我正在尝试在 Glassfish 服务器上设置 SpringSecurity CAS 身份验证,并且该服务器具有过期的自签名证书。我已设法导入证书,但仍然出现以下错误:
FAILURE: javax.net.ssl.SSLHandshakeException : sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
所以很明显这意味着我们有一个时间戳(过期证书)错误。
我读过可能有一种方法可以编写自定义
SSLContext
处理这个特定的证书并将其列入白名单 - 但我真的很困惑如何注入(inject)自定义 SSLContext
混合。这是我在
web.xml
中所做的事情吗?或者只是放入代码或其他东西?谢谢
最佳答案
好吧,看来我找到了一种糟糕的方法。我扔了这个 SSL 助手 进入我的项目,它只是做了神奇的事情
import com.sun.net.ssl.HostnameVerifier;
import com.sun.net.ssl.HttpsURLConnection;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
/**
*
* @author jstein
*/
public class SSLHelper {
static {
disableSslVerification();
}
private static void disableSslVerification() {
try {
TrustManager[] trustAllCerts;
trustAllCerts = new TrustManager[]{new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public boolean isClientTrusted(java.security.cert.X509Certificate[] xcs) {
return true;
}
@Override
public boolean isServerTrusted(java.security.cert.X509Certificate[] xcs) {
return true;
}
}};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier allHostsValid;
allHostsValid = new HostnameVerifier() {
@Override
public boolean verify(String string, String string1) {
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
}
突然一切都正常了:)
关于java - Glassfish 如何信任 SSL 的过期证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39671910/