我有一个非常脆弱和复杂的开发设置。我有一个通往该计算机的ssh隧道,该隧道公开了该网络上的计算机,当ssh隧道就位时,我可以像这样通过Postman
或curl
轻松访问我的api。
卷曲-X GET -u admin:admin123 -k“ https://172.23.1.175/api/storage/aggregates/?fields=space&return_records=true&return_timeout=15” -H“接受:application / hal + json”
我的客户代码是通过swagger
创建的,出于开发目的,我希望能够在IntelliJ的Java应用程序中尝试进行实际的API调用。我知道这完全是皱眉。我得到的错误是这样的:
io.swagger.ontap.client.ApiException: javax.net.ssl.SSLPeerUnverifiedException: Hostname localhost not verified:
certificate: sha1/o6KF0+STnresD1HaPMVoHNMgwpY=
DN: C=US, CN=ontapcloud-net0ejmuaf-1
subjectAltNames: []
这是我尝试将证书导入到Java配置之后的一种较新的错误。
导致javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径
是否可以修改下面的代码以适应请求,使请求能够通过?
private void applySslSettings() {
try {
TrustManager[] trustManagers = null;
HostnameVerifier hostnameVerifier = null;
System.out.println("verifyingSsl: " + verifyingSsl);
if (!verifyingSsl) {
TrustManager trustAll = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
@Override
public X509Certificate[] getAcceptedIssuers() { return null; }
};
SSLContext sslContext = SSLContext.getInstance("TLS");
trustManagers = new TrustManager[]{ trustAll };
hostnameVerifier = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) { return true; }
};
} else if (sslCaCert != null) {
char[] password = null; // Any password will work.
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(sslCaCert);
if (certificates.isEmpty()) {
throw new IllegalArgumentException("expected non-empty set of trusted certificates");
}
KeyStore caKeyStore = newEmptyKeyStore(password);
int index = 0;
for (Certificate certificate : certificates) {
String certificateAlias = "ca" + Integer.toString(index++);
caKeyStore.setCertificateEntry(certificateAlias, certificate);
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(caKeyStore);
trustManagers = trustManagerFactory.getTrustManagers();
}
if (keyManagers != null || trustManagers != null) {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, new SecureRandom());
httpClient.setSslSocketFactory(sslContext.getSocketFactory());
} else {
httpClient.setSslSocketFactory(null);
}
httpClient.setHostnameVerifier(hostnameVerifier);
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}
}
答案 0 :(得分:0)
解决方案非常简单,其中一些优点可以解决我的问题。
ApiClient apiClient = new ApiClient();
apiClient.setBasePath("https://localhost:8077/api");
apiClient.setVerifyingSsl(false);