如何使用 IP 地址忽略带有 okhttp3 的服务器证书?
How do I ignore Server Certificate with okhttp3 using IP Address?
我试图忽略带有以下行的服务器证书:
clientCertificatesBuilder.addInsecureHost(HOST);
.sslSocketFactory(clientCertificates.sslSocketFactory(),
clientCertificates.trustManager())
.hostnameVerifier((hostname, session) -> true)
如果我尝试发出请求并且我不知道该怎么做,我总是会遇到异常。
javax.net.ssl.SSLHandshakeException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
这是我得到 OkHttpClient:
的 class
import okhttp3.OkHttpClient;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import java.io.IOException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
@Service
public class OkHttpUtils {
@Value("${host}")
private String HOST;
@Value("${public-key-path}")
private String PUBLIC_KEY_PATH;
@Value("${private-key-path}")
private String PRIVATE_KEY_PATH;
@Value("${certificate-path}")
private String CERTIFICATE_PATH;
@Value("${url}")
private String URL;
public OkHttpClient getClient()
throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, CertificateException {
String algorithm = "RSA";
// Read public and private key to create a keypair
PrivateKey privateKey = KeyUtils.getPemPrivateKey(PRIVATE_KEY_PATH, algorithm);
PublicKey publicKey = KeyUtils.getPemPublicKey(PUBLIC_KEY_PATH, algorithm);
KeyPair keyPair = new KeyPair(publicKey, privateKey);
// Read the certificate
X509Certificate certificate = KeyUtils.getX509Certificate(CERTIFICATE_PATH);
// Client certificate, used to authenticate the client
HeldCertificate clientCertificate = new HeldCertificate(keyPair, certificate);
// Create handshake certificate (which root certificate/hostname to trust)
HandshakeCertificates.Builder clientCertificatesBuilder = new HandshakeCertificates.Builder()
.addPlatformTrustedCertificates() // trust all certificate which are trusted on the platform
.heldCertificate(clientCertificate); // attach the client certificate
// Do not verify certificate of the host
clientCertificatesBuilder.addInsecureHost(HOST);
HandshakeCertificates clientCertificates = clientCertificatesBuilder.build();
return new OkHttpClient.Builder()
.sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager())
.hostnameVerifier((hostname, session) -> true) // Do not verify the hostname
.build();
}
}
在这里我构建了请求并得到了异常:
OkHttpClient client = okHttpUtils.getClient();
HttpUrl.Builder httpBuilder = HttpUrl.parse(url).newBuilder();
Request request = new Request.Builder()
.url(httpBuilder.build())
.addHeader("Authorization", "Handle clientCert=true")
.addHeader("Accept", "application/json")
.get()
.build();
try (Response response = client.newCall(request).execute()) {
...}
感谢任何帮助!
我发现了问题:
由于 HOST 我给出了一个 IP 地址而不是 URL,目前 OkHttp3 中有一个错误,所以它不起作用。
我试图忽略带有以下行的服务器证书:
clientCertificatesBuilder.addInsecureHost(HOST);
.sslSocketFactory(clientCertificates.sslSocketFactory(),
clientCertificates.trustManager())
.hostnameVerifier((hostname, session) -> true)
如果我尝试发出请求并且我不知道该怎么做,我总是会遇到异常。
javax.net.ssl.SSLHandshakeException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
这是我得到 OkHttpClient:
import okhttp3.OkHttpClient;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import java.io.IOException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
@Service
public class OkHttpUtils {
@Value("${host}")
private String HOST;
@Value("${public-key-path}")
private String PUBLIC_KEY_PATH;
@Value("${private-key-path}")
private String PRIVATE_KEY_PATH;
@Value("${certificate-path}")
private String CERTIFICATE_PATH;
@Value("${url}")
private String URL;
public OkHttpClient getClient()
throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, CertificateException {
String algorithm = "RSA";
// Read public and private key to create a keypair
PrivateKey privateKey = KeyUtils.getPemPrivateKey(PRIVATE_KEY_PATH, algorithm);
PublicKey publicKey = KeyUtils.getPemPublicKey(PUBLIC_KEY_PATH, algorithm);
KeyPair keyPair = new KeyPair(publicKey, privateKey);
// Read the certificate
X509Certificate certificate = KeyUtils.getX509Certificate(CERTIFICATE_PATH);
// Client certificate, used to authenticate the client
HeldCertificate clientCertificate = new HeldCertificate(keyPair, certificate);
// Create handshake certificate (which root certificate/hostname to trust)
HandshakeCertificates.Builder clientCertificatesBuilder = new HandshakeCertificates.Builder()
.addPlatformTrustedCertificates() // trust all certificate which are trusted on the platform
.heldCertificate(clientCertificate); // attach the client certificate
// Do not verify certificate of the host
clientCertificatesBuilder.addInsecureHost(HOST);
HandshakeCertificates clientCertificates = clientCertificatesBuilder.build();
return new OkHttpClient.Builder()
.sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager())
.hostnameVerifier((hostname, session) -> true) // Do not verify the hostname
.build();
}
}
在这里我构建了请求并得到了异常:
OkHttpClient client = okHttpUtils.getClient();
HttpUrl.Builder httpBuilder = HttpUrl.parse(url).newBuilder();
Request request = new Request.Builder()
.url(httpBuilder.build())
.addHeader("Authorization", "Handle clientCert=true")
.addHeader("Accept", "application/json")
.get()
.build();
try (Response response = client.newCall(request).execute()) {
...}
感谢任何帮助!
我发现了问题:
由于 HOST 我给出了一个 IP 地址而不是 URL,目前 OkHttp3 中有一个错误,所以它不起作用。