<rt id="bn8ez"></rt>
<label id="bn8ez"></label>

  • <span id="bn8ez"></span>

    <label id="bn8ez"><meter id="bn8ez"></meter></label>

    ゞ沉默是金ゞ

    魚離不開水,但是沒有說不離開哪滴水.
    posts - 98,comments - 104,trackbacks - 0

    I use Apache’s HttpClient library for all my URL related needs. It is a marvelous library that does most of the job behind the scenes. Compared the Java’s URL class, it is not as easy to use as Apache’s HttpClient. While using this library, a site that I commonly check for updates threw the exception message javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.

    When I checked the site, it seemed that its SSL certificated had expired. The only workaround for this is to create your own TrustManager. This class actually checks if the SSL certificate is valid. The scheme used by SSL is called X.509 and Java has a specific TrustManager for this scheme, called X509TrustManager.

    This handy method created by theskeleton is just the perfect solution to have your HttpClient object bypass any SSL related errors and ensures that it accepts all SSL certificates of a site, whether it is expired or not.


    public static HttpClient wrapClient(HttpClient base) {
        
    try {
            SSLContext ctx 
    = SSLContext.getInstance("TLS");
            X509TrustManager tm 
    = new X509TrustManager() {
                
    public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { }
     
                
    public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { }
     
                
    public X509Certificate[] getAcceptedIssuers() {
                    
    return null;
                }
            };
            ctx.init(
    nullnew TrustManager[]{tm}, null);
            SSLSocketFactory ssf 
    = new SSLSocketFactory(ctx);
            ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            ClientConnectionManager ccm 
    = base.getConnectionManager();
            SchemeRegistry sr 
    = ccm.getSchemeRegistry();
            sr.register(
    new Scheme("https", ssf, 443));
            
    return new DefaultHttpClient(ccm, base.getParams());
        } 
    catch (Exception ex) {
            
    return null;
        }
    }

    Another way is to recreate the keystore, for the keystore you should have the site in the CN=XXX.
    the command as below:
    1. Create keystore
    keytool -genkey -dname "cn=daXXX.XXX.com,o=,c=" -storepass MB7BROKERpzn -keystore pznKeyStore.jks -alias pznsigned
    2. Export the cert
    keytool -export -keystore pznKeyStore.jks -alias pznsigned -file pznsslcert.cer
    3. Create trust store for client
    keytool -genkey -dname "cn=da957203.fmr.com,o=,c=" -storepass MB7BROKERpzn -keystore pznTrustStore.jks -alias pzntrustsigned
    4. import the server cert
    keytool -import -alias pzntrust -file pznsslcert.cer -keystore pznTrustStore.jks -storepass MB7BROKERpzn
    5. use http client to call the server
            try {
                KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
                FileInputStream instream = new FileInputStream(new File(trustfname));
                try {
                    trustStore.load(instream, passphrase.toCharArray());
                } finally {
                    try { instream.close(); } catch (Exception ignore) {}
                }
                SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
                Scheme sch = new Scheme("https", 443, socketFactory);
                httpclient.getConnectionManager().getSchemeRegistry().register(sch);
            } catch (Exception e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            }





    posted on 2012-08-14 18:42 ゞ沉默是金ゞ 閱讀(3639) 評論(2)  編輯  收藏 所屬分類: HTTP

    FeedBack:
    # re: How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient
    2012-10-03 23:53 | shigangxing
    Another way is to recreate the keystore...
    有兩個問題不清楚,呵呵:
    1,為什么要分開創建兩個keystore
    2,兩個cn的值貌似不同,都是網站的域名么  回復  更多評論
      
    # re: How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient
    2012-11-29 10:22 | dashi99
    @shigangxing
    There are two types of SSL connection:
    a. Server auth: The client needs to trust the server. The server presents a key to the client which the client must trust. This is known as 1 way or asymetric auth.
    b. Client auth: Both client and server need to trust each other. In addition to the server presenting its key to the client, here the client also presents a key to the server which the server must trust. This is also known as two way or symmetric auth.

      回復  更多評論
      
    主站蜘蛛池模板: 四虎亚洲精品高清在线观看| 亚洲AV无码欧洲AV无码网站| 亚洲中文字幕久久无码| h视频在线观看免费完整版| 蜜芽亚洲av无码精品色午夜| 久久亚洲免费视频| 99久久精品国产亚洲| 最近2019免费中文字幕6| 亚洲性一级理论片在线观看| 一个人看的www在线观看免费| 亚洲欧洲无卡二区视頻| 啊灬啊灬别停啊灬用力啊免费看| 美女无遮挡免费视频网站| 亚洲一区二区三区免费| 搡女人免费免费视频观看| 亚洲精品国产成人99久久| 国产在线jyzzjyzz免费麻豆| 最新国产成人亚洲精品影院| 在线a级毛片免费视频| 狠狠综合亚洲综合亚洲色| 久久精品亚洲男人的天堂| 午夜免费啪视频在线观看| 亚洲一欧洲中文字幕在线| 日韩中文字幕在线免费观看| 国产精品极品美女自在线观看免费| 亚洲国产精品成人精品无码区| 3344永久在线观看视频免费首页 | 亚洲中文久久精品无码1| 国产美女无遮挡免费网站| 国产精品1024在线永久免费| 亚洲视频小说图片| 免费真实播放国产乱子伦| 成人性做爰aaa片免费看| 亚洲人成综合网站7777香蕉| 国产成人亚洲综合无码| 18成禁人视频免费网站| 真人无码作爱免费视频| 内射少妇36P亚洲区| 一级毛片直播亚洲| 免费精品国偷自产在线在线 | 国产大片91精品免费看3|