ssl https java_允许Java使用不受信任的证书进行SSL / HTTPS连接

最新推荐文章于 2023-02-05 17:43:38 发布
最新推荐文章于 2023-02-05 17:43:38 发布
阅读量721 收藏
点赞数
文章标签: ssl https java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_42300960/article/details/114449675
版权
这段Java代码提供了一个方法,用于在不使用密钥库的情况下信任所有HTTPS证书和主机名。它通过创建一个假的X509TrustManager和HostnameVerifier,从而允许连接到任何服务器,即使服务器的证书不受信任或自签名。这种方法主要用于调试和测试环境,不应在生产环境中使用,因为它可能导致安全风险。
摘要由CSDN通过智能技术生成

从下面的代码这里是一个有用的解决方案。没有密钥库等。只需在初始化服务和端口(在SOAP中)之前调用方法SSLUtilities.trustAllHttpsCertificates()。

import java.security.GeneralSecurityException;

import java.security.SecureRandom;

import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;

import javax.net.ssl.HttpsURLConnection;

import javax.net.ssl.SSLContext;

import javax.net.ssl.TrustManager;

import javax.net.ssl.X509TrustManager;

/**

* This class provide various static methods that relax X509 certificate and

* hostname verification while using the SSL over the HTTP protocol.

*

* @author Jiramot.info

*/

public final class SSLUtilities {

/**

* Hostname verifier for the Sun's deprecated API.

*

* @deprecated see {@link #_hostnameVerifier}.

*/

private static com.sun.net.ssl.HostnameVerifier __hostnameVerifier;

/**

* Thrust managers for the Sun's deprecated API.

*

* @deprecated see {@link #_trustManagers}.

*/

private static com.sun.net.ssl.TrustManager[] __trustManagers;

/**

* Hostname verifier.

*/

private static HostnameVerifier _hostnameVerifier;

/**

* Thrust managers.

*/

private static TrustManager[] _trustManagers;

/**

* Set the default Hostname Verifier to an instance of a fake class that

* trust all hostnames. This method uses the old deprecated API from the

* com.sun.ssl package.

*

* @deprecated see {@link #_trustAllHostnames()}.

*/

private static void __trustAllHostnames() {

// Create a trust manager that does not validate certificate chains

if (__hostnameVerifier == null) {

__hostnameVerifier = new SSLUtilities._FakeHostnameVerifier();

} // if

// Install the all-trusting host name verifier

com.sun.net.ssl.HttpsURLConnection

.setDefaultHostnameVerifier(__hostnameVerifier);

} // __trustAllHttpsCertificates

/**

* Set the default X509 Trust Manager to an instance of a fake class that

* trust all certificates, even the self-signed ones. This method uses the

* old deprecated API from the com.sun.ssl package.

*

* @deprecated see {@link #_trustAllHttpsCertificates()}.

*/

private static void __trustAllHttpsCertificates() {

com.sun.net.ssl.SSLContext context;

// Create a trust manager that does not validate certificate chains

if (__trustManagers == null) {

__trustManagers = new com.sun.net.ssl.TrustManager[]{new SSLUtilities._FakeX509TrustManager()};

} // if

// Install the all-trusting trust manager

try {

context = com.sun.net.ssl.SSLContext.getInstance("SSL");

context.init(null, __trustManagers, new SecureRandom());

} catch (GeneralSecurityException gse) {

throw new IllegalStateException(gse.getMessage());

} // catch

com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(context

.getSocketFactory());

} // __trustAllHttpsCertificates

/**

* Return true if the protocol handler property java. protocol.handler.pkgs

* is set to the Sun's com.sun.net.ssl. internal.www.protocol deprecated

* one, false otherwise.

*

* @return true if the protocol handler property is set to the Sun's

* deprecated one, false otherwise.

*/

private static boolean isDeprecatedSSLProtocol() {

return ("com.sun.net.ssl.internal.www.protocol".equals(System

.getProperty("java.protocol.handler.pkgs")));

} // isDeprecatedSSLProtocol

/**

* Set the default Hostname Verifier to an instance of a fake class that

* trust all hostnames.

