HttpUnit WebConversation SSL 问题

发布于 2024-10-15 12:39:06 字数 569 浏览 2 评论 0原文

如何从 WebConversation 或 WebRequest 对象的上下文中忽略 SSL 证书问题？我知道我可以创建一个接受所有证书的假 TrustManager ，但是如何在 HttpUnit 上下文中设置它？

这是我遇到的异常：

[Security:090508]Certificate chain received from my.domain.com - NUM.NUM.NUM.NUM was incomplete., 
[Security:090477]Certificate chain received from my.domain.com - NUM.NUM.NUM.NUM was not trusted causing SSL handshake failure.

我需要以某种方式将 SSLSocket 设置设置为 WebConversation 或 WebRequest 对象；查看 HttpUnit 的 JavaDocs，没有这样的方法或构造函数可以这样做。有没有办法可以将其包装在某个暴露了 SSLSocket 属性的对象中？

原文

How can I ignore SSL certificate issues from the context of the WebConversation or WebRequest object? I know I can create a fake TrustManager that accepts all certificates but how can I set this in the HttpUnit context?

Here is the exception I am getting:

[Security:090508]Certificate chain received from my.domain.com - NUM.NUM.NUM.NUM was incomplete., 
[Security:090477]Certificate chain received from my.domain.com - NUM.NUM.NUM.NUM was not trusted causing SSL handshake failure.

I need to somehow set the SSLSocket settings to the WebConversation or WebRequest object; looking at the JavaDocs for HttpUnit there is no such method or constructor to do so. Is there a way I can wrap this inside some object which has exposed SSLSocket properties?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

糖粟与秋泊 2024-10-22 12:39:06

对我有用的是使用此工具将服务器的无效证书添加到新的密钥库（创建一个文件 jssecacerts)，然后用新的密钥库替换现有的密钥库。
cp cacerts cacerts.bak
cp ~/tools/jssecacerts cacerts

HttpUnit 之后工作正常。

回复收藏 0 原文

毁我热情 2024-10-22 12:39:06

根据此常见问题解答条目，HttpUnit 似乎正在使用 Java 提供的 SSL 实现标准库。编写和安装“接受所有”TrustManager 非常简单：

private static class AnyTrustManager implements X509TrustManager
{
    public void checkClientTrusted(X509Certificate[] chain, String authType)
    {
    }

    public void checkServerTrusted(X509Certificate[] chain, String authType)
    {
    }

    public X509Certificate[] getAcceptedIssuers()
    {
        return new X509Certificate[0];
    }
}

static {
    try {
        SSLContext ssl = SSLContext.getInstance("SSL");
        ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory());
    } catch (NoSuchAlgorithmException ex) {
        throw new Error(ex);
    } catch (KeyManagementException ex) {
        throw new Error(ex);
    }
}

但是您应该记住，此代码示例可能需要一些修改才能与 HttpUnit 一起使用（例如，如果库使用自定义 SocketFactory 建立连接））

因为 HttpUnit 似乎没有提供任何 API 来设置自定义 SSLSocketFactry，这里是设置默认 SSL 上下文的替代解决方案（仅限 Java 6）

static {
    try {
        SSLContext ssl = SSLContext.getDefault();
        ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
    } catch (NoSuchAlgorithmException ex) {
        throw new Error(ex);
    } catch (KeyManagementException ex) {
        throw new Error(ex);
    }
}

According to this FAQ entry, it seems that HttpUnit is using the SSL implementation provided by the Java standard library. Writing and installing an "accept all" TrustManager is straightforward:

private static class AnyTrustManager implements X509TrustManager
{
    public void checkClientTrusted(X509Certificate[] chain, String authType)
    {
    }

    public void checkServerTrusted(X509Certificate[] chain, String authType)
    {
    }

    public X509Certificate[] getAcceptedIssuers()
    {
        return new X509Certificate[0];
    }
}

static {
    try {
        SSLContext ssl = SSLContext.getInstance("SSL");
        ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory());
    } catch (NoSuchAlgorithmException ex) {
        throw new Error(ex);
    } catch (KeyManagementException ex) {
        throw new Error(ex);
    }
}

However you should keep in mind that this code sample may need some modifications to work with HttpUnit (for instance if the library establishes the connections using a custom SocketFactory)

