.setDoInput(true);
connection.setRequestProperty("Authorization", "Basic " + encode);
connection.setRequestMethod("POST");
connection.connect();
stream = connection.getInputStream();
Properties properties = new Properties();
properties.load(stream);
}
以下是证书类
//HTTPS CERTIFICATE CLASSES
class BusinessIntelligenceHostnameVerifier implements HostnameVerifier {
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
}
class BusinessIntelligenceX509TrustManager implements X509TrustManager {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
// no-op
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
// no-op
}
}
删除所有证书代码(以及证书代码)时的错误消息:
The error message when I remove all the certificate code (as well as with the certificate code):
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
at com.tecsys.bi.install.BiInstall2ControlPanelPromptsProcessor.run(BiInstall2ControlPanelPromptsProcessor.java:117)
at java.lang.Thread.run(Thread.java:595)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 17 more
推荐答案
问题似乎是在 SSLContext 和 InputStream 读取连接内容之前发生SSL / TLS握手。
The problem appears to be with the fact that the connection is opened, before the SSLContext and HostNameVerifier instances are changed for the connection. This is not possible, for the SSL/TLS handshake occurs even before the contents of the connection are read from an InputStream.
换句话说,以下行
HttpsURLConnection connection = (HttpsURLConnection) cpUrl.openConnection();
只能在 SSLContext 之后执行 HostNameVerifier s实例已使用 HttpsURLConnection 类注册。
ought to execute only after the SSLContext and HostNameVerifiers instances have been registered with the HttpsURLConnection class.
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
修复此序列应该解决问题,现在使用新参数进行握手。
Fixing this sequence, ought to fix the problem, for the handshake will now occur using the new parameters.
这篇关于使用HTTPS进行基本身份验的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
