当前位置: 文江博客话题详情

SSLPeerUnverifiedException 与 httpClient

发布于 2025-01-02 03:23:35 字数 1982 浏览 3 评论 0原文

我正在尝试使用自签名证书测试安全的 http 连接...仅用于开发目的。但我无法解决对等未验证异常,当然我已经看过有关此异常的类似帖子,以下是我正在使用的当前实现:

public class SelfCertificatesSocketFactory extends SSLSocketFactory {

SSLContext sslContext = SSLContext.getInstance("TLS");

public SelfCertificatesSocketFactory(KeyStore trustStore) throws NoSuchAlgorithmException,UnrecoverableKeyException,KeyStoreException,KeyManagementException {
    super(trustStore);

      TrustManager tm = new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };




}

@Override
public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();
}



@Override
public Socket createSocket(Socket socket, String host, int port,
        boolean autoClose) throws IOException, UnknownHostException {
    return sslContext.getSocketFactory().createSocket(socket,host,port,autoClose);
}



}

以及用法:

private DefaultHttpClient createHttpsClient(){
    try {
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(null, null);

        SSLSocketFactory sf = new SelfCertificatesSocketFactory(trustStore);
        //sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("https", 443, sf));

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
        return new DefaultHttpClient(ccm);
    } catch (Exception e) {
        return new DefaultHttpClient();
    }

}

但是它不起作用......我仍然收到异常。我做错了什么? PD:我正在实现一个 Java Web 应用程序,这不是 Android 客户端。 多谢。

原文

I'm trying to test a secure http connection using self signed certificates... just for development purposes. But I haven't been able to resolve the peer not authenticated exception, of course I have looked at similar posts about this exception and the following one is the current implementation I'm using:

public class SelfCertificatesSocketFactory extends SSLSocketFactory {

SSLContext sslContext = SSLContext.getInstance("TLS");

public SelfCertificatesSocketFactory(KeyStore trustStore) throws NoSuchAlgorithmException,UnrecoverableKeyException,KeyStoreException,KeyManagementException {
    super(trustStore);

      TrustManager tm = new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };




}

@Override
public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();
}



@Override
public Socket createSocket(Socket socket, String host, int port,
        boolean autoClose) throws IOException, UnknownHostException {
    return sslContext.getSocketFactory().createSocket(socket,host,port,autoClose);
}



}

And the usage:

private DefaultHttpClient createHttpsClient(){
    try {
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(null, null);

        SSLSocketFactory sf = new SelfCertificatesSocketFactory(trustStore);
        //sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("https", 443, sf));

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
        return new DefaultHttpClient(ccm);
    } catch (Exception e) {
        return new DefaultHttpClient();
    }

}

However it's not working... I'm still getting the exception. What I am doing wrong?
PD: I'm implementing a Java web application, this is not an Android client.
Thanks a lot.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

闻呓 2025-01-09 03:23:35

您的代码创建的信任管理器实例似乎没有在任何地方使用,并且 KeyStore 实例似乎不包含任何信任材料。

您应该简单地利用 SSLSocketFactory 的功能,而不是执行所有这些操作。

TrustStrategy easyStrategy = new TrustStrategy() {
    public boolean isTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        // eh, why not?
        return true;
    }
};
SSLSocketFactory sf = new SSLSocketFactory(easyStrategy);

The trust manager instance created by your code does not seem to be used anywhere, and the KeyStore instance does not seem to contain any trust material.

Instead of doing all that you should simply leverage functionality of SSLSocketFactory.

TrustStrategy easyStrategy = new TrustStrategy() {
    public boolean isTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        // eh, why not?
        return true;
    }
};
SSLSocketFactory sf = new SSLSocketFactory(easyStrategy);
回复 原文
眼泪都笑了 2025-01-09 03:23:35

谢谢,成功了,通过使用以下代码解决:

HttpClient client = null;
    TrustStrategy easyStrategy = new TrustStrategy() {

        @Override
        public boolean isTrusted(X509Certificate[] certificate, String authType)
                throws CertificateException {
            return true;
        }
    };
    try {

        SSLSocketFactory sf = new SSLSocketFactory(easyStrategy,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("https", 8443, sf));

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
        client = new DefaultHttpClient(ccm);

    } catch (KeyManagementException e1) {
        e1.printStackTrace();
    } catch (UnrecoverableKeyException e1) {
        e1.printStackTrace();
    } catch (NoSuchAlgorithmException e1) {
        e1.printStackTrace();
    } catch (KeyStoreException e1) {
        e1.printStackTrace();
    }

Thanks that made it, resolved by using the following code:

HttpClient client = null;
    TrustStrategy easyStrategy = new TrustStrategy() {

        @Override
        public boolean isTrusted(X509Certificate[] certificate, String authType)
                throws CertificateException {
            return true;
        }
    };
    try {

        SSLSocketFactory sf = new SSLSocketFactory(easyStrategy,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("https", 8443, sf));

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
        client = new DefaultHttpClient(ccm);

    } catch (KeyManagementException e1) {
        e1.printStackTrace();
    } catch (UnrecoverableKeyException e1) {
        e1.printStackTrace();
    } catch (NoSuchAlgorithmException e1) {
        e1.printStackTrace();
    } catch (KeyStoreException e1) {
        e1.printStackTrace();
    }
回复 原文
掌心的温暖 2025-01-09 03:23:35

在我的特定情况下,我的设备上的系统时间设置为过去。

感谢 此页指出了看似显而易见的问题...:)

In my particular case, the system time on my device was set in the past.

Thanks to this page for pointing out the seemingly obvious... :)

回复 原文
~没有更多了~

关于作者

薆情海

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

饮湿

文章 0 评论 0

明月

文章 0 评论 0

02

文章 0 评论 0

hs1283

文章 0 评论 0

风向决定发型

文章 0 评论 0

落花浅忆

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文