我有一個用于測驗 api 的 java cucumber 測驗自動化框架。
以前我使用的是一個名為 Karate 的工具,它有一個簡單的標志 ( karate.configure('ssl', { trustAll: true });),它允許您信任所有證書。
我希望有一個類似的標志可用于 Apache HTTP 客戶端......但我所有的谷歌搜索都會導致冗長而復雜的代碼。
這是我到目前為止撰寫的將 .pfx 檔案發送到 api 的代碼
String keyPassphrase = "";
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("src/main/resources/sslCertificates/certificate.pfx"), keyPassphrase.toCharArray());
SSLContext sslContext = SSLContexts.custom()
.loadKeyMaterial(keyStore, null)
.build();
//This is the httpClient that you will use to send your http request
CloseableHttpClient httpClient = HttpClients.custom().setSSLContext(sslContext).build();
//Send the request
CloseableHttpResponse response = httpClient.execute(request);
但它在發送之前被拒絕說
"javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
如何輕松接受所有證書以解決此問題?如前所述,我只是在測驗,所以這樣做沒有問題。
但是,我確實有 .pfx 和 .crt 格式的證書檔案以及可能使用的 client.key 檔案 - 但我不知道如何使用。
uj5u.com熱心網友回復:
我使用了這篇文章中提到的解決方案:
讓 Java 通過 HTTPS 接受所有證書
在那里,您構建了一個自定義 TrustManager 和 HostNameVerifier 來接受任何證書和域:
HostNameVerifier 的自定義實作:
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
public class TrustAllHostNameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
Https連接創建:
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setHostnameVerifier(new TrustAllHostNameVerifier())
} catch (Exception e) {
:
:
}
盡管您澄清說它是出于測驗目的,但重要的是要記住這是一個極其不安全的解決方案,您將失去使用 SSL 提供的所有保護。
uj5u.com熱心網友回復:
如果使用HttpClient 4.4或更高版本,您可以執行以下操作(示例取自以下參考):
TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext,
NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> socketFactoryRegistry =
RegistryBuilder.<ConnectionSocketFactory> create()
.register("https", sslsf)
.register("http", new PlainConnectionSocketFactory())
.build();
BasicHttpClientConnectionManager connectionManager =
new BasicHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf)
.setConnectionManager(connectionManager).build();
更多細節在這里:https ://www.baeldung.com/httpclient-ssl
uj5u.com熱心網友回復:
這段代碼似乎已經成功了:
String keyPassphrase = "";
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("src/main/resources/sslCertificates/certificate.pfx"), keyPassphrase.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, null);
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManagerFactory.getKeyManagers(), trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
//This is the httpClient that you will use to send your http request
CloseableHttpClient httpClient = HttpClients.custom().setSSLContext(sslContext).build();
//Send the request
CloseableHttpResponse response = httpClient.execute(request);
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/443386.html