当前位置: 文江博客话题详情

Java忽略证书验证

发布于 2024-11-19 15:38:13 字数 1252 浏览 2 评论 0原文

我正在尝试创建一些连接到自签名 HTTPS 服务器的示例 Java 项目。我似乎无法让 Java 停止尝试验证证书。我不想必须信任这个证书,我只是想完全忽略所有证书验证;该服务器位于我的网络内部,我希望能够运行一些测试应用程序,而不必担心证书是否有效。

java -Dcom.sun.net.ssl.checkRevocation=false HelloWorld
org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:  sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

-Dcom.sun.net.ssl.checkReplication=false 没有帮助。我还尝试添加以下代码:

public static void DisableCertificateValidation() {
  TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {
      public X509Certificate[] getAcceptedIssuers() { return null; }
      public void checkClientTrusted(X509Certificate[] certs, String authType) { }
      public void checkServerTrusted(X509Certificate[] certs, String authType) { }
    }
  };
  try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
  } catch (Exception e) {
  }
}

但仍然有同样的问题。这是怎么回事?

原文

I'm trying to create some sample Java projects that connect to a self-signed HTTPS server. I can't seem to get Java to stop trying to validate the certificate. I don't want to have to trust this certificate, I just want to ignore all certificate validation altogether; this server is inside my network and I want to be able to run some test apps without worrying about whether the certificate is valid.

java -Dcom.sun.net.ssl.checkRevocation=false HelloWorld
org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:  sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The -Dcom.sun.net.ssl.checkRevocation=false didn't help. I also tried adding the following code:

public static void DisableCertificateValidation() {
  TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {
      public X509Certificate[] getAcceptedIssuers() { return null; }
      public void checkClientTrusted(X509Certificate[] certs, String authType) { }
      public void checkServerTrusted(X509Certificate[] certs, String authType) { }
    }
  };
  try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
  } catch (Exception e) {
  }
}

But still have the same issue. What's going on here?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

眸中客 2024-11-26 15:38:13

org.apache.axis2.AxisFault 表示您正在使用 Axis 2,并且 Axis 2 不使用 HttpsURLConnection 建立 HTTP(S) 连接,而是使用 Apache HttpClient (据我所知是 3.x),所以 HttpsURLConnection.setDefaultSSLSocketFactory(...) 在那里没有任何效果。

您可以查看关于设置Axis 2 的 SSLContext,更具体地说,本文档:http://axis.apache.org/axis2/java/ core/docs/http-transport.html#httpsupport

(或者,您可以使用 SSLContext.setDefault(...)< 设置默认的 SSLContext /code>,Java中引入6. 在实际应用程序中,禁用默认 SSL 上下文的证书验证显然不是一个好主意。)

org.apache.axis2.AxisFault indicates that you're using Axis 2, and Axis 2 doesn't use HttpsURLConnection to make its HTTP(S) connections, but Apache HttpClient (3.x as far as I know), so HttpsURLConnection.setDefaultSSLSocketFactory(...) will have no effect there.

You can have a look at this answer about setting up an SSLContext for Axis 2, more specifically, this document: http://axis.apache.org/axis2/java/core/docs/http-transport.html#httpsupport

(Alternatively, you may be able to get away with setting the default SSLContext with SSLContext.setDefault(...), introduced in Java 6. Disabling certificate verification for your default SSL context is obviously not a good idea in a real application.)

回复 原文
初熏 2024-11-26 15:38:13

这是一个较老的问题,但我偶然发现了它,它有点推动我走向正确的方向。通过设置参数,我可以在没有有效客户端证书的情况下访问 axis2 中的 https url:

import org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory;
import org.apache.commons.httpclient.protocol.Protocol;

EasySSLProtocolSocketFactory easySSLProtocolSocketFactory;
try {
     easySSLProtocolSocketFactory = new EasySSLProtocolSocketFactory();
     Protocol.unregisterProtocol("https");
     Protocol.registerProtocol("https", new Protocol("https",
                  (ProtocolSocketFactory) easySSLProtocolSocketFactory, 443));
}
catch (GeneralSecurityException e) {
      e.printStackTrace();
}

只需确保在调用 axis2 服务客户端之前执行此操作。这不是我在生产中会做的事情,但作为对不安全服务器的快速破解,它为我做到了这一点。

This is an older question but I stumbled upon it and it kinda psuhed me in the right diretion. I could access an https url in axis2 without a valid client certificate by setting the params:

import org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory;
import org.apache.commons.httpclient.protocol.Protocol;

EasySSLProtocolSocketFactory easySSLProtocolSocketFactory;
try {
     easySSLProtocolSocketFactory = new EasySSLProtocolSocketFactory();
     Protocol.unregisterProtocol("https");
     Protocol.registerProtocol("https", new Protocol("https",
                  (ProtocolSocketFactory) easySSLProtocolSocketFactory, 443));
}
catch (GeneralSecurityException e) {
      e.printStackTrace();
}

Just be sure to do this before calling the axis2 service client. This is nothing I would do in production, but as a fast hack for an unsecured server that did the trick for me.

回复 原文
~没有更多了~

关于作者

李不

暂无简介

0 文章
0 评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文