java - Glassfish 如何信任 SSL 的过期证书

Question

我正在尝试在 Glassfish 服务器上设置 SpringSecurity CAS 身份验证，并且该服务器具有过期的自签名证书。我已设法导入证书，但仍然出现以下错误:

FAILURE: javax.net.ssl.SSLHandshakeException : sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed

所以很明显这意味着我们有一个时间戳(过期证书)错误。

我读过可能有一种方法可以编写自定义 SSLContext处理这个特定的证书并将其列入白名单 - 但我真的很困惑如何注入(inject)自定义 SSLContext混合。

这是我在 web.xml 中所做的事情吗？或者只是放入代码或其他东西？

谢谢

Answer 1

好吧，看来我找到了一种糟糕的方法。我扔了这个 SSL 助手 进入我的项目，它只是做了神奇的事情

import com.sun.net.ssl.HostnameVerifier;
import com.sun.net.ssl.HttpsURLConnection;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;

/*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */
/**
 *
 * @author jstein
 */
public class SSLHelper {

    static {
        disableSslVerification();
    }

    private static void disableSslVerification() {
        try {
            TrustManager[] trustAllCerts;
            trustAllCerts = new TrustManager[]{new X509TrustManager() {
                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                @Override
                public boolean isClientTrusted(java.security.cert.X509Certificate[] xcs) {
                    return true;
                }

                @Override
                public boolean isServerTrusted(java.security.cert.X509Certificate[] xcs) {
                    return true;
                }
            }};

            // Install the all-trusting trust manager
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

            HostnameVerifier allHostsValid;
            allHostsValid = new HostnameVerifier() {

                @Override
                public boolean verify(String string, String string1) {
                    return true;
                }
            };

            // Install the all-trusting host verifier
            HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
    }
}

突然一切都正常了:)