*/

private static void _trustAllHostnames() {

// Create a trust manager that does not validate certificate chains

if (_hostnameVerifier == null) {

_hostnameVerifier = new SSLUtilities.FakeHostnameVerifier();

} // if

// Install the all-trusting host name verifier:

HttpsURLConnection.setDefaultHostnameVerifier(_hostnameVerifier);

} // _trustAllHttpsCertificates

/**

* Set the default X509 Trust Manager to an instance of a fake class that

* trust all certificates, even the self-signed ones.

*/

private static void _trustAllHttpsCertificates() {

SSLContext context;

// Create a trust manager that does not validate certificate chains

if (_trustManagers == null) {

_trustManagers = new TrustManager[]{new SSLUtilities.FakeX509TrustManager()};

} // if

// Install the all-trusting trust manager:

try {

context = SSLContext.getInstance("SSL");

context.init(null, _trustManagers, new SecureRandom());

} catch (GeneralSecurityException gse) {

throw new IllegalStateException(gse.getMessage());

} // catch

HttpsURLConnection.setDefaultSSLSocketFactory(context

.getSocketFactory());

} // _trustAllHttpsCertificates

/**

* Set the default Hostname Verifier to an instance of a fake class that

* trust all hostnames.

*/

public static void trustAllHostnames() {

// Is the deprecated protocol setted?

if (isDeprecatedSSLProtocol()) {

__trustAllHostnames();

} else {

_trustAllHostnames();

} // else

} // trustAllHostnames

/**

* Set the default X509 Trust Manager to an instance of a fake class that

* trust all certificates, even the self-signed ones.

*/

public static void trustAllHttpsCertificates() {

// Is the deprecated protocol setted?

if (isDeprecatedSSLProtocol()) {

__trustAllHttpsCertificates();

} else {

_trustAllHttpsCertificates();

} // else

} // trustAllHttpsCertificates

/**

* This class implements a fake hostname verificator, trusting any host

* name. This class uses the old deprecated API from the com.sun. ssl

* package.

*

* @author Jiramot.info

*

* @deprecated see {@link SSLUtilities.FakeHostnameVerifier}.

*/

public static class _FakeHostnameVerifier implements

com.sun.net.ssl.HostnameVerifier {

/**

* Always return true, indicating that the host name is an acceptable

* match with the server's authentication scheme.

*

* @param hostname the host name.

* @param session the SSL session used on the connection to host.

* @return the true boolean value indicating the host name is trusted.

*/

public boolean verify(String hostname, String session) {

return (true);

} // verify

} // _FakeHostnameVerifier

/**

* This class allow any X509 certificates to be used to authenticate the

* remote side of a secure socket, including self-signed certificates. This

* class uses the old deprecated API from the com.sun.ssl package.

*

* @author Jiramot.info

*

* @deprecated see {@link SSLUtilities.FakeX509TrustManager}.

*/

public static class _FakeX509TrustManager implements

com.sun.net.ssl.X509TrustManager {

/**

* Empty array of certificate authority certificates.

*/

private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};

/**

* Always return true, trusting for client SSL chain peer certificate

* chain.

*

* @param chain the peer certificate chain.

* @return the true boolean value indicating the chain is trusted.

*/

public boolean isClientTrusted(X509Certificate[] chain) {

return (true);

} // checkClientTrusted

/**

* Always return true, trusting for server SSL chain peer certificate

* chain.

*

* @param chain the peer certificate chain.

* @return the true boolean value indicating the chain is trusted.

*/

public boolean isServerTrusted(X509Certificate[] chain) {

return (true);

} // checkServerTrusted

/**

* Return an empty array of certificate authority certificates which are

* trusted for authenticating peers.

*

* @return a empty array of issuer certificates.

*/

public X509Certificate[] getAcceptedIssuers() {

return (_AcceptedIssuers);

} // getAcceptedIssuers

} // _FakeX509TrustManager

/**

* This class implements a fake hostname verificator, trusting any host

* name.

*

* @author Jiramot.info

*/

public static class FakeHostnameVerifier implements HostnameVerifier {

/**

* Always return true, indicating that the host name is an acceptable

* match with the server's authentication scheme.

