资讯专栏INFORMATION COLUMN

Java 发送HTTPS请求到非信任网站

IamDLY / 999人阅读

1.Overview

HTTPS pages typically use one of two secure protocols to encrypt communications - SSL (Secure Sockets Layer) or TLS (Transport Layer Security).When you request a HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session. Based on this initial exchange, your browser and the website then initiate the "SSL handshake". The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection between yourself and the website.
In overview, the steps involved in the SSL handshake are shown in Fig 1:

2.Sending HTTPS Requests from Java Program

When writing unit tests, we may need to send HTTPS requests to some websites and get the results. But when the certificate from these websites cannot be verified, handshake exception would be thrown. To send HTTPS requests successfully, you can do as following steps:

1.Download the certificate of the website you want to visit.

2.Use keytool to store the certification in your java trustStore. (default password "changeit")
   (1) copy ./testcert.cer to /path/to/your/JAVA_HOME/jre/lib/security
   (2) keytool -import -trustcacerts -alias testCert -keystore cacerts -file testcert.cer
   (3) check the certificate imported successfullly

           
3. Check the TLS protocol version of the website you want to visit. You can use the website bellow to get all the ssl and tsl information(qarot-analytics.sflab.ondemand.com e.g.).
           https://www.ssllabs.com/ssltest/analyze.html?d=qarot-analytics.sflab.ondemand.com

            
4.Set the Certification and TLS version for your JRE
   (1) Use Java Code
           Properties systemProps = System.getProperties();
           systemProps.put( "javax.net.ssl.trustStore", "path	oyourJVA_HOMEjrelibsecuritycacerts");
           systemProps.put( "javax.net.ssl.trustStorePassword", "changeit");
           System.setProperty("https.protocols", "TLSv1.2");
           System.setProperties(systemProps);
            
   (2) Use Java -D parameter
          -Djavax.net.ssl.trustStore="%JAVA_HOME%jrelibsecuritycacerts"
          -Djavax.net.ssl.trustStorePassword="changeit" 
          -Dhttps.protocols=TLSv1.2
          -Djavax.net.debug=all   //Log all the information
          
5.Use SystemProps when Creating HttpClient
    public class HTTPSTest {                  
        @Test
           public void sendHttpsRequestByHttpClientWithJDK7() {
            Properties systemProps = System.getProperties();
            systemProps.put( "javax.net.ssl.trustStore", "C:Javajvm_7.1.041jvm_7jrelibsecuritycacerts");
            systemProps.put( "javax.net.ssl.trustStorePassword", "changeit");
            System.setProperty("https.protocols", "TLSv1.2");
               System.setProperties(systemProps);
    
            CloseableHttpClient httpClient = HttpClientBuilder.create().useSystemProperties().build();
            HttpGet httpGet = new HttpGet("https://qarot-analytics.sflab.ondemand.com");
     
            try {
               CloseableHttpResponse response = httpClient.execute(httpGet);
               response.getEntity();
            } catch (IOException e) {
               e.printStackTrace();
            }
    }
3.Troubleshooting

During the handshake of client and server, handshake exception may occur.

The handshake failure could have occurred due to various reasons:

1. Incompatible cipher suites in use by the client and the server. This would require the client to use (or enable) a cipher suite that is supported by the server.

2. Incompatible versions of SSL in use (the server might accept only TLS v1, while the client is capable of only using SSL v3). Again, the client might have to ensure that it uses a compatible version of the SSL/TLS protocol.

3. Incomplete trust path for the server certificate; the server"s certificate is probably not trusted by the client. This would usually result in a more verbose error, but it is quite possible. Usually the fix is to import the server"s CA certificate into the client"s trust store.

4. The cerificate is issued for a different domain. Again, this would have resulted in a more verbose message, but I"ll state the fix here in case this is the cause. The resolution in this case would be get the server (it does not appear to be yours) to use the correct certificate.

Details link, https://stackoverflow.com/que...

文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。

转载请注明本文地址:https://www.ucloud.cn/yun/67983.html

相关文章

  • 关于java访问https资源时,忽略证书信任问题

    摘要:程序在访问资源时,出现报错这本质上,是在访问资源时的证书信任问题。因此,如果用访问资源,发现证书不可信任,则会报文章开头说到的错误。 java程序在访问https资源时,出现报错sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunC...

    songjz 评论0 收藏0
  • 没那么浅地谈谈HTTP与HTTPS【二】

    摘要:王蒙没那么浅地谈谈与二四加密算法和密钥管理介绍密钥交换机制之前先普及一些加密算法基本知识以及为什么要有密钥管理机制。证书证书,顾名思义,就是颁发的证书。公钥基础设施公钥基础设施,简称是目前网络安全建设的基础与核心。**玫瑰与荆棘共生,香菇与毒菇同长,真实与假冒比翼腾飞。——王蒙**没那么浅地谈谈HTTP与HTTPS【二】四、加密算法和密钥管理介绍密钥交换机制之前先普及一些加密算法基本知识以及...

    Tecode 评论0 收藏0
  • 浅谈CDN、SEO、XSS、CSRF

    摘要:要钱的简单理解百度的广告就是不用钱的自己配置提高搜索引擎的权重是一种技术,主要是用于提高网站浏览量而做的优化手段为什么需要我们搜一下微信公众号发现排名是有先后的,博客园都是靠前的。 CDN 什么是CDN 初学Web开发的时候,多多少少都会听过这个名词->CDN。 CDN在我没接触之前,它给我的印象是用来优化网络请求的,我第一次用到CDN的时候是在找JS文件时。当时找不到相对应的JS文件...

    番茄西红柿 评论0 收藏0
  • 朴素的CSRF漏洞学习笔记

    摘要:的危害以受害者名义发送邮件,发消息,盗取账号,甚至于购买商品,转账等造成的问题包括个人隐私泄露以及财产安全。针对请求的攻击为杜绝基于请求的攻击,银行决定用请求完成转账操作。 ...

    YacaToy 评论0 收藏0
  • 前端必须知道的 HTTP 安全头配置

    摘要:在本文中,我将介绍常用的安全头信息设置,并给出一个示例。响应头指定了该响应的资源是否被允许与给定的共享。示例指定可以送达的域名,默认为当前域名不包含子域名只有在协议时才会被发送到服务端。 在本文中,我将介绍常用的安全头信息设置,并给出一个示例。在本文的最后,我将介绍用于常见应用程序和web服务器的安全头信息示例设置。 Content-Security-Policy 内容安全策略(CSP...

    shadajin 评论0 收藏0

发表评论

0条评论

IamDLY

|高级讲师

TA的文章

阅读更多
最新活动
阅读需要支付1元查看
<