我目前正在使用自签名证书的开发环境中工作。我现在已经尝试了一天多的时间让球衣无视自签名证书。这纯粹是为了一个POC环境,我不会梦想做这个罪恶的生产。虽然我在互联网上找到了很多关于如何完成这项工作的答案,但仍有一些问题尚未解决。
这是我目前的考试类:
public class JerseyTestClient {
private static final Logger LOG = Logger.getLogger(JerseyTestClient.class.getName());
public static void sendTestRequest() {
try {
Client client = Client.create(configureClient());
WebResource webResource = client.resource("https://server/endpoint/");
ClientResponse response = webResource.accept("application/json").get(ClientResponse.class);
if (response.getStatus() != 200) {
throw new RuntimeException("Failed : HTTP error code : " + response.getStatus());
}
List<Hardware> output = response.getEntity(new GenericType<List<Hardware>>() {});
LOG.severe("Output from Server .... \n");
LOG.severe("Nr of entries: " + output.size());
} catch (Exception e) {
LOG.log(Level.SEVERE, " test request failed", e);
}
}
public static ClientConfig configureClient() {
TrustManager[ ] certs = new TrustManager[ ] {
new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
LOG.severe("getAcceptedIssuers");
return null;
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
LOG.severe("checkServerTrusted");
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
LOG.severe("checkClientTrusted");
}
}
};
SSLContext ctx = null;
try {
ctx = SSLContext.getInstance("TLS");
ctx.init(null, certs, null);
} catch (java.security.GeneralSecurityException e) {
LOG.log(Level.SEVERE, "Error", e);
}
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
LOG.severe("verify");
return true;
}
});
ClientConfig config = new DefaultClientConfig();
try {
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(
new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
LOG.severe("verify");
return true;
}
},
ctx
));
} catch(Exception e) {
LOG.log(Level.SEVERE, "Error", e);
}
return config;
}
}
虽然一切看起来都是正确的,但TrustManager和HostnameVerifier中的日志行永远不会显示在日志中,并且连接仍然会在get(ClientResponse.class)上出现SSL握手异常。
我现在已经讨论了一段时间了,当我将这个与所有教程进行比较,并且人们说他们修复了它时,我找不到区别。
如果有人可以指出那里应该存在的缺陷......
答案 0 :(得分:0)
我的公司BITPlan已经发布了一个开源项目,以简化Jersey 1.19的处理,参见
https://github.com/BITPlan/com.bitplan.simplerest
测试用例:
创建一个没有使用客户端证书的SSL连接。 这导致:
Schwerwiegend: SSL Client certificate is missing for /hello/hello
但是测试用例仍在运行 Clientside的处理完成:
如果您遇到任何问题,可能需要提出问题 通过https://github.com/BITPlan/com.bitplan.simplerest/issues