*

* @param hostname the host name.

* @param session the SSL session used on the connection to host.

* @return the true boolean value indicating the host name is trusted.

*/

public boolean verify(String hostname, javax.net.ssl.SSLSession session) {

return (true);

} // verify

} // FakeHostnameVerifier

/**

* This class allow any X509 certificates to be used to authenticate the

* remote side of a secure socket, including self-signed certificates.

*

* @author Jiramot.info

*/

public static class FakeX509TrustManager implements X509TrustManager {

/**

* Empty array of certificate authority certificates.

*/

private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};

/**

* Always trust for client SSL chain peer certificate chain with any

* authType authentication types.

*

* @param chain the peer certificate chain.

* @param authType the authentication type based on the client

* certificate.

*/

public void checkClientTrusted(X509Certificate[] chain, String authType) {

} // checkClientTrusted

/**

* Always trust for server SSL chain peer certificate chain with any

* authType exchange algorithm types.

*

* @param chain the peer certificate chain.

* @param authType the key exchange algorithm used.

*/

public void checkServerTrusted(X509Certificate[] chain, String authType) {

} // checkServerTrusted

/**

* Return an empty array of certificate authority certificates which are

* trusted for authenticating peers.

*

* @return a empty array of issuer certificates.

*/

public X509Certificate[] getAcceptedIssuers() {

return (_AcceptedIssuers);

