相关疑难解决方法(0)

我在tomcat中启用了https,并为服务器身份验证设置了自签名证书.我使用Apache httpClient创建了一个http客户端.我已经设置了一个加载服务器证书的信任管理器.http客户端可以与服务器连接没问题.要查看发生了什么,我启用了调试:

System.setProperty("javax.net.debug", "ssl");

我看到以下根本无法理解的内容:

***
adding as trusted cert:
  Subject: CN=Me, OU=MyHouse, O=Home, L=X, ST=X, C=BB
  Issuer:  CN=Me, OU=MyHouse, O=Home, L=X, ST=X, C=BB
  Algorithm: RSA; Serial number: 0x4d72356b
  Valid from Sat Mar 05 15:06:51 EET 2011 until Fri Jun 03 16:06:51 EEST 2011 

我的证书会显示并添加到信任库(我看到).然后:

trigger seeding of SecureRandom
done seeding SecureRandom

这是我没有得到的调试跟踪的部分:

trustStore is: C:\Program Files\Java\jre6\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, …

HttpClient 4.3有三个静态变量org.apache.http.conn.ssl.SSLConnectionSocketFactory:

1. STRICT_HOSTNAME_VERIFIER
2. BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
3. ALLOW_ALL__HOSTNAME_VERIFIER

将依赖项升级到HttpClient的4.4版时,我看到所有上述常量都已弃用.JavaDoc中的弃用说明提到要使用org.apache.http.conn.ssl.DefaultHostnameVerifier.阅读文档,我认为这DefaultHostnameVerifier是一个直接替代STRICT_HOSTNAME_VERIFIER.这也ALLOW_ALL__HOSTNAME_VERIFIER很容易实现:

package org.wiztools.restclient.http;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;

/**
 *
 * @author subwiz
 */
public class AllowAllHostnameVerifier implements HostnameVerifier {

    @Override
    public boolean verify(String string, SSLSession ssls) {
        return true;
    }

}

STRICT_HOSTNAME_VERIFIER和BROWSER_COMPATIBLE_HOSTNAME_VERIFIER(来自JavaDoc)之间有一个微妙的区别:

BROWSER_COMPATIBLE和STRICT之间的唯一区别是带有BROWSER_COMPATIBLE的通配符(例如"*.foo.com")匹配所有子域,包括"abfoo.com".

我们是否有一个现成BROWSER_COMPATIBLE的httpclient 4.4主机名验证程序？

我正在使用Tomcat7,Spring框架进行ReST Web服务.我试图使用Spring RestTemplate调用https Web服务.我收到以下错误:

无法找到要求目标的有效证书路径; 嵌套异常是javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径

我在stackoverflow上在线检查.我尝试了url中的示例代码: 使用Spring RestTemplate访问Https Rest服务

我无法让它发挥作用.任何人都可以根据下面的代码告诉我,我需要更改什么？也有人可以告诉我或者向我提供我需要的java库的pom.xml文件吗？

        import org.springframework.web.bind.annotation.RequestMethod;
        import org.springframework.web.client.RestTemplate;

        import com.fasterxml.jackson.core.JsonGenerationException;
        import com.fasterxml.jackson.databind.JsonMappingException;
        import com.fasterxml.jackson.databind.ObjectMapper;
        import com.journaldev.spring.controller.EmpRestURIConstants;
        import com.journaldev.spring.model.CostControlPost;
        import com.journaldev.spring.model.Employee;
        import com.journaldev.spring.model.RfxForUpdate;

        import static org.junit.Assert.*;
        import org.apache.commons.codec.binary.Base64;


        import javax.net.ssl.*;
        import java.io.*;
        import java.security.KeyStore;
        import java.security.MessageDigest;
        import java.security.cert.CertificateException;
        import java.security.cert.X509Certificate;


        public class TestExample2
        {
            public static final String SERVER_LIST="https://abc/sourcing/testServices";


            @Test
            public void testGetListOfServiceNames()
            {
                try
                {


                    RestTemplate restTemplate = new RestTemplate();
                    ResponseEntity<String> response = restTemplate.exchange(SERVER_LIST,HttpMethod.GET,null,String.class);
                    assertNotNull(response);    
                }
                catch(Exception e)
                {
                    System.out.println("e:"+e.getMessage()); …

我在尝试使用HttpClient来调用使用自签名证书的https站点时感到有点困惑.我有下面的代码,这使我能够进行调用,但后来我得到的错误就像javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found我从我的网络浏览器下载了证书并了解我可以将其导入密钥库但我宁愿把它放入代码并以这种方式使用它,有没有办法做到这一点？

    HttpClient client = new HttpClient();

    EasySSLProtocolSocketFactory easySSLProtocolSocketFactory = new EasySSLProtocolSocketFactory();
    Protocol https = new Protocol("https", easySSLProtocolSocketFactory,
            443);
    Protocol.registerProtocol("https", https);

    BufferedReader br = null;

    String responseString = "";

    GetMethod method = new GetMethod(path);

    int returnCode = client.executeMethod(method);

我像这样使用RestTemplate配置:

private RestTemplate createRestTemplate() throws Exception {
        final String username = "admin";
        final String password = "admin";
        final String proxyUrl = "localhost";
        final int port = 443;

        CredentialsProvider credsProvider = new BasicCredentialsProvider();
        credsProvider.setCredentials(new AuthScope(proxyUrl, port),
                new UsernamePasswordCredentials(username, password));

        HttpHost host = new HttpHost(proxyUrl, port, "https");

        HttpClientBuilder clientBuilder = HttpClientBuilder.create();

        clientBuilder.setProxy(host).setDefaultCredentialsProvider(credsProvider).disableCookieManagement();

        HttpClient httpClient = clientBuilder.build();
        HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory();
        factory.setHttpClient(httpClient);

        return new RestTemplate(factory);
    }

这就是我的方法的工作方式:

public String receiveMessage(String message) {
        try {
            restTemplate = createRestTemplate();
            ObjectMapper mapper = new ObjectMapper(); …