信任Java Playframework 2.2中的所有SSL证书 [英] Trust all SSL certificates in Java Playframework 2.2
问题描述
我正在尝试在Play Framework中调用Web服务(具有自签名SSL证书)
使用以下函数:
public static play.libs.F.Promise< Result> webcall(){
String feedUrl =https://10.0.1.1/client/api;
final play.libs.F.Promise< Result> resultPromise = WS.url(feedUrl).get()。map(
new Function< WS.Response,Result>(){
public Result apply(WS.Response response){
return ok(Feed title:+ response.asJson()。findPath(title)。toString());
}
}
);
return resultPromise;
}
它在日志中抛出以下错误,
[error] play - 无法调用该操作,最终出现错误:java.net.ConnectException:一般SSLEngine问题到https://10.0.1.1/ client / api
[错误]申请 -
! @ 6fpimpnp6 - 内部服务器错误,对于(GET)[/ webcall] - >
play.api.Application $$ anon $ 1:执行异常[[ConnectException:一般SSLEngine问题到https://10.0.1.1/client/api]]
at play.api。应用$ class.handleError(Application.scala:293)〜[play_2.10.jar:2.2.0]
at play.api.DefaultApplication.handleError(Application.scala:399)[play_2.10.jar: 2.2.0]
at play.core.server.netty.PlayDefaultUpstreamHandler $$ anonfun $ 2 $$ anonfun $ applyOrElse $ 3.apply(PlayDefaultUpstreamHandler.scala:261)[play_2.10.jar:2.2.0]
at play.core.server.netty.PlayDefaultUpstreamHandler $$ anonfun $ 2 $$ anonfun $ applyOrElse $ 3.apply(PlayDefaultUpstreamHandler.scala:261)[play_2.10.jar:2.2.0]
at scala.Option .map(Option.scala:145)[scala-library.jar:na]
at play.core.server.netty.PlayDefaultUpstreamHandler $$ anonfun $ 2.applyOrElse(PlayDefaultUpstreamHandler.scala:261)[play_2.10。 jar:2.2.0]
java.net.ConnectException:com.ning.http.client.provid上的https://10.0.1.1/client/api
的常规SSLEngine问题ers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:103)〜[async-http-client.jar:na]
org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427)~ [netty.jar:na]
org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:413)〜[netty.jar:na]
org.jboss.netty.channel .DefaultChannelFuture.setFailure(DefaultChannelFuture.java:380)〜[netty.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1417)〜[netty.jar: na]
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1293)〜[netty.jar:na]
引起:javax.net.ssl.SSLHandshakeException:一般的SSLEngine问题
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362)〜[na:1.7.0_40]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java :513)〜[na:1.7.0_40]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineI) mpl.java:790)~ [na:1.7.0_40]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)~ [na:1.7.0_40]
at javax。 net.ssl.SSLEngine.unwrap(SSLEngine.java:624)〜[na:1.7.0_40]
org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1225)~ [netty .jar:na]
引起:javax.net.ssl.SSLHandshakeException:一般SSLEngine问题
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)~ [na:1.7。 0_40]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1683)〜[na:1.7.0_40]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java: 278)〜[na:1.7.0_40]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)〜[na:1.7.0_40]
at sun.security.ssl。在sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)〜[na:1.7.0_40] $ b $的ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)~ [na:1.7.0_40]
b引起:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)〜[na:1.7.0_40]找到请求目标
的有效证书路径
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)〜[na:1.7.0_40]
at sun.security.validator.Validator.validate(Validator.java:260) 〜[na:1.7.0_40]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)〜[na:1.7.0_40]
at sun.security.ssl.X509TrustManagerImpl。 checkTrusted(X509TrustManagerImpl.java:283)〜[na:1.7.0_40]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138)~ [na:1.7.0_40]
引起by:sun.security.provider.certpath.SunCertPathBuilderException:无法在sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)〜[na:1.7中找到请求目标
的有效证书路径。 0_40]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)〜[na:1.7.0_40]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)~ [na:1.7.0_40]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)〜[na:1.7.0_40]
at sun.security.validator.Validator.validate (Validator.java:260)〜[na:1.7.0_40]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)~ [na:1.7.0_40]
如果我使用HttpsURLConnection调用该服务,则可通过添加
<$ p来正常工作$ p>
TrustManager [] trustAllcerts = new TrustManager [] {
new X509TrustManager(){
@Override
public X509Certificate [] getAcceptedIssuers(){
// TODO自动生成的方法stub
返回null;
}
@Override
public void checkServerTrusted(X509Certificate [] chain,String authType)
throws CertificateException {
// TODO自动生成的方法存根
}
@Override
public void checkClientTrusted(X509Certificate [] chain,String authType)
throws CertificateException {
// TODO Auto生成方法存根
}
}};
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance(SSL);
sc.init(null,trustAllcerts,new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier allHostsValid = new HostnameVerifier(){
@Override
public boolean verify(String arg0,SSLSession arg1){
// TODO自动生成的方法stub
返回false;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
如何信任所有自签名 / 不信任 Play框架中的ssl证书?
