Apache Http客戶端SSL證書錯誤

Question

我知道它之前已被問過，但我嘗試了所有我找到的解決方案，但仍然無法正常工作。

基本上，我試圖通過Apache Http Client（4.3）獲取一些內容，並且我連接的網站存在一些SSL問題。

首先，我得到了SSLException和unrecognized_name的消息。我試圖通過將jsse.enableSNIExtension屬性設置爲false來解決此問題。

然後，我得到這個異常： javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我又試圖提供我億韓元SSLFactory，將接受所有證書，但我仍然得到同樣的異常。這裏是我的代碼：

private static void sslTest() throws Exception { 
    System.setProperty("jsse.enableSNIExtension", "false"); 

    SSLContext sslContext = SSLContexts.custom() 
      .loadTrustMaterial(null, new TrustSelfSignedStrategy()) 
      .useTLS() 
      .build(); 

    SSLConnectionSocketFactory connectionFactory = 
      new SSLConnectionSocketFactory(sslContext, new AllowAllHostnameVerifier()); 

    CookieStore cookieStore = new BasicCookieStore(); 
    HttpClientContext context = HttpClientContext.create(); 
    context.setCookieStore(cookieStore); 

    CloseableHttpClient httpclient = HttpClients.custom() 
      .setSSLSocketFactory(connectionFactory) 
      .setDefaultCookieStore(cookieStore) 
      .build(); 

    URI uri = new URIBuilder() 
      .setScheme("https") 
      .setHost(BASE_URL) 
      .build(); 

    String responseBody = httpclient.execute(new HttpGet(uri), RESPONSE_HANDLER); 
} 

所有幫助非常感謝！

Answer 1

另請注意，信任自簽名證書並不意味着相信任何任意證書。嘗試建立您的SSL背景是這樣的：

SSLContext sslContext = SSLContexts.custom() 
     .loadTrustMaterial(null, new TrustStrategy() { 

      @Override 
      public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { 
       return true; 
      } 
     }) 
     .useTLS() 
     .build(); 

也請注意，一般信任的證書胡亂擊敗首先使用SSL的目的。使用在絕對必要的或只用於測試

Answer 2

您的信任庫不信任服務器證書。

允許所有主機名是一個HTTPS步驟，只能調用如果證書是可信的。

Answer 3

在HTTP客戶端4.5.2：

SSLContext sslContext = SSLContexts.custom() 
      .loadTrustMaterial(null, new TrustStrategy() { 

       @Override 
       public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { 
        return true; 
       } 
      }) 
      .build(); 

    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
      sslContext, 
      NoopHostnameVerifier.INSTANCE); 

然後：

HttpClientBuilder builder = HttpClients.custom().setSSLSocketFactory(sslsf); 

Answer 4

以下是Apache 4X相信一切

static { 
    // avoid error javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name 
    System.setProperty("jsse.enableSNIExtension", "false"); 
} 

public static HttpClientBuilder createTrustAllHttpClientBuilder() { 
    try { 
     SSLContextBuilder builder = new SSLContextBuilder(); 
     builder.loadTrustMaterial(null, (chain, authType) -> true); 
     SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE); 

     return HttpClients.custom().setSSLSocketFactory(sslsf); 
    } 
    catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) { 
     throw new IllegalStateException(e); 
    } 
}