在java中,如何在不担心安全证书的情况下连接到https站点 [英] In java how can I connect to https sites without worrying about security certificates
问题描述
当我尝试连接到https网站时,如下所示:
When I try to connect to https website like follows:
StringBuilder sb = new StringBuilder();
URL oracle = new URL("https://company.com");
URLConnection yc = oracle.openConnection();
BufferedReader in = new BufferedReader(new InputStreamReader(yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
sb.append(inputLine);
in.close();
return sb.toString();
我得到
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
如果我使用 http://company.com 而不是它有效,但我想使用https一个,因为这是他们所说的使用,我认为可以删除非安全的。
If I use the http://company.com instead it works but I want to use the https one because that is what they say to use and I think the non secure one may be removed.
然而,当我看到类似的答案时,它谈到了复制证书从我的浏览器ectera。我需要一个解决方案,适用于在任何计算机上运行代码的任何人,而无需做任何特殊的事情。
However when i have looked at similar answers about this it talks about copying certificates from my browser ectera. I need a solution that will work for anyone running the code on any computer without having to do anything special.
我不担心这个项目的SSL的安全优势我只想连接到wenbsite。
Im not concerned about the security advantages of SSL for this project I just want to be able to connect to the wenbsite.
推荐答案
看来你已经被警告过了这个方法,所以我会坚持回答你的问题。我能够在我的机器上重现这个问题,虽然我不明白为什么:我的浏览器毫不费力地接受了网站的证书。
It seems you've already been warned against the approach, so I'll stick to answering your question. I was able to reproduce the problem on my machine, although I can't tell why: My browser accepts the site's certificate without a hitch.
我试过扩展你的代码使它工作,但很快发现自己弄乱了 SSLContext ,各种加密提供程序和服务提供程序接口。我没有设法完成这种方法,并且实际上不建议采用这种方式,因为它会更改JVM的全局安全设置,并且可能会产生不可预测的后果,具体取决于它正在做什么。
I've tried expanding on your code to make it work, but soon found myself messing with SSLContext, various crypto-providers and service provider interfaces. I didn't manage to complete this approach, and wouldn't actually recommend going that way, as it changes the global security settings of your JVM and may have unpredictable consequences depending on what else it's doing.
相反,我建议你看一下 Apache HttpComponents库,它允许更精细的连接安全设置控制。
Instead I suggest you take a look at the Apache HttpComponents library, which allows for more fine-grained control of the connection's security settings.
以下将禁用所创建的 HttpClient 实例的所有证书验证:
The following will disable all certificate validation for the created HttpClient instance:
TrustStrategy veryNaive = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
};
SSLContext sslcontext = SSLContexts.custom()
.loadTrustMaterial(veryNaive)
.build();
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(new SSLConnectionSocketFactory(sslcontext))
.build();
try {
HttpGet httpget = new HttpGet("https://company.com");
try (CloseableHttpResponse response = httpclient.execute(httpget);) {
HttpEntity entity = response.getEntity();
System.out.println(EntityUtils.toString(entity));
EntityUtils.consume(entity);
}
} finally {
httpclient.close();
}
更改 SSLContext 到 SSLContexts.createSystemDefault(); 重新引入问题,只是为了证明它也存在于Apache库中。
Changing the SSLContext to SSLContexts.createSystemDefault(); re-introduces the problem, just to demonstrate that it's also present for the Apache library.
这篇关于在java中,如何在不担心安全证书的情况下连接到https站点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
