<rt id="bn8ez"></rt>
<label id="bn8ez"></label>

  • <span id="bn8ez"></span>

    <label id="bn8ez"><meter id="bn8ez"></meter></label>

    ゞ沉默是金ゞ

    魚離不開水,但是沒有說不離開哪滴水.
    posts - 98,comments - 104,trackbacks - 0

    I use Apache’s HttpClient library for all my URL related needs. It is a marvelous library that does most of the job behind the scenes. Compared the Java’s URL class, it is not as easy to use as Apache’s HttpClient. While using this library, a site that I commonly check for updates threw the exception message javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.

    When I checked the site, it seemed that its SSL certificated had expired. The only workaround for this is to create your own TrustManager. This class actually checks if the SSL certificate is valid. The scheme used by SSL is called X.509 and Java has a specific TrustManager for this scheme, called X509TrustManager.

    This handy method created by theskeleton is just the perfect solution to have your HttpClient object bypass any SSL related errors and ensures that it accepts all SSL certificates of a site, whether it is expired or not.


    public static HttpClient wrapClient(HttpClient base) {
        
    try {
            SSLContext ctx 
    = SSLContext.getInstance("TLS");
            X509TrustManager tm 
    = new X509TrustManager() {
                
    public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { }
     
                
    public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { }
     
                
    public X509Certificate[] getAcceptedIssuers() {
                    
    return null;
                }
            };
            ctx.init(
    nullnew TrustManager[]{tm}, null);
            SSLSocketFactory ssf 
    = new SSLSocketFactory(ctx);
            ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            ClientConnectionManager ccm 
    = base.getConnectionManager();
            SchemeRegistry sr 
    = ccm.getSchemeRegistry();
            sr.register(
    new Scheme("https", ssf, 443));
            
    return new DefaultHttpClient(ccm, base.getParams());
        } 
    catch (Exception ex) {
            
    return null;
        }
    }

    Another way is to recreate the keystore, for the keystore you should have the site in the CN=XXX.
    the command as below:
    1. Create keystore
    keytool -genkey -dname "cn=daXXX.XXX.com,o=,c=" -storepass MB7BROKERpzn -keystore pznKeyStore.jks -alias pznsigned
    2. Export the cert
    keytool -export -keystore pznKeyStore.jks -alias pznsigned -file pznsslcert.cer
    3. Create trust store for client
    keytool -genkey -dname "cn=da957203.fmr.com,o=,c=" -storepass MB7BROKERpzn -keystore pznTrustStore.jks -alias pzntrustsigned
    4. import the server cert
    keytool -import -alias pzntrust -file pznsslcert.cer -keystore pznTrustStore.jks -storepass MB7BROKERpzn
    5. use http client to call the server
            try {
                KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
                FileInputStream instream = new FileInputStream(new File(trustfname));
                try {
                    trustStore.load(instream, passphrase.toCharArray());
                } finally {
                    try { instream.close(); } catch (Exception ignore) {}
                }
                SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
                Scheme sch = new Scheme("https", 443, socketFactory);
                httpclient.getConnectionManager().getSchemeRegistry().register(sch);
            } catch (Exception e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            }





    posted on 2012-08-14 18:42 ゞ沉默是金ゞ 閱讀(3652) 評論(2)  編輯  收藏 所屬分類: HTTP

    FeedBack:
    # re: How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient
    2012-10-03 23:53 | shigangxing
    Another way is to recreate the keystore...
    有兩個問題不清楚,呵呵:
    1,為什么要分開創(chuàng)建兩個keystore
    2,兩個cn的值貌似不同,都是網(wǎng)站的域名么  回復(fù)  更多評論
      
    # re: How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient
    2012-11-29 10:22 | dashi99
    @shigangxing
    There are two types of SSL connection:
    a. Server auth: The client needs to trust the server. The server presents a key to the client which the client must trust. This is known as 1 way or asymetric auth.
    b. Client auth: Both client and server need to trust each other. In addition to the server presenting its key to the client, here the client also presents a key to the server which the server must trust. This is also known as two way or symmetric auth.

      回復(fù)  更多評論
      
    主站蜘蛛池模板: 在线永久看片免费的视频| 成人妇女免费播放久久久| 91成年人免费视频| 99亚洲精品高清一二区| 久久综合九色综合97免费下载| 全黄性性激高免费视频| MM1313亚洲国产精品| 国产又粗又猛又爽又黄的免费视频| 亚洲精品色播一区二区| 最近中文字幕无免费视频| 亚洲精品人成网在线播放影院| 国产99视频精品免费观看7| 亚洲国产激情在线一区| 成人黄软件网18免费下载成人黄18免费视频 | 国产美女无遮挡免费网站| 亚洲国产成人AV网站| 成人亚洲综合天堂| 一级毛片大全免费播放下载| 国产精品亚洲mnbav网站| 国产午夜成人免费看片无遮挡| 亚洲精品无码久久久久sm| 久久国产精品免费观看| 亚洲狠狠狠一区二区三区| 国产精品爱啪在线线免费观看| 亚洲人成电影网站久久| 国产在线ts人妖免费视频| 国产精品免费一区二区三区 | 亚洲黑人嫩小videos| 成人特黄a级毛片免费视频| 亚洲AV无码一区二区三区久久精品| 国产免费一区二区三区VR| 成人精品视频99在线观看免费| 亚洲成人高清在线观看| 免费人成网站在线播放| 久久国产乱子精品免费女| 亚洲综合丁香婷婷六月香| 亚洲国产精品自在拍在线播放| 99在线在线视频免费视频观看| 亚洲欧洲专线一区| 亚洲中文字幕久久精品无码APP| 久草视频免费在线|