- 浏览: 1233452 次
- 性别:
- 来自: 上海
文章分类
最新评论
-
lankk:
lankk 写道事实上,在运行String s1=new St ...
理解String 及 String.intern() 在实际中的应用 -
lankk:
事实上,在运行String s1=new String(&qu ...
理解String 及 String.intern() 在实际中的应用 -
lankk:
同意1楼的说法http://docs.oracle.com/j ...
理解String 及 String.intern() 在实际中的应用 -
raoyutao:
...
jdk 线程池 ThreadPoolExecutor -
hongdanning:
理解了。之前困惑的一些明白了。谢谢分享。
理解String 及 String.intern() 在实际中的应用
引用: http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html
When developing a https application, your test server often doesn't have a (valid) SSL certificate. This will cause the following exception to be thrown when connecting your client to the test server: "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated".
I will be discussing a way to fix this issue with the apache HttpClient, version 4.0.1 (http://hc.apache.org/httpcomponents-client/).
1. Bits and pieces
You usually create your HttpClient like this:
client = new DefaultHttpClient();
We will need to tell the client to use a different TrustManager. A TrustManager (http://download.oracle.com/docs/cd/E17476_01/javase/1.5.0/docs/api/javax/net/ssl/TrustManager.html) is a class that checks if given credentials (or certificates) are valid. The scheme used by SSL is called X.509 (http://en.wikipedia.org/wiki/X.509), and Java has a specific TrustManager for this scheme, called X509TrustManager. First thing we will need to do is create such a TrustManager:
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
As you can see, this code doesn't do much: if a certificate is invalid the TrustManager is supposed to throw a CertificateException in the checkXXX methods. Since we always want to accept all certificates, we never throw an exception.
Next we need to find a way to set this TrustManager in our HttpClient. The TrustManager is used by the SSL sockets. Sockets are created using a SocketFactory. For SSL sockets this is an SSLSocketFactory (http://download.oracle.com/docs/cd/E17476_01/javase/1.5.0/docs/api/javax/net/ssl/SSLSocketFactory.html). When creating a new SSLSocketFactory, you need to pass an SSLContext to the constructor. It is this SSLContext that will contain our newly created TrustManager.
First thing we need to do is get an SSLContext:
SSLContext ctx = SSLContext.getInstance("TLS");
TLS is the successor to SSL, but they use the same SSLContext.
Then we initialize this context with our new TrustManager that we created above:
ctx.init(null, new TrustManager[]{tm}, null);
We can then finally create our SSLSocketFactory:
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
Now we still need to register this SSLSocketFactory with our HttpClient. This is done in the SchemeRegistry of the ConnectionManager of the HttpClient:
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", ssf, 443));
We register a new Scheme, with the protocol https, our newly created SSLSocketFactory which contains our TrustManager and we tell the HttpClient that the default port for https is port 443.
2. Putting it all together
The following class takes a HttpClient and returns a new HttpClient that accepts any SSL certificate:
/*
This code is public domain: you are free to use, link and/or modify it in any way you want, for all purposes including commercial applications.
*/
public class WebClientDevWrapper {
public static HttpClient wrapClient(HttpClient base) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", ssf, 443));
return new DefaultHttpClient(ccm, base.getParams());
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
}
You can then do something like this in the code that creates the HttpClient:
this.client = new DefaultHttpClient();
if(dev) {
this.client = WebClientDevWrapper.wrapClient(client);
}
Update
In some exceptional cases, the method described above doesn't work. This is due to the Apache AllowAllHostnameVerifier still being to strict. In this case, you will need your own X509HostnameVerifier. Create it as follows:
X509HostnameVerifier verifier = new X509HostnameVerifier() {
@Override
public void verify(String string, SSLSocket ssls) throws IOException {
}
@Override
public void verify(String string, X509Certificate xc) throws SSLException {
}
@Override
public void verify(String string, String[] strings, String[] strings1) throws SSLException {
}
@Override
public boolean verify(String string, SSLSession ssls) {
return true;
}
};
Then set it on your socket factory:
ssf.setHostnameVerifier(verifier);
/*
This code is public domain: you are free to use, link and/or modify it in any way you want, for all purposes including commercial applications.