尝试将以下代码添加到 conf / application.conf
file
ws.acceptAnyCertificate = true
如果您使用 Promise
类,这将有效。但是,如果您通过其他HttpClients调用该服务,则无效。
更新:从Play Framework 2.5开始,您应该使用以下内容 -
play.ws.ssl.loose.acceptAnyCertificate = true
您可以在开发环境中执行此操作,但您绝不应该在生产环境中执行此操作,因为它可以证明是一种安全威胁。在生产中,而是在密钥库中安装客户端的证书。
I am trying to call a web-service(Which has self signed SSL certificate) in Play Framework Using the following function:
public static play.libs.F.Promise<Result> webcall() {
String feedUrl = "https://10.0.1.1/client/api";
final play.libs.F.Promise<Result> resultPromise = WS.url(feedUrl).get().map(
new Function<WS.Response, Result>() {
public Result apply(WS.Response response) {
return ok("Feed title:" + response.asJson().findPath("title").toString());
}
}
);
return resultPromise;
}
It is throwing the following Error in Logs,
[error] play - Cannot invoke the action, eventually got an error: java.net.ConnectException: General SSLEngine problem to https://10.0.1.1/client/api
[error] application -
! @6fpimpnp6 - Internal server error, for (GET) [/webcall] ->
play.api.Application$$anon$1: Execution exception[[ConnectException: General SSLEngine problem to https://10.0.1.1/client/api]]
at play.api.Application$class.handleError(Application.scala:293) ~[play_2.10.jar:2.2.0]
at play.api.DefaultApplication.handleError(Application.scala:399) [play_2.10.jar:2.2.0]
at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2$$anonfun$applyOrElse$3.apply(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2$$anonfun$applyOrElse$3.apply(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
at scala.Option.map(Option.scala:145) [scala-library.jar:na]
at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2.applyOrElse(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
java.net.ConnectException: General SSLEngine problem to https://10.0.1.1/client/api
at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:103) ~[async-http-client.jar:na]
at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427) ~[netty.jar:na]
at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:413) ~[netty.jar:na]
at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:380) ~[netty.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1417) ~[netty.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1293) ~[netty.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362) ~[na:1.7.0_40]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) ~[na:1.7.0_40]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790) ~[na:1.7.0_40]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) ~[na:1.7.0_40]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_40]
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1225) ~[netty.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.7.0_40]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1683) ~[na:1.7.0_40]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:278) ~[na:1.7.0_40]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) ~[na:1.7.0_40]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) ~[na:1.7.0_40]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) ~[na:1.7.0_40]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) ~[na:1.7.0_40]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.7.0_40]
at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.7.0_40]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[na:1.7.0_40]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283) ~[na:1.7.0_40]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138) ~[na:1.7.0_40]
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) ~[na:1.7.0_40]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) ~[na:1.7.0_40]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) ~[na:1.7.0_40]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.7.0_40]
at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.7.0_40]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[na:1.7.0_40]
If I call the service using HttpsURLConnection its working fine by adding
TrustManager[] trustAllcerts = new TrustManager[]{
new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
}
}};
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trustAllcerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier allHostsValid = new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
// TODO Auto-generated method stub
return false;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
How to Trust all Selfsigned / Untrusted ssl certificates in Play Framework?
Try adding the following code to conf/application.conf
file
ws.acceptAnyCertificate=true
This will work if you are using the Promise
class. But won't work if you are calling the service through other HttpClients.
UPDATE: As of Play Framework 2.5, you should use the following -
play.ws.ssl.loose.acceptAnyCertificate=true
You can do this in development environment, but you should never do this in Production environment, as it can prove as a security threat. In production, instead install the certificates of the client in your keystore.
这篇关于信任Java Playframework 2.2中的所有SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!