<rt id="bn8ez"></rt>
<label id="bn8ez"></label>

  • <span id="bn8ez"></span>

    <label id="bn8ez"><meter id="bn8ez"></meter></label>

    ゞ沉默是金ゞ

    魚離不開水,但是沒有說不離開哪滴水.
    posts - 98,comments - 104,trackbacks - 0

    I use Apache’s HttpClient library for all my URL related needs. It is a marvelous library that does most of the job behind the scenes. Compared the Java’s URL class, it is not as easy to use as Apache’s HttpClient. While using this library, a site that I commonly check for updates threw the exception message javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.

    When I checked the site, it seemed that its SSL certificated had expired. The only workaround for this is to create your own TrustManager. This class actually checks if the SSL certificate is valid. The scheme used by SSL is called X.509 and Java has a specific TrustManager for this scheme, called X509TrustManager.

    This handy method created by theskeleton is just the perfect solution to have your HttpClient object bypass any SSL related errors and ensures that it accepts all SSL certificates of a site, whether it is expired or not.


    public static HttpClient wrapClient(HttpClient base) {
        
    try {
            SSLContext ctx 
    = SSLContext.getInstance("TLS");
            X509TrustManager tm 
    = new X509TrustManager() {
                
    public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { }
     
                
    public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { }
     
                
    public X509Certificate[] getAcceptedIssuers() {
                    
    return null;
                }
            };
            ctx.init(
    nullnew TrustManager[]{tm}, null);
            SSLSocketFactory ssf 
    = new SSLSocketFactory(ctx);
            ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            ClientConnectionManager ccm 
    = base.getConnectionManager();
            SchemeRegistry sr 
    = ccm.getSchemeRegistry();
            sr.register(
    new Scheme("https", ssf, 443));
            
    return new DefaultHttpClient(ccm, base.getParams());
        } 
    catch (Exception ex) {
            
    return null;
        }
    }

    Another way is to recreate the keystore, for the keystore you should have the site in the CN=XXX.
    the command as below:
    1. Create keystore
    keytool -genkey -dname "cn=daXXX.XXX.com,o=,c=" -storepass MB7BROKERpzn -keystore pznKeyStore.jks -alias pznsigned
    2. Export the cert
    keytool -export -keystore pznKeyStore.jks -alias pznsigned -file pznsslcert.cer
    3. Create trust store for client
    keytool -genkey -dname "cn=da957203.fmr.com,o=,c=" -storepass MB7BROKERpzn -keystore pznTrustStore.jks -alias pzntrustsigned
    4. import the server cert
    keytool -import -alias pzntrust -file pznsslcert.cer -keystore pznTrustStore.jks -storepass MB7BROKERpzn
    5. use http client to call the server
            try {
                KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
                FileInputStream instream = new FileInputStream(new File(trustfname));
                try {
                    trustStore.load(instream, passphrase.toCharArray());
                } finally {
                    try { instream.close(); } catch (Exception ignore) {}
                }
                SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
                Scheme sch = new Scheme("https", 443, socketFactory);
                httpclient.getConnectionManager().getSchemeRegistry().register(sch);
            } catch (Exception e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            }





    posted on 2012-08-14 18:42 ゞ沉默是金ゞ 閱讀(3652) 評(píng)論(2)  編輯  收藏 所屬分類: HTTP

    FeedBack:
    # re: How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient
    2012-10-03 23:53 | shigangxing
    Another way is to recreate the keystore...
    有兩個(gè)問題不清楚,呵呵:
    1,為什么要分開創(chuàng)建兩個(gè)keystore
    2,兩個(gè)cn的值貌似不同,都是網(wǎng)站的域名么  回復(fù)  更多評(píng)論
      
    # re: How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient
    2012-11-29 10:22 | dashi99
    @shigangxing
    There are two types of SSL connection:
    a. Server auth: The client needs to trust the server. The server presents a key to the client which the client must trust. This is known as 1 way or asymetric auth.
    b. Client auth: Both client and server need to trust each other. In addition to the server presenting its key to the client, here the client also presents a key to the server which the server must trust. This is also known as two way or symmetric auth.

      回復(fù)  更多評(píng)論
      
    主站蜘蛛池模板: 男人的好免费观看在线视频| 成人无码WWW免费视频| 青娱乐免费在线视频| 亚洲美女一区二区三区| 亚洲欧洲免费视频| 亚洲国产高清视频| 4虎1515hh永久免费| 久久亚洲国产成人亚| 久久免费公开视频| 亚洲黄色免费电影| 男女免费观看在线爽爽爽视频| 亚洲欧洲日产国码在线观看| 国产曰批免费视频播放免费s | 最新猫咪www免费人成| 亚洲人成电影院在线观看| 日本一区二区三区免费高清 | 特黄特色的大片观看免费视频| 免费乱理伦在线播放| 中文字幕成人免费高清在线| 亚洲va久久久噜噜噜久久| 99ee6热久久免费精品6| 亚洲一区在线免费观看| 国产色婷婷精品免费视频| 一区二区视频免费观看| 久久久无码精品亚洲日韩蜜桃| 亚洲精品国产精品乱码不99| 精品无码无人网站免费视频| 亚洲国产日韩精品| 免费中文字幕在线| 三年片在线观看免费大全电影| 亚洲成a人片在线观看精品| 国产乱子伦精品免费无码专区| 成人免费一区二区三区| 亚洲欧洲日产国产最新| 亚洲AⅤ无码一区二区三区在线| 97国免费在线视频| 亚洲18在线天美| 国产成人亚洲精品狼色在线| 7x7x7x免费在线观看| 污视频网站免费在线观看| 久久久影院亚洲精品|