java?HttpsURLConnection怎么繞過證書，原理是什么

https的證書發(fā)放是基于x509的

公司主營業(yè)務(wù)：成都網(wǎng)站建設(shè)、網(wǎng)站設(shè)計、移動網(wǎng)站開發(fā)等業(yè)務(wù)。幫助企業(yè)客戶真正實現(xiàn)互聯(lián)網(wǎng)宣傳，提高企業(yè)的競爭能力。創(chuàng)新互聯(lián)公司是一支青春激揚(yáng)、勤奮敬業(yè)、活力青春激揚(yáng)、勤奮敬業(yè)、活力澎湃、和諧高效的團(tuán)隊。公司秉承以“開放、自由、嚴(yán)謹(jǐn)、自律”為核心的企業(yè)文化，感謝他們對我們的高要求，感謝他們從不同領(lǐng)域給我們帶來的挑戰(zhàn)，讓我們激情的團(tuán)隊有機(jī)會用頭腦與智慧不斷的給客戶帶來驚喜。創(chuàng)新互聯(lián)公司推出臨澤免費做網(wǎng)站回饋大家。

證書可以是自己生成的（叫做自簽名證書），可以是CA中心發(fā)放的

X509TrustManager產(chǎn)生的就是一個自簽名證書。。

因為你配置的tomcat和google

https接受自簽名證書，所以才能訪問。

java 調(diào)用WebService如何跳過安全證書驗證的問題

安全認(rèn)證還能跳過？

不能吧，要不就添加密碼

要不就取消webservice上的加密

Java的HttpClient如何去支持無證書訪問https

項目里需要訪問其他接口，通過http/https協(xié)議。我們一般是用HttpClient類來實現(xiàn)具體的http/https協(xié)議接口的調(diào)用。

// Init a HttpClient

HttpClient client = new HttpClient();

String url=;

// Init a HttpMethod

HttpMethod get = new GetMethod(url);

get.setDoAuthentication(true);

get.getParams().setParameter(HttpMethodParams.RETRY_HANDLER, new DefaultHttpMethodRetryHandler(1, false));

// Call http interface

try {

client.executeMethod(get);

// Handle the response from http interface

InputStream in = get.getResponseBodyAsStream();

SAXReader reader = new SAXReader();

Document doc = reader.read(in);

} finally {

// Release the http connection

get.releaseConnection();

}

以上代碼在通過普通的http協(xié)議是沒有問題的，但如果是https協(xié)議的話，就會有證書文件的要求了。一般情況下，是這樣去做的。

// Init a HttpClient

HttpClient client = new HttpClient();

String url=;

if (url.startsWith("https:")) {

System.setProperty("javax.net.ssl.trustStore", "/.sis.cer");

System.setProperty("javax.net.ssl.trustStorePassword", "public");

}

于是，這里就需要事先生成一個.sis.cer的文件，生成這個文件的方法一般是先通過瀏覽器訪問https://，導(dǎo)出證書文件，再用JAVA keytool command 生成證書

# $JAVA_HOME/bin/keytool -import -file sis.cer -keystore .sis.cer

但這樣做，一比較麻煩，二來證書也有有效期，過了有效期之后，又需要重新生成一次證書。如果能夠避開生成證書文件的方式來使用https的話，就比較好了。

還好，在最近的項目里，我們終于找到了方法。

// Init a HttpClient

HttpClient client = new HttpClient();

String url=;

if (url.startsWith("https:")) {

this.supportSSL(url, client);

}

用到了supportSSL(url, client)這個方法，看看這個方法是如何實現(xiàn)的。

private void supportSSL(String url, HttpClient client) {

if(StringUtils.isBlank(url)) {

return;

}

String siteUrl = StringUtils.lowerCase(url);

if (!(siteUrl.startsWith("https"))) {

return;

}

try {

setSSLProtocol(siteUrl, client);

} catch (Exception e) {

logger.error("setProtocol error ", e);

}

Security.setProperty( "ssl.SocketFactory.provider",

"com.tool.util.DummySSLSocketFactory");

