1. 首页
  2. 问答
  3. 使用Java套接字连接到未签名的HTTP网站

使用Java套接字连接到未签名的HTTP网站

2010-12-15 39 views
2

我正在尝试设置一个Java程序来连接到我自己使用SSL的网站。我完全为标准HTTP站点工作,但不适用于HTTP。我的问题是我没有签署我的证书。使用Java套接字连接到未签名的HTTP网站

我该如何让java忽略它没有签名并让我连接的事实?

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) 
    at util.Watchlist.getWatchListWebsiteReaderSSL(Watchlist.java:51) 
    at util.Watchlist.updateWLDP(Watchlist.java:64) 
    at util.Watchlist.getWLDP(Watchlist.java:24) 
    at commands.devices.cpt.WldpMessage.run(WldpMessage.java:52) 
    at cli.Parser.Parse(Parser.java:74) 
    at fromUI.UISocketReader.run(UISocketReader.java:54) 
    at java.lang.Thread.run(Unknown Source) 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source) 
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) 
    at sun.security.validator.Validator.validate(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) 
    ... 19 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) 
    at java.security.cert.CertPathBuilder.build(Unknown Source) 
    ... 25 more

来源

2010-12-15 Kellenjb

回答

0

你需要创建一个接受未签名的证书和准随的SSLContext用于HTTPS连接的的TrustManager:当我试图连接我得到这个错误。有一个在http://www.exampledepot.com/egs/javax.net.ssl/trustall.html

// Create a trust manager that does not validate certificate chains 
TrustManager[] trustAllCerts = new TrustManager[]{ 
    new X509TrustManager() { 
    public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
     return null; 
    } 
    public void checkClientTrusted(
     java.security.cert.X509Certificate[] certs, String authType) {} 
    public void checkServerTrusted(
     java.security.cert.X509Certificate[] certs, String authType) {} 
    } 
}; 

// Install the all-trusting trust manager 
try { 
    SSLContext sc = SSLContext.getInstance("SSL"); 
    sc.init(null, trustAllCerts, new java.security.SecureRandom()); 
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); 
} catch (Exception e) { 
} 

// Now you can access an https URL without having the certificate in the 
// truststore 
try { 
    URL url = new URL("https://hostname/index.html"); 
} catch (MalformedURLException e) { 
}

一个简单的例子,请注意,链接的例子做任何对服务器的SSL证书没有验证所以你将不能够完全信任你连接到网站的身份。

来源

2010-12-15 19:17:55 nogudnik

+0

嗯,这让我更进了一步。我现在正在收到“收到的致命警报:bad_record_mac”。我认为这可能与服务器上的SSL版本有关。如果你碰巧知道,请让我知道。尽管您的帮助很大! – Kellenjb 2010-12-15 20:17:24

+0

TrustManager不符合其规范。接受所有证书的技术决不能用于生产代码,因为它从根本上破坏了SSL的安全性。请参阅RFC 2246中的讨论。 – EJP 2010-12-17 05:03:23

+0

@EJP我只是在研究一个概念验证,因此SSL很弱。在生产中SSL将被签署。 – Kellenjb 2011-01-03 23:51:07

相关问题

 相关问题