那些遇到过的问题

信任Java Playframework 2.2中的所有SSL证书

asv*_*esh 13 java ssl ssl-certificate playframework-2.0

我试图在Play框架中调用Web服务(具有自签名SSL证书)使用以下函数:

public static play.libs.F.Promise<Result> webcall() {
       String feedUrl = "https://10.0.1.1/client/api";
       final play.libs.F.Promise<Result> resultPromise = WS.url(feedUrl).get().map(
                    new Function<WS.Response, Result>() {
                        public Result apply(WS.Response response) {
                            return ok("Feed title:" + response.asJson().findPath("title").toString());
                        }
                    }
            );
            return resultPromise;
        }
Run Code Online (Sandbox Code Playgroud)

它在日志中抛出以下错误,

[error] play - Cannot invoke the action, eventually got an error: java.net.ConnectException: General SSLEngine problem to https://10.0.1.1/client/api
[error] application - 

! @6fpimpnp6 - Internal server error, for (GET) [/webcall] ->

play.api.Application$$anon$1: Execution exception[[ConnectException: General SSLEngine problem to https://10.0.1.1/client/api]]
    at play.api.Application$class.handleError(Application.scala:293) ~[play_2.10.jar:2.2.0]
    at play.api.DefaultApplication.handleError(Application.scala:399) [play_2.10.jar:2.2.0]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2$$anonfun$applyOrElse$3.apply(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2$$anonfun$applyOrElse$3.apply(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
    at scala.Option.map(Option.scala:145) [scala-library.jar:na]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2.applyOrElse(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
java.net.ConnectException: General SSLEngine problem to https://10.0.1.1/client/api
    at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:103) ~[async-http-client.jar:na]
    at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427) ~[netty.jar:na]
    at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:413) ~[netty.jar:na]
    at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:380) ~[netty.jar:na]
    at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1417) ~[netty.jar:na]
    at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1293) ~[netty.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362) ~[na:1.7.0_40]
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) ~[na:1.7.0_40]
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790) ~[na:1.7.0_40]
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) ~[na:1.7.0_40]
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_40]
    at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1225) ~[netty.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.7.0_40]
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1683) ~[na:1.7.0_40]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:278) ~[na:1.7.0_40]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) ~[na:1.7.0_40]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) ~[na:1.7.0_40]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) ~[na:1.7.0_40]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) ~[na:1.7.0_40]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.7.0_40]
    at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.7.0_40]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[na:1.7.0_40]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283) ~[na:1.7.0_40]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138) ~[na:1.7.0_40]
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) ~[na:1.7.0_40]
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) ~[na:1.7.0_40]
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) ~[na:1.7.0_40]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.7.0_40]
    at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.7.0_40]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[na:1.7.0_40]
Run Code Online (Sandbox Code Playgroud)

如果我使用HttpsURLConnection调用该服务,它的工作正常,通过添加 

TrustManager[] trustAllcerts = new TrustManager[]{
    new X509TrustManager() {

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            // TODO Auto-generated method stub
            return null;
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            // TODO Auto-generated method stub

        }

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            // TODO Auto-generated method stub

        }
    }};

javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trustAllcerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier allHostsValid = new HostnameVerifier() {

    @Override
    public boolean verify(String arg0, SSLSession arg1) {
        // TODO Auto-generated method stub
        return false;
    }
};
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
Run Code Online (Sandbox Code Playgroud)

如何在Play Framework中信任所有自签名/不受信任的 ssl证书?

Rah*_*ate 24

尝试将以下代码添加到conf/application.conf文件中

ws.acceptAnyCertificate=true
Run Code Online (Sandbox Code Playgroud)

如果您正在使用该Promise课程,这将有效.但是,如果您通过其他HttpClients调用该服务,则无效.

更新:从Play Framework 2.5开始,您应该使用以下内容 -

play.ws.ssl.loose.acceptAnyCertificate=true
Run Code Online (Sandbox Code Playgroud)

您可以在开发环境中执行此操作,但是您不应该在生产环境中执行此操作,因为它可以证明是一种安全威胁.在生产中,而是在密钥库中安装客户端的证书.

  • 请不要这样做.您可以从Play TLS激活器示例生成所需的证书:http://typesafe.com/activator/template/play-tls-example,然后将cacerts添加到ws.ssl中的trustManager(请参阅下面的示例) (2认同)

Wil*_*ent 6

请不要接受所有证书 - 您可以将信任管理器与自定义证书一起使用,然后再回到默认信任库.

ws.ssl {
  trustManager = {
     stores = [
      { path: ${store.directory}/exampletrust.jks }     # Added trust store
      { path: ${java.home}/lib/security/cacerts } # Fallback to default JSSE trust store
     ]
  }
}
Run Code Online (Sandbox Code Playgroud)

有关详细信息,请参阅http://www.playframework.com/documentation/2.3.x/ExampleSSLConfig.

归档时间:

查看次数:

13989 次

最近记录:

9 年,3 月 前
如何解析SSL证书服务器名称/我可以使用keytool添加备用名称吗? 72
更多相关链接
相关归档
什么是NullPointerException,我该如何解决? 210
更改参数化测试的名称 194
如何将android项目导入为库而不将其编译为apk(Android studio 1.0) 120
为什么我们使用web.xml? 60
代理可以更改SSL证书吗? 13
WebSocket服务器不适用于SSL 11
使用specs2和FakeApplication()来测试数据库会失败进化插入 6
将ssl与mysql集成 - 拒绝访问 6
如何解决纽曼错误自签名证书? 6
使用 nginx 的动态 ssl 证书 4
难疑归档
夏令时和时区最佳实践 2021
如何使div不大于其内容? 1960
如何在没有换行或空格的情况下打印? 1760
什么是智能指针,什么时候应该使用? 1730
代理服务器和反向代理服务器之间的区别 1726
在PostgreSQL中显示表格 1703
如何递归计算目录中的所有代码行? 1536
确定整数平方根是否为整数的最快方法 1403
如何设置HTML <select>元素的默认值? 1343
没有指定分支的"git push"的默认行为 1339