我正在尝试对 JBoss 使用自签名证书并尝试信任代码。但我收到 javax.net.ssl.SSLPeerUnverifiedException:。这是我尝试过的事情,
创建 keystore
创建信任存储
在 JBoss AS 7.1.1 中配置 SSL
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl password="password" certificate-key-file="C:\work\certs\ks" protocol="TLSv1" verify-client="false" certificate-file="C:\work\certs\ks"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
启动 JBoss。现在我可以通过单击“仍然继续”按钮在 Chrome 中访问该网站。
但是当我尝试从代码访问时,出现异常。
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
at com.test.utility.TestHttps.main(TestHttps.java:61)
这是我的代码,
public class TestHttps {
private static TrustManager[] getTrustManagers() throws IOException, GeneralSecurityException {
String trustStorePassword = "password";
String alg = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg);
FileInputStream fis = new FileInputStream("C:\\work\\certs\\trust");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fis, trustStorePassword.toCharArray());
fis.close();
tmFact.init(ks);
TrustManager[] tms = tmFact.getTrustManagers();
return tms;
}
public static void main(String[] args) throws Exception {
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, getTrustManagers(), null);
SSLSocketFactory ssf = new SSLSocketFactory(context);
HttpClient base = new DefaultHttpClient();
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry registry = ccm.getSchemeRegistry();
registry.register(new Scheme("https", 8443, ssf));
try {
DefaultHttpClient httpClient = new DefaultHttpClient(ccm, base.getParams());
HttpGet getRequest = new HttpGet("https://localhost:8443/cafe/");
HttpResponse response = httpClient.execute(getRequest);
if (response.getStatusLine().getStatusCode() != 200) {
throw new RuntimeException("Failed : HTTP error code : "
+ response.getStatusLine().getStatusCode());
}
BufferedReader br = new BufferedReader(new InputStreamReader(
(response.getEntity().getContent())));
String output;
while ((output = br.readLine()) != null) {
System.out.println(output);
}
httpClient.getConnectionManager().shutdown();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
请让我知道我做错了什么。提前致谢。
最佳答案
我通过设置系统属性发现了问题
System.setProperty("javax.net.debug", "SSL,handshake,trustmanager");
问题似乎出在 Jboss SSL 配置上,
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl password="password" certificate-key-file="C:\work\certs\ks" protocol="TLSv1" verify-client="false" certificate-file="C:\work\certs\ks"/>
</connector>
删除了协议(protocol)=“TLSv1”。并将证书导入到 JRE keystore 中:
- 通过浏览器访问该网站
- 导出证书
- 导入到 JRE keystore 中
keytool -import -alias localhost -file C:\ssl\test.cer -keystore%JAVA_HOME%\jre\lib\security\cacerts"
之后,下面的代码就可以发挥作用了。
String path = "https://localhost:8443/cafe/";
URL url = new URL(path);
URLConnection conn = url.openConnection();
BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String output;
while ((output = br.readLine()) != null) {
System.out.println(output);
}
br.close();
关于jakarta-ee - 接受 Java 中的自签名证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12369495/