} // getAcceptedIssuers

} // FakeX509TrustManager

} // SSLUtilities

杨海宏
关注
Https java信任_java访问非经过信任证书https的方法
weixin_34233720的博客
02-21 509
由于项目需要,需要调用第三方的API接口,为了简单方便与快速开发,便采用了httpClient来进行调用。org.apache.httpcomponentshttpclient4.5.6但在第三方的一个HTTPS的接口时,IDE中报了如下错误。javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException...
使用java访问https链接时,不信任证书导致PKIX path building failed
鱼子之家
05-29 1875
解决办法使用keytool工具来设置jdk信任此站点。1.下载该站点的证书文件,格式为Base64的cer文件。 2.cmd管理员身份运行,并进入到jre文件夹下。 注意:密钥库口令默认为changeit
java访问未验证证书HTTPS
swt466719249的专栏
12-16 1278
用http进行连接的,客户端代码比较简单,直接使用URL类进行连接并获取输入流即可。https不需要客户端证书,并且服务器端的证书是已经受信任的也同http一样容易。当验证的证书每年的费用得好几千元,为了省钱,这里主要是说java访问未验证证书https的访问。 通常有两种方案:1、将证书导入到TrustStore文件中;2、修改X509证书信任管理器类的实现。推荐使用第一种方案,我们可以
java jdk https_允许Java JDK 11 HttpClient使用不安全的HTTPS连接
weixin_42138525的博客
02-13 1101
有时需要允许不安全的HTTPS连接,例如在某些可与任何站点一起使用的网络爬网应用程序中。我将这样的解决方案与旧的HttpsURLConnectionAPI一起使用,该解决方案最近已由JDK 11中的新HttpClientAPI取代。通过该新API允许不安全的HTTPS连接(自签名或过期证书)的方法是什么?UPD:我尝试过的代码(在Kotlin中,但直接映射到Java):val trustAllCe...
踩坑日志:解决Java在请求某些不受信任https网站时会报:PKIX path building failed
m0_61959706的博客
08-12 490
可是我内网穿透和服务器地址都用的http,怎么还会有这个异常呢,而且我还用HttpCilentUitl进行访问转换过。大概意思是知道,是因为jdk对不存在信任的网站进行https访问时,就会报出该异常。保存到C:\java-se-8u41-ri\jre\lib\security。3、重启服务再次访问,完美解决。不过,今天的头发也掉完了。...
java开发https请求ssl不受信任问题解决方法
08-28
Java 开发中,使用 HTTPS 请求时可能会遇到 SSL 不受信任的问题,这是因为 Java证书验证机制会检查目标服务器的证书是否合法,如果证书不合法或没有证书就会抛出异常。解决这个问题有两种方法:获得目标机器的...
ssl.tar.gz_URL HTTPS_https_https java_https ssl_java https
09-14
标题中的“ssl.tar.gz_URL HTTPS_https_https java_https ssl_java https”揭示了我们将讨论的是与HTTPS相关的Java编程实践,特别是关于URL连接使用HTTPS的主要作用是确保网络通信的安全性,通过加密数据来...
SSL.gz_ssl_ssl java_ssl证书
09-23
Java SSL证书则是Java平台对SSL协议的支持,允许Java应用程序进行安全的网络通信。 在描述中提到的“简单的SSL实现”,可能是指在Java环境中建立SSL连接的一个简化流程,这通常包括创建SSLContext,初始化...
Tomcat_SSL.rar_JAVA SSL _ssl_ssl java_tomcat_tomcat ssl
09-14
SSL/TLS协议用于在客户端浏览器和服务器之间建立安全的连接,它通过使用公钥和私钥加密技术来保护数据不被中间人攻击。在HTTPS中,SSL/TLS负责加密传输层的数据,而HTTP则处理应用层的通信协议。 接下来,我们来看...
java_ssl.rar_JAVA SSL _The Client_ssl_ssl java
09-23
它不仅涉及到基本的SSL连接,还包括证书管理、自签名证书的处理、SSL/TLS协议版本控制、密码策略等高级话题。通过这个压缩包的学习,开发者可以深入理解SSL工作原理,从而更好地在实际项目中应用和调试SSL连接问题。
Java访问不受信任证书https网站
nonths的专栏
06-11 3394
如果在Java中访问不受信任证书https网站,会出现如下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExc
Javahttps请求报错,信任所有ssl证书。解决SSLHandshakeException
Huathy的博客
08-23 8747
Java 信任所有SSL证书HTTPS请求抛错,忽略证书请求完美解决 Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath...
【笔记】Java 信任所有SSL证书(解决PKIX path building failed问题)
p15097962069的博客
02-23 481
【笔记】Java 信任所有SSL证书(解决PKIX path building failed问题)
java在访问https资源时,忽略证书信任问题
热门推荐
lizeyang的专栏
02-08 4万+
java程序在访问https资源时,出现报错 sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to r
java代码调用https接口
huihui_1223的博客
04-12 1777
package com.tusvn.util; import java.io.ByteArrayInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; import java.nio.charset.Charset; import java.nio.file.F
Https java信任_java开发https请求ssl不受信任问题解决方法
weixin_39968823的博客
02-12 774
本文主要讨论的是java开发https请求ssl不受信任的解决方法,具体分析及实现代码如下。在java代码中请求https链接的时候,可能会报下面这个错误javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.pro...
Https请求握手验证方式,对相应域名进行认证通过
hua245942641的专栏
11-13 1459
对于Https请求,在握手期间,如果 URL 的主机名和服务器的标识主机名不匹配,则验证机制可以回调此接口的实现程序来确定是否应该允许连接。 策略可以是基于证书的或依赖于其他验证方案。 当验证 URL 主机名使用的默认规则失败时会回调到HttpsURLConnection.setDefaultHostnameVerifier。因此,我们可以通过实现自己的HostnameVerifier子类来对
Java信任所有SSL证书HTTPS请求抛错,忽略证书请求
最新发布
qq_52071730的博客
02-05 2576
Java 信任所有SSL证书HTTPS请求抛错,忽略证书请求
java https 报错,Javahttps请求报错,信任所有ssl证书。解决javax.net.ssl.SSLHandshakeException: PKIX path building fai...
weixin_39892447的博客
03-19 1569
Java 信任所有SSL证书HTTPS请求抛错,忽略证书请求完美解决解决方案:在openConnection之前调用该utilutil代码package com.warren.util;import java.security.cert.CertificateException;import java.security.cert.X509Certificate;import javax.net....
Java开发解决HTTPS SSL不受信任问题
Java开发过程中,当尝试通过HTTPS协议进行网络请求时,有时会遇到SSL(Secure Socket Layer)证书不受信任的错误,这通常会导致 javax.net.ssl.SSLHandshakeException,其中包含了“sun.security.validator....
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值