使用HTTPS进行基本身份验
我目前正在尝试使用HTTP和HTTPS访问URL。 我尝试访问的URL需要基本身份validation。 使用HTTP它工作正常,但使用HTTPS却没有。 我不确定是否需要使用HTTPS添加不同的内容。 该URL应该返回给我的文本,该文本是键值格式,我可以加载到Properties对象中。
这是我到目前为止尝试过的代码。
if (cpUrl.getProtocol().equals("https")) { out.println("https", 0); HttpsURLConnection connection = (HttpsURLConnection) cpUrl.openConnection(); TrustManager[] trustAllCerts = new TrustManager[] { new BusinessIntelligenceX509TrustManager() }; SSLContext sc; try { sc = SSLContext.getInstance("SSL"); } catch (NoSuchAlgorithmException noSuchAlgorithmException) { return; } HostnameVerifier hv = new BusinessIntelligenceHostnameVerifier(); try { sc.init(null, trustAllCerts, new java.security.SecureRandom()); } catch (KeyManagementException keyManagementException) { return; } HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(hv); connection.setDoInput(true); connection.setRequestProperty("Authorization", "Basic " + encode); connection.setRequestMethod("POST"); connection.connect(); stream = connection.getInputStream(); Properties properties = new Properties(); properties.load(stream); }
这是证书类
//HTTPS CERTIFICATE CLASSES class BusinessIntelligenceHostnameVerifier implements HostnameVerifier { public boolean verify(String arg0, SSLSession arg1) { return true; } } class BusinessIntelligenceX509TrustManager implements X509TrustManager { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { // no-op } public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { // no-op } }
删除所有证书代码(以及证书代码)时的错误消息:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133) at com.tecsys.bi.install.BiInstall2ControlPanelPromptsProcessor.run(BiInstall2ControlPanelPromptsProcessor.java:117) at java.lang.Thread.run(Thread.java:595) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) at sun.security.validator.Validator.validate(Validator.java:203) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841) ... 12 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) ... 17 more
问题似乎是在为连接更改SSLContext和HostNameVerifier实例之前打开连接的事实。 这是不可能的,因为即使在从InputStream读取连接内容之前,也会发生SSL / TLS握手。
换句话说,以下行
HttpsURLConnection connection = (HttpsURLConnection) cpUrl.openConnection();
只有在使用HttpsURLConnection类注册SSLContext和HostNameVerifier的实例后才应该执行。
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(hv);
修复此序列应该解决问题,因为现在将使用新参数进行握手。