mitmproxy和ec2-api-tools

Question

我無法獲得mitmproxy與ec2-api-tools一起使用。

在一個終端，我這樣做：

$ mitmproxy -p 8080 

而在另一個，我所做的：

$ export EC2_JVM_ARGS="-DproxySet=true -DproxyHost=127.0.0.1 -DproxyPort=8080 -Dhttps.proxySet=true -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=8080" 
$ ec2-describe-instances 

我得到以下錯誤：

Unexpected error: 
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:401) 
    at org.apache.commons.httpclient.contrib.amazon.ssl.StrictSSLProtocolSocketFactory.verifyHostname(StrictSSLProtocolSocketFactory.java:369) 
    at org.apache.commons.httpclient.contrib.amazon.ssl.StrictSSLProtocolSocketFactory.createSocket(StrictSSLProtocolSocketFactory.java:241) 
    at org.apache.commons.httpclient.HttpConnection.tunnelCreated(HttpConnection.java:786) 
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.tunnelCreated(MultiThreadedHttpConnectionManager.java:1521) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeConnect(HttpMethodDirector.java:514) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:391) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) 
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) 
    at org.codehaus.xfire.transport.http.CommonsHttpMessageSender.send(CommonsHttpMessageSender.java:369) 
    at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:123) 
    at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48) 
    at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26) 
    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131) 
    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79) 
    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114) 
    at org.codehaus.xfire.client.Client.invoke(Client.java:336) 
    at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77) 
    at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57) 
    at com.sun.proxy.$Proxy12.describeInstances(Unknown Source) 
    at com.amazon.aes.webservices.client.Jec2Impl.describeInstances(Jec2Impl.java:1517) 
    at com.amazon.aes.webservices.client.Jec2Impl.describeInstances(Jec2Impl.java:1492) 
    at com.amazon.aes.webservices.client.cmd.DescribeInstances.invokeOnline(DescribeInstances.java:58) 
    at com.amazon.aes.webservices.client.cmd.BaseCmd.invoke(BaseCmd.java:1040) 
    at com.amazon.aes.webservices.client.cmd.DescribeInstances.main(DescribeInstances.java:67) 

我跑在OS X上，我配置了鑰匙串以信任mitmproxy-ca-cert.pem證書。

Answer 1

感謝Thomas奧羅斯科的回答和this mitmproxy issue：

sudo keytool -importcert -alias mitmproxy -storepass "changeit" \ 
    -keystore /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts \ 
    -trustcacerts -file ~/.mitmproxy/mitmproxy-ca-cert.pem 

Answer 2

您必須將MITM代理證書添加到Java正在使用的證書存儲中，這可能不是OS X的鑰匙串。

您應該能夠使用keytool此：http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html