}

private static void setSSLProtocol(String strUrl, HttpClient client) throws Exception {

URL url = new URL(strUrl);

String host = url.getHost();

int port = url.getPort();

if (port = 0) {

port = 443;

}

ProtocolSocketFactory factory = new SSLSocketFactory();

Protocol authhttps = new Protocol("https", factory, port);

Protocol.registerProtocol("https", authhttps);

// set https protocol

client.getHostConfiguration().setHost(host, port, authhttps);

}

在supportSSL方法里，調(diào)用了Security.setProperty( "ssl.SocketFactory.provider",

"com.tool.util.DummySSLSocketFactory");

那么這個com.tool.util.DummySSLSocketFactory是這樣的：

訪問https 資源時,讓httpclient接受所有ssl證書,在weblogic等容器中很有用

代碼如下:

1. import java.io.IOException;

2. import java.net.InetAddress;

3. import java.net.InetSocketAddress;

4. import java.net.Socket;

5. import java.net.SocketAddress;

6. import java.net.UnknownHostException;

7. import java.security.KeyManagementException;

8. import java.security.NoSuchAlgorithmException;

9. import java.security.cert.CertificateException;

10. import java.security.cert.X509Certificate;

11.

12. import javax.net.SocketFactory;

13. import javax.net.ssl.SSLContext;

14. import javax.net.ssl.TrustManager;

15. import javax.net.ssl.X509TrustManager;

16.

17. import org.apache.commons.httpclient.ConnectTimeoutException;

18. import org.apache.commons.httpclient.params.HttpConnectionParams;

19. import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;

20.

21. public class MySecureProtocolSocketFactory implements SecureProtocolSocketFactory {

22. static{

23. System.out.println("in MySecureProtocolSocketFactory");

24. }

25. private SSLContext sslcontext = null;

26.

27. private SSLContext createSSLContext() {

28. SSLContext sslcontext=null;

29. try {

30. sslcontext = SSLContext.getInstance("SSL");

31. sslcontext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new java.security.SecureRandom());

32. } catch (NoSuchAlgorithmException e) {

33. e.printStackTrace();

34. } catch (KeyManagementException e) {

35. e.printStackTrace();

36. }

37. return sslcontext;

38. }

39.

40. private SSLContext getSSLContext() {

41. if (this.sslcontext == null) {

42. this.sslcontext = createSSLContext();

43. }

44. return this.sslcontext;

45. }

46.

47. public Socket createSocket(Socket socket, String host, int port, boolean autoClose)

48. throws IOException, UnknownHostException {

49. return getSSLContext().getSocketFactory().createSocket(

50. socket,

51. host,

52. port,

53. autoClose

54. );

55. }

56.

57. public Socket createSocket(String host, int port) throws IOException,

58. UnknownHostException {

59. return getSSLContext().getSocketFactory().createSocket(

60. host,

61. port

62. );

63. }

64.

65.

66. public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort)

67. throws IOException, UnknownHostException {

68. return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);

69. }

70.

71. public Socket createSocket(String host, int port, InetAddress localAddress,

72. int localPort, HttpConnectionParams params) throws IOException,

73. UnknownHostException, ConnectTimeoutException {

74. if (params == null) {

75. throw new IllegalArgumentException("Parameters may not be null");

76. }

77. int timeout = params.getConnectionTimeout();

78. SocketFactory socketfactory = getSSLContext().getSocketFactory();

79. if (timeout == 0) {

80. return socketfactory.createSocket(host, port, localAddress, localPort);

81. } else {

82. Socket socket = socketfactory.createSocket();

83. SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);

84. SocketAddress remoteaddr = new InetSocketAddress(host, port);

85. socket.bind(localaddr);

86. socket.connect(remoteaddr, timeout);

87. return socket;

88. }

89. }

90.

91. //自定義私有類

92. private static class TrustAnyTrustManager implements X509TrustManager {

93.

94. public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {

95. }

96.

97. public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {

98. }

99.

