问答首页 Java企业应用
0 0

java HttpsURLConnection怎么绕过证书,原理是什么5

最近项目中用到通过HttpURLConnection去连接一个url进行访问操作,但是在实际的部署环境中,web服务器使用了ssl,直接通过HttpURLConnection无法访问,然后通过修改代码,使用HttpsURLConnction,加载证书啊之类的来实现访问。但是问题来了,我部署的应该每次都需要容器的keystore文件、密码。后来看到网上有人有代码可以绕过证书、或者使用common-httpclient来访问(自动加载证书),但是小弟我对这个原理一点不懂,求解!

问题补充:如果使用加载keystore文件的话,我每次部署应用都需要知道容器设置的keystore文件,通过网上的代码,我不用关注证书之类的信息,就可以访问https的url。还是迷茫啊
问题补充:谢谢你的回答,脑子中有点概念了,不过还是有点迷糊,还在学习中。你说的自签名证书的意思是不是在与server通信过程中,客户端使用的证书是自己生成的,我们在代码中通过使用X509TrustManager来产生? <br /> <br /><div class="quote_title">beneo 写道</div><div class="quote_div">https的证书发放是基于x509的 <br /> <br />证书可以是自己生成的(叫做自签名证书),可以是CA中心发放的 <br /> <br />X509TrustManager产生的就是一个自签名证书。。 <br /> <br />因为你配置的tomcat和google https接受自签名证书,所以才能访问。</div> <br />
问题补充:非常谢谢beneo, <br />本人javaeye分实在太少,不好意思了。大家多交流交流^_^!!!
Java综合 
2010年12月29日 13:43

3个答案 按时间排序 按投票排序

0 0

你访问https是客户端验证服务器证书是否合法,所以你可以修改验证的地方,来绕过验证,当然,服务器也可以验证你的证书,但是一般不会验证...

2013年4月08日 17:12
0 0

https的证书发放是基于x509的

证书可以是自己生成的(叫做自签名证书),可以是CA中心发放的

X509TrustManager产生的就是一个自签名证书。。

因为你配置的tomcat和google https接受自签名证书,所以才能访问。

2010年12月30日 16:35
0 0 

public class HttpsMultiThreadUtil {

    private static HttpClient httpClient = DefaultMultiThreadHttpsClient();


    public static String send(String url) {
        HttpGet httpget = new HttpGet(url);
        HttpResponse response = null;
        try {
            response = httpClient.execute(httpget);
        } catch (IOException e) {
            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        }
        System.out.println(response.getStatusLine());
        HttpEntity entity = response.getEntity();
        StringBuilder sb = new StringBuilder();
        if (entity != null) {
            BufferedReader reader = null;
            try {
                reader = new BufferedReader(new InputStreamReader(entity.getContent()));
            } catch (IOException e) {
                e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
            }
            try {
                sb.append(reader.readLine());
                sb.append("\r\n");
            } catch (IOException e) {
                e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.x
            } catch (RuntimeException e) {
                httpget.abort();
                throw e;

            } finally {
                try {
                    reader.close();
                } catch (IOException e) {
                    e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
                }
            }
        }
        return sb.toString();
    }


    public static DefaultHttpClient DefaultMultiThreadHttpsClient() {
        try {
            // First create a trust manager that won't care.
            X509TrustManager trustManager = new X509TrustManager() {
                public void checkClientTrusted(X509Certificate[] chain, String authType)
                        throws CertificateException {
                    // Don't do anything.
                }

                public void checkServerTrusted(X509Certificate[] chain, String authType)
                        throws CertificateException {
                    // Don't do anything.
                }

                public X509Certificate[] getAcceptedIssuers() {
                    // Don't do anything.
                    return null;
                }
            };

            // Now put the trust manager into an SSLContext.
            SSLContext sslcontext = SSLContext.getInstance("TLS");
            sslcontext.init(null, new TrustManager[]{trustManager}, null);

            // Use the above SSLContext to create your socket factory
            // (I found trying to extend the factory a bit difficult due to a
            // call to createSocket with no arguments, a method which doesn't
            // exist anywhere I can find, but hey-ho).
            SSLSocketFactory sf = new SSLSocketFactory(sslcontext);
            sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);


            HttpParams params = new BasicHttpParams();
            ConnManagerParams.setMaxTotalConnections(params, 100);
            HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);

            // Create and initialize scheme registry
            SchemeRegistry schemeRegistry = new SchemeRegistry();
            schemeRegistry.register(
                    new Scheme("https", sf, 443));

            // Create an HttpClient with the ThreadSafeClientConnManager.
            // This connection manager must be used if more than one thread will
            // be using the HttpClient.
            ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry);


            return new DefaultHttpClient(cm, params);


        } catch (Throwable t) {
            // AND NEVER EVER EVER DO THIS, IT IS LAZY AND ALMOST ALWAYS WRONG!
            t.printStackTrace();
            return null;
        }
    }


    public static void shutdown() {
        if (httpClient != null) {
            httpClient.getConnectionManager().shutdown();
        }
    }

    public static void main(String[] args) {
        String ret = HttpsMultiThreadUtil.send("https://www.google.com");
        System.out.println(ret);
        HttpsMultiThreadUtil.shutdown();
    }
}



   <dependencies>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpcore</artifactId>
            <version>4.0.1</version>
        </dependency>
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-api</artifactId>
            <version>6.0</version>
        </dependency>
        <dependency>
            <groupId>org.testng</groupId>
            <artifactId>testng</artifactId>
            <version>5.14.2</version>
        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.0.3</version>
        </dependency>
    </dependencies>


我觉得不是绕过了x509的验证机制,而是google服务器本身不太需要验证吧。。。

如果这样不行的话,你就 

        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream instream = new FileInputStream(new File("my.keystore"));
        try {
            trustStore.load(instream, "nopassword".toCharArray());
        } finally {
            instream.close();
        }

        SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);

利用trustStore替换掉上面的sslcontext

此外,这代码本身是线程安全的,你只管用httpclient,他自己会管理链接池和线程池的

2010年12月29日 14:30

相关推荐

Magicbox
Ask-but
我的问答 FAQ | 勋章

相关推荐

已解决问题

未解决问题

排行榜

Global site tag (gtag.js) - Google Analytics