首頁>Program>source

使用HttpClient,尝試通過HTTPS进行通訊時收到以下錯誤:

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.

這是我的代碼:

URI loginUri = new URI("https://myUrl.asp");
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet( loginUri );
HttpResponse response = httpclient.execute( httpget );

如何抑製或消除此錯誤?

最新回復
  • 5月前
    1 #

    註意:請勿在生产代碼中執行此操作,請改用http或上面建議的實際自簽名公钥。

    在HttpClient 4.xx上:

    import static org.junit.Assert.assertEquals;
    import java.security.KeyManagementException;
    import java.security.NoSuchAlgorithmException;
    import java.security.cert.X509Certificate;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;
    import org.apache.http.HttpResponse;
    import org.apache.http.client.methods.HttpGet;
    import org.apache.http.conn.scheme.Scheme;
    import org.apache.http.conn.ssl.SSLSocketFactory;
    import org.apache.http.impl.client.DefaultHttpClient;
    import org.junit.Test;
    public class HttpClientTrustingAllCertsTest {
        @Test
        public void shouldAcceptUnsafeCerts() throws Exception {
            DefaultHttpClient httpclient = httpClientTrustingAllSSLCerts();
            HttpGet httpGet = new HttpGet("https://host_with_self_signed_cert");
            HttpResponse response = httpclient.execute( httpGet );
            assertEquals("HTTP/1.1 200 OK", response.getStatusLine().toString());
        }
        private DefaultHttpClient httpClientTrustingAllSSLCerts() throws NoSuchAlgorithmException, KeyManagementException {
            DefaultHttpClient httpclient = new DefaultHttpClient();
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, getTrustingManager(), new java.security.SecureRandom());
            SSLSocketFactory socketFactory = new SSLSocketFactory(sc);
            Scheme sch = new Scheme("https", 443, socketFactory);
            httpclient.getConnectionManager().getSchemeRegistry().register(sch);
            return httpclient;
        }
        private TrustManager[] getTrustingManager() {
            TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
                @Override
                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                    // Do nothing
                }
                @Override
                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                    // Do nothing
                }
            } };
            return trustAllCerts;
        }
    }
    

  • 5月前
    2 #

    此答案接着是owlstead和Mat的迴答.它適用於SE / EE安裝,不適用於ME / mobile / Android SSL。

    由於尚無人提及,我將提及"生产方式"来解決此問题: 請按照HttpClient中AuthSSLProtocolSocketFactory類中的步骤操作,以更新您的信任庫和密钥庫。

    匯入受信任的證书並生成信任庫檔案

    keytool -import -alias "my server cert" -file server.crt -keystore my.truststore

    生成新密钥(使用与信任庫相同的密碼)

    keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore

    發出證书簽名請求(CSR)

    keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore

    (自簽名或获得證书簽名)

    匯入受信任的CA根證书

    keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore

    匯入包含完整證书鏈的PKCS#7檔案

    keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore

    驗證生成的密钥庫檔案的內容

    keytool -list -v -keystore my.keystore

    如果没有服務器證书,請以JKS格式生成一个證书,然後將其匯出為CRT檔案.資料来源:keytool文件

    keytool -genkey -alias server-alias -keyalg RSA -keypass changeit
        -storepass changeit -keystore my.keystore
    keytool -export -alias server-alias -storepass changeit
        -file server.crt -keystore my.keystore
    

  • 5月前
    3 #

    使用HttpClient 3.x,您需要執行以下操作:

    Protocol easyHttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
    Protocol.registerProtocol("https", easyHttps);
    

    可以在此處找到EasySSLProtocolSocketFactory的實現。

  • 5月前
    4 #

    如果您的服務器基於JDK 7,而客戶端基於JDK 6並使用SSL證书,則將發生此異常.在JDK 7中,預設情况下禁用sslv2hello訊息握手,而在JDK 6中則啟用sslv2hello訊息握手.因此,当您的客戶端尝試連線服務器時,將向服務器發送sslv2hello訊息,並且由於禁用sslv2hello訊息,您將收到此異常.要解決此問题,您必须將客戶端移至JDK 7,或者必须使用6u91版本的JDK.但是,要获得此版本的JDK,您必须获得

  • 5月前
    5 #

    方法,该方法返迴" secureClient"(在Java 7環境中-NetBeans IDE和GlassFish Server:預設情况下為port https 3920),希望這可以有所帮助 :

    public DefaultHttpClient secureClient() {
        DefaultHttpClient httpclient = new DefaultHttpClient();
        SSLSocketFactory sf;
        KeyStore trustStore;
        FileInputStream trustStream = null;
        File truststoreFile;
        // java.security.cert.PKIXParameters for the trustStore
        PKIXParameters pkixParamsTrust;
        KeyStore keyStore;
        FileInputStream keyStream = null;
        File keystoreFile;
        // java.security.cert.PKIXParameters for the keyStore
        PKIXParameters pkixParamsKey;
        try {
            trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
            truststoreFile = new File(TRUSTSTORE_FILE);
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keystoreFile = new File(KEYSTORE_FILE);
            try {
                trustStream = new FileInputStream(truststoreFile);
                keyStream = new FileInputStream(keystoreFile);
            } catch (FileNotFoundException ex) {
                Logger.getLogger(ApacheHttpRestClient.class.getName()).log(Level.SEVERE, null, ex);
            }
            try {
                trustStore.load(trustStream, PASSWORD.toCharArray());
                keyStore.load(keyStream, PASSWORD.toCharArray());
            } catch (IOException ex) {
                Logger.getLogger(ApacheHttpRestClient.class.getName()).log(Level.SEVERE, null, ex);
            } catch (CertificateException ex) {
                Logger.getLogger(ApacheHttpRestClient.class.getName()).log(Level.SEVERE, null, ex);
            }
            try {
                pkixParamsTrust = new PKIXParameters(trustStore);
                // accepts Server certificate generated with keytool and (auto) signed by SUN
                pkixParamsTrust.setPolicyQualifiersRejected(false);
            } catch (InvalidAlgorithmParameterException ex) {
                Logger.getLogger(ApacheHttpRestClient.class.getName()).log(Level.SEVERE, null, ex);
            }
            try {
                pkixParamsKey = new PKIXParameters(keyStore);
                // accepts Client certificate generated with keytool and (auto) signed by SUN
                pkixParamsKey.setPolicyQualifiersRejected(false);
            } catch (InvalidAlgorithmParameterException ex) {
                Logger.getLogger(ApacheHttpRestClient.class.getName()).log(Level.SEVERE, null, ex);
            }
            try {
                sf = new SSLSocketFactory(trustStore);
                ClientConnectionManager manager = httpclient.getConnectionManager();
                manager.getSchemeRegistry().register(new Scheme("https", 3920, sf));
            } catch (KeyManagementException ex) {
                Logger.getLogger(ApacheHttpRestClient.class.getName()).log(Level.SEVERE, null, ex);
            } catch (UnrecoverableKeyException ex) {
                Logger.getLogger(ApacheHttpRestClient.class.getName()).log(Level.SEVERE, null, ex);
            }
        } catch (NoSuchAlgorithmException ex) {
            Logger.getLogger(ApacheHttpRestClient.class.getName()).log(Level.SEVERE, null, ex);
        } catch (KeyStoreException ex) {
            Logger.getLogger(ApacheHttpRestClient.class.getName()).log(Level.SEVERE, null, ex);
        }
        // use the httpclient for any httpRequest
        return httpclient;
    }
    

  • AndroidGridView行分隔符/分隔符
  • 簡單的HttpURLConnection POST檔案multipart / form-data从android到google blobstore