使用Jersey Client忽略自签名的ssl证书 [英] Ignore self-signed ssl cert using Jersey Client
问题描述
我正在使用Jersey客户端库对运行在jboss上的休息服务运行测试。
我使用自签名证书在服务器上运行https(在localhost上运行)。
I'm using the Jersey Client library to run tests against a rest service running on jboss. I have https set up fine on the server (running on localhost), using a self signed cert.
但是每当我使用https网址运行测试时,我都会收到以下错误:
However whenever I run my tests with the https url I get the following error:
com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:131)
at com.sun.jersey.api.client.Client.handle(Client.java:629)
at com.sun.jersey.oauth.client.OAuthClientFilter.handle(OAuthClientFilter.java:137)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:601)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:459)
at test.helper.Helper.sendSignedRequest(Helper.java:174)
... And so on
我知道这是因为我的自签名证书不在java密钥库中。有没有什么办法可以让客户不检查ssl证书的有效性而只是使用它?
I know this is because my self signed cert is not in the java keystore. Is there any way I can make the Client not check the validity of the ssl cert and just use it regardless?
此代码只会针对测试服务器运行,所以每次我们设置新的测试服务器时,我都不想麻烦地添加新的可信证书。
This code will only ever be run against test servers so I don't want to go to the hassle of adding new trusted certs each time we set up a new test server.
以下是拨打电话的代码:
Here's the code which is making the call:
OAuthParameters params = new OAuthParameters();
// baseline OAuth parameters for access to resource
params.signatureMethod(props.getProperty("signature_method"));
params.consumerKey(props.getProperty("consumer_key"));
params.setToken(props.getProperty("token"));
params.setVersion("1.0");
params.nonce();
// OAuth secrets to access resource
OAuthSecrets secrets = new OAuthSecrets();
secrets.consumerSecret(props.getProperty("consumer_secret"));
secrets.setTokenSecret(props.getProperty("token_secret"));
// Jersey client to make REST calls to token services
Client client = Client.create();
// OAuth test server resource
WebResource resource = client.resource(props.getProperty("url"));
// if parameters and secrets remain static, filter cab be added to each web resource
OAuthClientFilter filter = new OAuthClientFilter(client.getProviders(), params, secrets);
// filter added at the web resource level
resource.addFilter(filter);
WebResource.Builder wbr = resource.getRequestBuilder().accept(props.getProperty("accept"));
return wbr.get(ClientResponse.class);
我们非常感谢任何帮助。
Any help would be greatly appreciated.
推荐答案
经过一些旧的stackoverflow问题的搜索和搜索后,我在之前提出的SO问题中找到了解决方案:
After some searching and trawling through some old stackoverflow questions I've found a solution in a previously asked SO question:
- 问题:基于HTTPS / SSL的Java客户端证书
- 通过HTTPS回答 Java客户端证书/ SSL
- Question: Java client certificates over HTTPS/SSL
- Answer Java client certificates over HTTPS/SSL
以下是我最终使用的代码。
Here's the code that I ended up using.
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager(){
public X509Certificate[] getAcceptedIssuers(){return null;}
public void checkClientTrusted(X509Certificate[] certs, String authType){}
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
;
}
这篇关于使用Jersey Client忽略自签名的ssl证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
