<rt id="bn8ez"></rt>
<label id="bn8ez"></label>

  • <span id="bn8ez"></span>

    <label id="bn8ez"><meter id="bn8ez"></meter></label>

    ゞ沉默是金ゞ

    魚離不開水,但是沒有說不離開哪滴水.
    posts - 98,comments - 104,trackbacks - 0

    I use Apache’s HttpClient library for all my URL related needs. It is a marvelous library that does most of the job behind the scenes. Compared the Java’s URL class, it is not as easy to use as Apache’s HttpClient. While using this library, a site that I commonly check for updates threw the exception message javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.

    When I checked the site, it seemed that its SSL certificated had expired. The only workaround for this is to create your own TrustManager. This class actually checks if the SSL certificate is valid. The scheme used by SSL is called X.509 and Java has a specific TrustManager for this scheme, called X509TrustManager.

    This handy method created by theskeleton is just the perfect solution to have your HttpClient object bypass any SSL related errors and ensures that it accepts all SSL certificates of a site, whether it is expired or not.


    public static HttpClient wrapClient(HttpClient base) {
        
    try {
            SSLContext ctx 
    = SSLContext.getInstance("TLS");
            X509TrustManager tm 
    = new X509TrustManager() {
                
    public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { }
     
                
    public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { }
     
                
    public X509Certificate[] getAcceptedIssuers() {
                    
    return null;
                }
            };
            ctx.init(
    nullnew TrustManager[]{tm}, null);
            SSLSocketFactory ssf 
    = new SSLSocketFactory(ctx);
            ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            ClientConnectionManager ccm 
    = base.getConnectionManager();
            SchemeRegistry sr 
    = ccm.getSchemeRegistry();
            sr.register(
    new Scheme("https", ssf, 443));
            
    return new DefaultHttpClient(ccm, base.getParams());
        } 
    catch (Exception ex) {
            
    return null;
        }
    }

    Another way is to recreate the keystore, for the keystore you should have the site in the CN=XXX.
    the command as below:
    1. Create keystore
    keytool -genkey -dname "cn=daXXX.XXX.com,o=,c=" -storepass MB7BROKERpzn -keystore pznKeyStore.jks -alias pznsigned
    2. Export the cert
    keytool -export -keystore pznKeyStore.jks -alias pznsigned -file pznsslcert.cer
    3. Create trust store for client
    keytool -genkey -dname "cn=da957203.fmr.com,o=,c=" -storepass MB7BROKERpzn -keystore pznTrustStore.jks -alias pzntrustsigned
    4. import the server cert
    keytool -import -alias pzntrust -file pznsslcert.cer -keystore pznTrustStore.jks -storepass MB7BROKERpzn
    5. use http client to call the server
            try {
                KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
                FileInputStream instream = new FileInputStream(new File(trustfname));
                try {
                    trustStore.load(instream, passphrase.toCharArray());
                } finally {
                    try { instream.close(); } catch (Exception ignore) {}
                }
                SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
                Scheme sch = new Scheme("https", 443, socketFactory);
                httpclient.getConnectionManager().getSchemeRegistry().register(sch);
            } catch (Exception e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            }





    posted on 2012-08-14 18:42 ゞ沉默是金ゞ 閱讀(3652) 評(píng)論(2)  編輯  收藏 所屬分類: HTTP

    FeedBack:
    # re: How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient
    2012-10-03 23:53 | shigangxing
    Another way is to recreate the keystore...
    有兩個(gè)問題不清楚,呵呵:
    1,為什么要分開創(chuàng)建兩個(gè)keystore
    2,兩個(gè)cn的值貌似不同,都是網(wǎng)站的域名么  回復(fù)  更多評(píng)論
      
    # re: How To Avoid javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Problem Using Apache HttpClient
    2012-11-29 10:22 | dashi99
    @shigangxing
    There are two types of SSL connection:
    a. Server auth: The client needs to trust the server. The server presents a key to the client which the client must trust. This is known as 1 way or asymetric auth.
    b. Client auth: Both client and server need to trust each other. In addition to the server presenting its key to the client, here the client also presents a key to the server which the server must trust. This is also known as two way or symmetric auth.

      回復(fù)  更多評(píng)論
      
    主站蜘蛛池模板: 精品国产日韩亚洲一区| 亚洲福利一区二区三区| 中文字幕亚洲无线码| 亚洲男人第一av网站| 亚洲一区二区三区国产精华液| 一级特黄a大片免费| 亚洲精品视频免费在线观看| 亚洲?V无码成人精品区日韩| 亚洲成人福利在线观看| 一级毛片视频免费观看| 亚洲高清无码综合性爱视频| 亚洲一区二区三区不卡在线播放| 一区二区三区免费视频网站| 国产成人亚洲综合| 亚洲JLZZJLZZ少妇| 91高清免费国产自产| 国产美女亚洲精品久久久综合| 美女无遮挡拍拍拍免费视频| 国产在线ts人妖免费视频| 亚洲国色天香视频| 国产乱码免费卡1卡二卡3卡| 水蜜桃亚洲一二三四在线| 一区二区三区免费视频网站| 亚洲AV无码第一区二区三区| 和老外3p爽粗大免费视频| 亚洲AV无一区二区三区久久| 成人福利免费视频| 亚洲国产综合91精品麻豆| 无码乱肉视频免费大全合集| 亚洲福利电影在线观看| 色播在线永久免费视频| 亚洲香蕉在线观看| www.999精品视频观看免费| 亚洲AV无码成人精品区狼人影院| 成人免费无码大片a毛片| 久久精品亚洲AV久久久无码| 免费在线观看亚洲| 亚洲天堂免费在线视频| 亚洲精品成人久久久| 国产无限免费观看黄网站| 亚洲欧洲国产成人精品|