100. public X509Certificate[] getAcceptedIssuers() {

101. return new X509Certificate[]{};

102. }

103. }

104.

105. }

public class MySecureProtocolSocketFactory implements SecureProtocolSocketFactory {

static{

System.out.println("in MySecureProtocolSocketFactory");

}

private SSLContext sslcontext = null;

private SSLContext createSSLContext() {

SSLContext sslcontext=null;

try {

sslcontext = SSLContext.getInstance("SSL");

sslcontext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new java.security.SecureRandom());

} catch (NoSuchAlgorithmException e) {

e.printStackTrace();

} catch (KeyManagementException e) {

e.printStackTrace();

}

return sslcontext;

}

private SSLContext getSSLContext() {

if (this.sslcontext == null) {

this.sslcontext = createSSLContext();

}

return this.sslcontext;

}

public Socket createSocket(Socket socket, String host, int port, boolean autoClose)

throws IOException, UnknownHostException {

return getSSLContext().getSocketFactory().createSocket(

socket,

host,

port,

autoClose

);

}

public Socket createSocket(String host, int port) throws IOException,

UnknownHostException {

return getSSLContext().getSocketFactory().createSocket(

host,

port

然后按如下方式使用HttpClient

Protocol myhttps = new Protocol("https", new MySecureProtocolSocketFactory (), 443);

Protocol.registerProtocol("https", myhttps);

HttpClient httpclient=new HttpClient();

java HttpsURLConnection怎么繞過證書，原理是什么

最近項目中用到通過HttpURLConnection去連接一個url進(jìn)行訪問操作，但是在實際的部署環(huán)境中，web服務(wù)器使用了ssl，直接通過HttpURLConnection無法訪問，然后通過修改代碼，使用HttpsURLConnction，加載證書啊之類的來實現(xiàn)訪問。但是問題來了，我部署的應(yīng)該每次都需要容器的keystore文件、密碼。后來看到網(wǎng)上有人有代碼可以繞過證書、或者使用common-httpclient來訪問（自動加載證書），但是小弟我對這個原理一點不懂，求解！問題補(bǔ)充：如果使用加載keystore文件的話，我每次部署應(yīng)用都需要知道容器設(shè)置的keystore文件，通過網(wǎng)上的代碼，我不用關(guān)注證書之類的信息，就可以訪問https的url。還是迷茫啊 問題補(bǔ)充：謝謝你的回答，腦子中有點概念了，不過還是有點迷糊，還在學(xué)習(xí)中。你說的自簽名證書的意思是不是在與server通信過程中，客戶端使用的證書是自己生成的，我們在代碼中通過使用X509TrustManager來產(chǎn)生？ br / br /div class="quote_title"beneo 寫道/divdiv class="quote_div"https的證書發(fā)放是基于x509的 br / br /證書可以是自己生成的（叫做自簽名證書），可以是CA中心發(fā)放的 br / br /X509TrustManager產(chǎn)生的就是一個自簽名證書。。 br / br /因為你配置的tomcat和google https接受自簽名證書，所以才能訪問。/div br / 問題補(bǔ)充：非常謝謝beneo， br /本人javaeye分實在太少，不好意思了。大家多交流交流^_^?。?！

解析Java為什么不接受合法的HTTPS證書

在我們使用Java調(diào)用遠(yuǎn)程接口或是抓取數(shù)據(jù)時經(jīng)常會發(fā)生以下錯誤：

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

at sun.security.validator.Validator.validate(Validator.java:260)

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X

idea標(biāo)紅代碼改忽略

1、首先打開打開IDEA軟件，進(jìn)入Java代碼編輯主界面，在編輯窗口上方，點擊其中的“文件”菜單項。

2、其次在下拉子菜單中，點擊“設(shè)置”選項在彈出的“設(shè)置”窗口，選擇左側(cè)列表中的“高級設(shè)置”欄。

3、最后在右側(cè)“版本控制”欄目下，勾選“高亮顯示忽略的文件”復(fù)選框即可。