Since it seems that HttpUnit does not provide any API to set a custom SSLSocketFactry here is an alternative solution setting the default SSL context (Java 6 only)

static {
    try {
        SSLContext ssl = SSLContext.getDefault();
        ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
    } catch (NoSuchAlgorithmException ex) {
        throw new Error(ex);
    } catch (KeyManagementException ex) {
        throw new Error(ex);
    }
}

回复收藏 0 原文

勿忘心安 2024-10-22 12:39:06

如果您有权访问 WebClient，则可以执行以下操作来跳过 SSL 证书验证：

WebClient client = new WebClient();
client.getOptions().setUseInsecureSSL(true);

If you have access to the WebClient you can do this to skip SSL certificate validation:

WebClient client = new WebClient();
client.getOptions().setUseInsecureSSL(true);

回复收藏 0 原文

残花月 2024-10-22 12:39:06

有点晚了，我刚刚遇到这个问题，但我设法让 httpunit 1.7.2 按照 Jsc 与 AnyTrustManager 一起工作使用以下代码回答（httpunit 在底层使用 HttpsURLConnectionOldImpl）：

static {
    try {
        SSLContext ssl = SSLContext.getInstance("TLS");
        ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
        com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.setDefaultSSLSocketFactory(ssl.getSocketFactory());            
    } catch (NoSuchAlgorithmException ex) {
        throw new Error(ex);
    } catch (KeyManagementException ex) {
        throw new Error(ex);
    }
}

A little late, i only just ran into this issue, but i managed to get httpunit 1.7.2 working with AnyTrustManager as per Jsc's answer with the following code (httpunit uses HttpsURLConnectionOldImpl under de hood):

static {
    try {
        SSLContext ssl = SSLContext.getInstance("TLS");
        ssl.init(null, new X509TrustManager[] {new AnyTrustManager()}, null);
        com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.setDefaultSSLSocketFactory(ssl.getSocketFactory());            
    } catch (NoSuchAlgorithmException ex) {
        throw new Error(ex);
    } catch (KeyManagementException ex) {
        throw new Error(ex);
    }
}

回复收藏 0 原文

素罗衫 2024-10-22 12:39:06

截至 2019 年，在 Mac 上使用 Oracle 8 jvm 和 httpunit 1.7，Jcs 8 年前的答案仍然非常接近，只需要多一行。

    // trust anything.
    static void setupSSL() {
        if(sslSetupDone) {
            return;
        }
        // System.setProperty("javax.net.debug", "ssl");

        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {              
                return null;
            }

            public void checkClientTrusted(X509Certificate[] certs, String authType) {              
            }

            public void checkServerTrusted(X509Certificate[] certs, String authType) {              
            }

        } };

        SSLContext sc = null;
        try {
            sc = SSLContext.getInstance("TLS");  // formerly "ssl"
            sc.init(null, trustAllCerts, null);
            SSLContext.setDefault(sc);  //<====== one more line needed 
        } catch (Exception e) {
            e.printStackTrace(System.out);
        }
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

        javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
            public boolean verify(String urlHostname, SSLSession sslSession) {
                return true;
            }
        });

        sslSetupDone = true;
    }

as of 2019, with an oracle 8 jvm on a mac, and httpunit 1.7, Jcs' answer from 8 years ago is still very close, just needs one more line.

    // trust anything.
    static void setupSSL() {
        if(sslSetupDone) {
            return;
        }
        // System.setProperty("javax.net.debug", "ssl");

        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {              
                return null;
            }

            public void checkClientTrusted(X509Certificate[] certs, String authType) {              
            }

            public void checkServerTrusted(X509Certificate[] certs, String authType) {              
            }

        } };

        SSLContext sc = null;
        try {
            sc = SSLContext.getInstance("TLS");  // formerly "ssl"
            sc.init(null, trustAllCerts, null);
            SSLContext.setDefault(sc);  //<====== one more line needed 
        } catch (Exception e) {
            e.printStackTrace(System.out);
        }
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

        javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
            public boolean verify(String urlHostname, SSLSession sslSession) {
                return true;
            }
        });

        sslSetupDone = true;
    }

回复收藏 0 原文

~没有更多了~