通过 HTTPS 进行 Java 身份验证
我正在尝试通过 HTTPS 向服务器进行身份验证。我在握手方面遇到了问题。我认为这是因为当我在浏览器中访问该 URL 时,会出现一个弹出框。如果我取消该操作,我可以转到一个允许我再次登录的表格。服务器安全性是TAM。
实际上,我一开始就遇到了问题。当我尝试运行此代码时:
HttpResponse response = httpclient.execute(httpget);
我收到一个 IOException 错误,指出 javax.net.ssl.SSLPeerUnverifiedException:对等点未经过身份验证。我使用的示例代码来自 Apache HTTPClient 文档。我也尝试过使用内置的 java 身份验证方法,但握手时遇到其他问题,称证书不受信任。
不管怎样,我现在很困惑,这很令人沮丧,因为我认为这种类型的东西应该足够基本了。
那么,有人可以指导我一些通过 HTTPS 进行身份验证的示例代码吗?
谢谢。
编辑: 只是添加另一个错误,我在使用内置的 java http auth 时遇到,与证书相关:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=XXX Internal Root CA, O=XXX Corporation, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
I'm trying to authenticate with a server over HTTPS. I'm having problems with the handshake. I think this is due to the fact that when I go to the URL in my browser, a popup box appears. If I cancel that, I can then go to a form which will allow me to login again. The server security is TAM.
Its actually at the start where I'm having problems. When I try to run this code:
HttpResponse response = httpclient.execute(httpget);
I get an IOException error stating that javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated. The sample code I'm using is from Apache HTTPClient docs. I've tried to also use the built in java authentication methods, but I get other problems with the handshake, saying the certificate isn't trusted.
Anyway, I'm pretty stuck at the moment, which is frustrating because I thought this type of stuff should be basic enough.
So, could someone be so kind as to direct me to some sample code for authentication over HTTPS?
Thanks.
EDIT:
Just to add another error I get when using the built in java http auth, relating to the certificate:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=XXX Internal Root CA, O=XXX Corporation, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您似乎在 jvm 密钥库中缺少服务器 SSL 证书,您需要使用 keytool 导入证书。这是一个 链接 了解如何操作。这是另一个链接(即使它是针对 Gmail 的,您可能会发现步骤有用)
It seems you are missing server SSL certificates in jvm keystore, you need to import certificates using keytool. Here is one link on how to do. Here is another link (even though it is for Gmail, you may find steps useful)
这里的问题是Windows。或者更具体地说是 WinInet API,显然。
我可以创建一个接受所有证书的自定义
TrustManager,并且它可以正常连接。另外,如果我在 Linux 上尝试我的代码而不需要 hack,那么它工作得很好。因此,无论 Windows 处理密钥库的方式如何,都会给我带来问题。The problem here is Windows. Or more specifically the WinInet API, apparently.
I can create a custom
TrustManagerthat accepts all certs, and it can connect fine. Also, if I try my code without the hack on linux, then it works fine. So whatever way Windows handle the keystore is giving me problems.