*/
public class WebClientDevWrapper {
public static HttpClient wrapClient(HttpClient base) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
X509HostnameVerifier verifier = new X509HostnameVerifier() {
@Override
public void verify(String string, SSLSocket ssls) throws IOException {
}
@Override
public void verify(String string, X509Certificate xc) throws SSLException {
}
@Override
public void verify(String string, String[] strings, String[] strings1) throws SSLException {
}
@Override
public boolean verify(String string, SSLSession ssls) {
return true;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
ssf.setHostnameVerifier(verifier);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", ssf, 443));
return new DefaultHttpClient(ccm, base.getParams());
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
}
You can then do something like this in the code that creates the HttpClient:
this.client = new DefaultHttpClient();
if(dev) {
this.client = WebClientDevWrapper.wrapClient(client);
}
发表评论
-
连接池exception GetConnectionTimeoutException get/close not same thread
2015-09-24 14:44 7124环境 hibernate 4.2.0.Final sp ... -
tomcat 7 应用不能访问 及 配置管理界面
2015-09-16 15:26 2751tomcat 7 应用不能访问 及 配置管理界面 ... -
iteye blog 备份
2015-06-01 11:03 1199以前javaeye有博客导出成pdf的功能, 现在这个功能 ... -
jaxb xml 解析出 list对象
2015-03-26 16:29 10631jaxb想直接解析出list对象, 不用在list对象上再去 ... -
jvm notes
2014-12-16 15:19 1722运行时数据区 program counter re ... -
string split 空字符串问题
2014-09-02 15:02 1945String str="123,123,,1 ... -
IntelliJ IDEA keys
2014-05-29 15:35 1192open type Ctrl+N open ... -
POI excel 触发 公式 计算 删除空白行
2013-04-15 12:44 5094用POI api修改excel 表格数据后, 想触发计算公式 ... -
MD5 SHA1 Base64 HmacSHA1
2012-10-26 14:23 2184MD5 SHA1 import java.securi ... -
struts2 jsp 禁止 直接 访问
2011-10-13 14:16 3152想要禁止 struts2 应用中 部分jsp 的 直接访问 ... -
jboss-log4j.xml
2011-09-22 17:42 3175使用 jboss_home/server/default/co ... -
jboss 映射 url 虚拟目录 设置system property
2011-08-31 12:56 2198jboss 4.2.3 在[jboss home ... -
jboss 连接池 scheduler
2011-08-04 19:13 1573将oracle-ds.xml 放到 jboss_home\s ... -
jboss Caused by: LifecycleException: Error initializaing : javax.management.R
2011-08-04 14:55 2317Caused by: LifecycleException: ... -
axis2 spring pojo 集成
2011-04-28 15:28 2496之前写的 http://renxiangzyq.iteye.c ... -
wsdl axis2 spring
2011-04-28 11:12 3317WSDL 文档是利用这些主要的元素来描述某个 web s ... -
apache jboss ssl 配置
2011-03-10 19:37 1601httpd.conf Include "co ... -
cron 表达式
2010-12-13 17:47 1135http://sosuny.iteye.com/blog/46 ... -
资源文件转码
2010-10-27 14:54 1198GBK to utf-8 native2ascii ... -
maven test jar
2010-09-18 11:32 2385多模块的时候 模块之间的test代码也是互相依赖 但默认打包 ...
相关推荐
在Java编程中,`javax.net.ssl.SSLHandshakeException` 是一个常见的错误,通常发生在进行安全套接层(SSL)或传输层安全(TLS)协议握手时出现问题。这个异常通常是由于客户端和服务器之间的证书不匹配、信任锚点...
访问带https请求忽略ssl证书,避免url.openStream报错javax.net.ssl.SSLHandshakeException url = new URL(imageUrl); if("https".equalsIgnoreCase(url.getProtocol())){ SslUtils.ignoreSsl(); } //不添加...
解决webMagic0.7.3 出现javax.net.ssl.SSLException: Received fatal alert: protocol_version的问题-附件资源
加密是报:javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair 此处提供 bcprov-ext-jdk15on-154.jar 和 bcprov-jdk15on-154.jar 压缩包中有使用说明
然而,当你遇到“javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair”的错误时,这意味着在建立SSL/TLS连接时,Diffie-Hellman(DH)密钥交换算法遇到了问题。DH是一种非对称...
这一库主要提供了`javax.net.ssl`包,包括了SSL/TLS相关的各种类,如`SSLSocket`、`SSLServerSocket`、`SSLEngine`等,它们是构建安全网络连接的基础。`SSLSocket`用于创建客户端到服务器的安全连接,而`...
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure的一个解决方案-附件资源
NULL 博文链接:https://xusaomaiss.iteye.com/blog/723167
解决 java.lang.RuntimeException: Could not generate DH keypair异常处理。 bcprov-ext-jdk15on-1.60、bcprov-jdk15on-1.60两个包放到jre下的$JAVA_HOME/jre/lib/ext的路径下,然后配置$JAVA_HOME/jre/lib/...
MQTTv5版的客户端库,原地址:... 本资源合入了解决低于android7.0报错Caused by: java.lang.ClassNotFoundException: Didn't find class "javax.net.ssl.SNIHostName"的问题。
WebMagic是一个开源的Java实现的...同时,也可以了解到如何处理反爬虫策略、处理JavaScript渲染的页面以及优化爬虫性能等方面的知识。对于想要学习和实践网络爬虫技术的开发者来说,WebMagic-0.7.3是一个很好的起点。
2. **使用异常处理**:在解析代码中加入异常处理,捕获并处理`RuntimeException`。这可以帮助你更好地理解问题的具体原因,例如通过打印堆栈跟踪信息。 3. **更新解析逻辑**:如果数据源确实包含意外的子元素,你...
首先,`javax.imageio.IIOException`是Java标准库中的一个异常类型,它继承自`IOException`,专门用于处理与图像输入输出相关的错误。当`ImageIO`类库尝试读取或写入图像文件时,如果遇到不支持的图像类型,就会抛出...
javax.naming.NamingException: Cannot create resource instance类加载异常,希望可以帮助跟我一样错误的人。
javax.net.ssl.SSLHandshakeException:Chain validation failed timestamp check failed Certificate expired at Wed Nov 20 20:00:00 GMT+08:00 2019 (compared to Mon N… 当你遇到了类似以上的报错,先来说结论:...
赠送jar包:javax.servlet-3.0.0.v201112011016.jar; 赠送原API文档:javax.servlet-3.0.0.v201112011016-javadoc.jar; 赠送源代码:javax.servlet-3.0.0.v201112011016-sources.jar; 赠送Maven依赖信息文件:...
import javax.media.jai.JAI; import javax.media.jai.RenderedOp; jai_core-1.1.3.jar jai_codec-1.1.3.jar
赠送jar包:javax.servlet-3.0.0.v201112011016.jar; 赠送原API文档:javax.servlet-3.0.0.v201112011016-javadoc.jar; 赠送源代码:javax.servlet-3.0.0.v201112011016-sources.jar; 赠送Maven依赖信息文件:...
3. **在Java代码中配置TrustStore**:在Java代码中,你需要设置`javax.net.ssl.trustStore`和`javax.net.ssl.trustStorePassword`系统属性,指向你的TrustStore文件和密码: ```java System.setProperty("javax...