ApacheHTTPClientSSL如何接受所??有用于測驗目的的證書

我有一個用于測驗 api 的 java cucumber 測驗自動化框架。

以前我使用的是一個名為 Karate 的工具，它有一個簡單的標志 ( karate.configure('ssl', { trustAll: true });)，它允許您信任所有證書。

我希望有一個類似的標志可用于 Apache HTTP 客戶端......但我所有的谷歌搜索都會導致冗長而復雜的代碼。

這是我到目前為止撰寫的將 .pfx 檔案發送到 api 的代碼

        String keyPassphrase = "";

        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream("src/main/resources/sslCertificates/certificate.pfx"), keyPassphrase.toCharArray());

        SSLContext sslContext = SSLContexts.custom()
                .loadKeyMaterial(keyStore, null)
                .build();


        //This is the httpClient that you will use to send your http request
        CloseableHttpClient httpClient = HttpClients.custom().setSSLContext(sslContext).build();

        //Send the request
        CloseableHttpResponse response = httpClient.execute(request);

但它在發送之前被拒絕說

 "javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

如何輕松接受所有證書以解決此問題？如前所述，我只是在測驗，所以這樣做沒有問題。

但是，我確實有 .pfx 和 .crt 格式的證書檔案以及可能使用的 client.key 檔案 - 但我不知道如何使用。

uj5u.com熱心網友回復：

我使用了這篇文章中提到的解決方案：

讓 Java 通過 HTTPS 接受所有證書

在那里，您構建了一個自定義 TrustManager 和 HostNameVerifier 來接受任何證書和域：

HostNameVerifier 的自定義實作：

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;

public class TrustAllHostNameVerifier implements HostnameVerifier {

    public boolean verify(String hostname, SSLSession session) {
        return true;
    }
}

Https連接創建：

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public void checkClientTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {
        }
        public void checkServerTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {
        }
    }
};

// Install the all-trusting trust manager
try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    HttpsURLConnection.setHostnameVerifier(new TrustAllHostNameVerifier())
} catch (Exception e) {
  :
  :
}

盡管您澄清說它是出于測驗目的，但重要的是要記住這是一個極其不安全的解決方案，您將失去使用 SSL 提供的所有保護。

uj5u.com熱心網友回復：

如果使用HttpClient 4.4或更高版本，您可以執行以下操作（示例取自以下參考）：

TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
    SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, 
      NoopHostnameVerifier.INSTANCE);
    
    Registry<ConnectionSocketFactory> socketFactoryRegistry = 
      RegistryBuilder.<ConnectionSocketFactory> create()
      .register("https", sslsf)
      .register("http", new PlainConnectionSocketFactory())
      .build();

    BasicHttpClientConnectionManager connectionManager = 
      new BasicHttpClientConnectionManager(socketFactoryRegistry);
    CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf)
      .setConnectionManager(connectionManager).build();

更多細節在這里：https ://www.baeldung.com/httpclient-ssl

uj5u.com熱心網友回復：

這段代碼似乎已經成功了：

        String keyPassphrase = "";
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream("src/main/resources/sslCertificates/certificate.pfx"), keyPassphrase.toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, null);

        // Create a trust manager that does not validate certificate chains
        TrustManager[] trustAllCerts = new TrustManager[]{
                new X509TrustManager() {
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                    public void checkClientTrusted(
                            java.security.cert.X509Certificate[] certs, String authType) {
                    }
                    public void checkServerTrusted(
                            java.security.cert.X509Certificate[] certs, String authType) {
                    }
                }
        };

        // Install the all-trusting trust manager
            SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(keyManagerFactory.getKeyManagers(), trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());


        //This is the httpClient that you will use to send your http request
        CloseableHttpClient httpClient = HttpClients.custom().setSSLContext(sslContext).build();

        //Send the request
        CloseableHttpResponse response = httpClient.execute(request);

標籤：爪哇 ssl apache-httpclient-4.x apache-httpclient-5.x

上一篇：使用BorderLayout調整JPanel的大小

下一篇：如何為vegalite中y軸上顯示的最大值設定miximum