相关疑难解决方法(0)

我正在添加到我们的大型Java应用程序的模块必须与另一家公司的SSL安全网站进行交谈.问题是该站点使用自签名证书.我有一份证书副本,以验证我没有遇到中间人攻击,我需要将此证书合并到我们的代码中,以便与服务器的连接成功.

这是基本代码:

void sendRequest(String dataPacket) {
  String urlStr = "https://host.example.com/";
  URL url = new URL(urlStr);
  HttpURLConnection conn = (HttpURLConnection)url.openConnection();
  conn.setMethod("POST");
  conn.setRequestProperty("Content-Length", data.length());
  conn.setDoOutput(true);
  OutputStreamWriter o = new OutputStreamWriter(conn.getOutputStream());
  o.write(data);
  o.flush();
}

在没有为自签名证书进行任何额外处理的情况下,这会在conn.getOutputStream()处死,但有以下异常:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
....
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
....
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path …

我在两台不同的机器上有两个基于Spring的Web应用程序A和B.

我想从Web应用程序A到Web应用程序B进行https调用,但是我在机器B中使用自签名证书.因此我的HTTPS请求失败.

如何在Spring中使用RestTemplate时禁用https证书验证？我想禁用验证,因为Web应用A和B都在内部网络中,但数据传输必须通过HTTPS进行

我正在尝试向以下地址发送请求.证书无效,我想忽略它.我写下面根据我的研究码1,2,但我无法完成它.我使用的是Java 1.7,

https://api.stubhubsandbox.com/search/catalog/events/v3

码

private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[]{
    new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers(){
            return null;
        }
        public void checkClientTrusted( X509Certificate[] certs, String authType ){}
        public void checkServerTrusted( X509Certificate[] certs, String authType ){}
        public void checkClientTrusted(
                java.security.cert.X509Certificate[] arg0, String arg1)
                throws CertificateException {
            // TODO Auto-generated method stub

        }
        public void checkServerTrusted(
                java.security.cert.X509Certificate[] arg0, String arg1)
                throws CertificateException {
            // TODO Auto-generated method stub

        }
    }
};

public static void main(String[] args) …

任何人都可以为我提供一个代码示例来为使用HTTPS保护的控制器编写集成测试吗？使用HTTP我能够写,但使用HTTPS我得到认证错误.

调节器

@RestController
@RequestMapping("/rest/otm/v1")
public class LoginController {  

    @Autowired
    UserAuthenticationService userAuthService;

    @ExceptionHandler({ AuthenticationFailedException.class})
    @RequestMapping(value = "/login", method = RequestMethod.POST)
    @ResponseBody
    public void login(HttpServletRequest request,HttpServletResponse response) throws AuthenticationDeniedException {

        //some code
    }

}

测试类

@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(classes = Application.class)
@WebAppConfiguration
@IntegrationTest("server.port:0") 
public class IdentityControllerTest {

    @Value("${local.server.port}")
    int port;

    @Test
    public void test_Login_Controller() {

        SimpleClientHttpRequestFactory clientHttpRequestFactory = new SimpleClientHttpRequestFactory();

        Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("some-proxy", 8080));
        clientHttpRequestFactory.setProxy(proxy);

        RestTemplate restTemplate = new RestTemplate(clientHttpRequestFactory);

        HttpHeaders requestHeaders = new HttpHeaders();
        requestHeaders.set("credential", "pratap");
        requestHeaders.set("deviceid", "xyz123");

        HttpHeaders …

尝试获取https资源时,我总是得到同样的错误:

org.springframework.web.client.ResourceAccessException: I/O error: No peer certificate; nested exception is javax.net.ssl.SSLPeerUnverifiedException: No peer certificate

我有一个自签名虚拟主机,我的应用程序运行,应用程序正常,http但我需要https.

这是我的Android应用程序中的代码:

mRestTemplate = new RestTemplate();
mRestTemplate.getMessageConverters().add(new GsonHttpMessageConverter());
mRestTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory());

final ResponseObject responseObject = mRestTemplate.postForObject(APP_URL, requestObject, ResponseObject.class);

更新1

• 我尝试了@nilesh提出的解决方案但没有奏效.

• 我尝试了这个解决方案同样的错误

  HttpParams params = new BasicHttpParams();
  HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
  HttpProtocolParams.setContentCharset(params, HTTP.DEFAULT_CONTENT_CHARSET);
  HttpProtocolParams.setUseExpectContinue(params, true);
  
  SchemeRegistry schReg = new SchemeRegistry();
  schReg.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
  schReg.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
  ClientConnectionManager conMgr = new ThreadSafeClientConnManager(params, schReg);
  
  client = DefaultHttpClient(conMgr, params);
  
  final HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(); …

  Run Code Online (Sandbox Code Playgroud)