使用 Jersey 客户端忽略自签名 ssl 证书
我正在使用 Jersey 客户端库对在 jboss 上运行的休息服务运行测试.我使用自签名证书在服务器上设置了 https(在本地主机上运行).
I'm using the Jersey Client library to run tests against a rest service running on jboss. I have https set up fine on the server (running on localhost), using a self signed cert.
但是,每当我使用 https url 运行测试时,我都会收到以下错误:
However whenever I run my tests with the https url I get the following error:
com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:131)
at com.sun.jersey.api.client.Client.handle(Client.java:629)
at com.sun.jersey.oauth.client.OAuthClientFilter.handle(OAuthClientFilter.java:137)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:601)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:459)
at test.helper.Helper.sendSignedRequest(Helper.java:174)
... And so on
我知道这是因为我的自签名证书不在 java 密钥库中.有什么办法可以让 Client 不检查 ssl 证书的有效性而不管它吗?
I know this is because my self signed cert is not in the java keystore. Is there any way I can make the Client not check the validity of the ssl cert and just use it regardless?
这段代码只会在测试服务器上运行,所以我不想在每次设置新的测试服务器时都添加新的可信证书.
This code will only ever be run against test servers so I don't want to go to the hassle of adding new trusted certs each time we set up a new test server.
这是进行调用的代码:
OAuthParameters params = new OAuthParameters();
// baseline OAuth parameters for access to resource
params.signatureMethod(props.getProperty("signature_method"));
params.consumerKey(props.getProperty("consumer_key"));
params.setToken(props.getProperty("token"));
params.setVersion("1.0");
params.nonce();
// OAuth secrets to access resource
OAuthSecrets secrets = new OAuthSecrets();
secrets.consumerSecret(props.getProperty("consumer_secret"));
secrets.setTokenSecret(props.getProperty("token_secret"));
// Jersey client to make REST calls to token services
Client client = Client.create();
// OAuth test server resource
WebResource resource = client.resource(props.getProperty("url"));
// if parameters and secrets remain static, filter cab be added to each web resource
OAuthClientFilter filter = new OAuthClientFilter(client.getProviders(), params, secrets);
// filter added at the web resource level
resource.addFilter(filter);
WebResource.Builder wbr = resource.getRequestBuilder().accept(props.getProperty("accept"));
return wbr.get(ClientResponse.class);
任何帮助将不胜感激.
经过一些旧的 stackoverflow 问题的搜索和拖网,我在之前提出的 SO 问题中找到了解决方案:
After some searching and trawling through some old stackoverflow questions I've found a solution in a previously asked SO question:
这是我最终使用的代码.
Here's the code that I ended up using.
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager(){
public X509Certificate[] getAcceptedIssuers(){return null;}
public void checkClientTrusted(X509Certificate[] certs, String authType){}
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
;
}