成人国产在线小视频_日韩寡妇人妻调教在线播放_色成人www永久在线观看_2018国产精品久久_亚洲欧美高清在线30p_亚洲少妇综合一区_黄色在线播放国产_亚洲另类技巧小说校园_国产主播xx日韩_a级毛片在线免费

資訊專欄INFORMATION COLUMN

Java 發(fā)送HTTPS請求到非信任網(wǎng)站

IamDLY / 1278人閱讀

1.Overview

HTTPS pages typically use one of two secure protocols to encrypt communications - SSL (Secure Sockets Layer) or TLS (Transport Layer Security).When you request a HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session. Based on this initial exchange, your browser and the website then initiate the "SSL handshake". The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection between yourself and the website.
In overview, the steps involved in the SSL handshake are shown in Fig 1:

2.Sending HTTPS Requests from Java Program

When writing unit tests, we may need to send HTTPS requests to some websites and get the results. But when the certificate from these websites cannot be verified, handshake exception would be thrown. To send HTTPS requests successfully, you can do as following steps:

1.Download the certificate of the website you want to visit.

2.Use keytool to store the certification in your java trustStore. (default password "changeit")
   (1) copy ./testcert.cer to /path/to/your/JAVA_HOME/jre/lib/security
   (2) keytool -import -trustcacerts -alias testCert -keystore cacerts -file testcert.cer
   (3) check the certificate imported successfullly

           
3. Check the TLS protocol version of the website you want to visit. You can use the website bellow to get all the ssl and tsl information(qarot-analytics.sflab.ondemand.com e.g.).
           https://www.ssllabs.com/ssltest/analyze.html?d=qarot-analytics.sflab.ondemand.com

            
4.Set the Certification and TLS version for your JRE
   (1) Use Java Code
           Properties systemProps = System.getProperties();
           systemProps.put( "javax.net.ssl.trustStore", "path	oyourJVA_HOMEjrelibsecuritycacerts");
           systemProps.put( "javax.net.ssl.trustStorePassword", "changeit");
           System.setProperty("https.protocols", "TLSv1.2");
           System.setProperties(systemProps);
            
   (2) Use Java -D parameter
          -Djavax.net.ssl.trustStore="%JAVA_HOME%jrelibsecuritycacerts"
          -Djavax.net.ssl.trustStorePassword="changeit" 
          -Dhttps.protocols=TLSv1.2
          -Djavax.net.debug=all   //Log all the information
          
5.Use SystemProps when Creating HttpClient
    public class HTTPSTest {                  
        @Test
           public void sendHttpsRequestByHttpClientWithJDK7() {
            Properties systemProps = System.getProperties();
            systemProps.put( "javax.net.ssl.trustStore", "C:Javajvm_7.1.041jvm_7jrelibsecuritycacerts");
            systemProps.put( "javax.net.ssl.trustStorePassword", "changeit");
            System.setProperty("https.protocols", "TLSv1.2");
               System.setProperties(systemProps);
    
            CloseableHttpClient httpClient = HttpClientBuilder.create().useSystemProperties().build();
            HttpGet httpGet = new HttpGet("https://qarot-analytics.sflab.ondemand.com");
     
            try {
               CloseableHttpResponse response = httpClient.execute(httpGet);
               response.getEntity();
            } catch (IOException e) {
               e.printStackTrace();
            }
    }
3.Troubleshooting

During the handshake of client and server, handshake exception may occur.

The handshake failure could have occurred due to various reasons:

1. Incompatible cipher suites in use by the client and the server. This would require the client to use (or enable) a cipher suite that is supported by the server.

2. Incompatible versions of SSL in use (the server might accept only TLS v1, while the client is capable of only using SSL v3). Again, the client might have to ensure that it uses a compatible version of the SSL/TLS protocol.

3. Incomplete trust path for the server certificate; the server"s certificate is probably not trusted by the client. This would usually result in a more verbose error, but it is quite possible. Usually the fix is to import the server"s CA certificate into the client"s trust store.

4. The cerificate is issued for a different domain. Again, this would have resulted in a more verbose message, but I"ll state the fix here in case this is the cause. The resolution in this case would be get the server (it does not appear to be yours) to use the correct certificate.

Details link, https://stackoverflow.com/que...

文章版權(quán)歸作者所有,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。

轉(zhuǎn)載請注明本文地址:http://systransis.cn/yun/67983.html

相關(guān)文章

  • 關(guān)于java訪問https資源時,忽略證書信任問題

    摘要:程序在訪問資源時,出現(xiàn)報錯這本質(zhì)上,是在訪問資源時的證書信任問題。因此,如果用訪問資源,發(fā)現(xiàn)證書不可信任,則會報文章開頭說到的錯誤。 java程序在訪問https資源時,出現(xiàn)報錯sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunC...

    songjz 評論0 收藏0
  • 沒那么淺地談談HTTP與HTTPS【二】

    摘要:王蒙沒那么淺地談談與二四加密算法和密鑰管理介紹密鑰交換機制之前先普及一些加密算法基本知識以及為什么要有密鑰管理機制。證書證書,顧名思義,就是頒發(fā)的證書。公鑰基礎設施公鑰基礎設施,簡稱是目前網(wǎng)絡安全建設的基礎與核心。**玫瑰與荊棘共生,香菇與毒菇同長,真實與假冒比翼騰飛?!趺?*沒那么淺地談談HTTP與HTTPS【二】四、加密算法和密鑰管理介紹密鑰交換機制之前先普及一些加密算法基本知識以及...

    Tecode 評論0 收藏0
  • 淺談CDN、SEO、XSS、CSRF

    摘要:要錢的簡單理解百度的廣告就是不用錢的自己配置提高搜索引擎的權(quán)重是一種技術(shù),主要是用于提高網(wǎng)站瀏覽量而做的優(yōu)化手段為什么需要我們搜一下微信公眾號發(fā)現(xiàn)排名是有先后的,博客園都是靠前的。 CDN 什么是CDN 初學Web開發(fā)的時候,多多少少都會聽過這個名詞->CDN。 CDN在我沒接觸之前,它給我的印象是用來優(yōu)化網(wǎng)絡請求的,我第一次用到CDN的時候是在找JS文件時。當時找不到相對應的JS文件...

    番茄西紅柿 評論0 收藏0

發(fā)表評論

0條評論

IamDLY

|高級講師

TA的文章

閱讀更多
最新活動
閱讀需要支付1元查看
<