java CXF RESTful 客户端 - 如何信任所有证书?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7881122/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CXF RESTful Client - How to do trust all certs?
提问by sdoca
I have written Jersey RESTful clients that made use of a DumbX509TrustManager and HostnameVerifier to trust all SSL certs on our lab systems to make it easier to deal with certs that are self-signed.
我编写了 Jersey RESTful 客户端,它们使用DumbX509TrustManager 和 HostnameVerifier 来信任我们实验室系统上的所有 SSL 证书,以便更轻松地处理自签名证书。
ClientConfig config = new DefaultClientConfig();
SSLContext context = null;
try
{
context = SSLContext.getInstance("SSL");
context.init(null,
new TrustManager[] { new DumbX509TrustManager() },
null);
config.getProperties()
.put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
new HTTPSProperties(this.getHostnameVerifier(),
context));
webClient = Client.create(config);
}
....
Is there a way for me to do something similar using CXF?
有没有办法让我使用 CXF 做类似的事情?
回答by sdoca
This is from the CXF mailing list. Note that I didn't have to implement it due to other system updates, so this is theoretical:
这是来自 CXF 邮件列表。请注意,由于其他系统更新,我不必实施它,因此这是理论上的:
WebClient webClient = WebClient.create(this.serviceURL,
this.username,
this.password,
null); // Spring config file - we don't use this
if (trustAllCerts)
{
HTTPConduit conduit = WebClient.getConfig(webClient)
.getHttpConduit();
TLSClientParameters params =
conduit.getTlsClientParameters();
if (params == null)
{
params = new TLSClientParameters();
conduit.setTlsClientParameters(params);
}
params.setTrustManagers(new TrustManager[] { new
DumbX509TrustManager() });
params.setDisableCNCheck(true);
}
回答by scoulomb
To complete the answer from sdoca, here is an implementation with a dumb X509 trust manager:
为了完成 sdoca 的回答,这里是一个使用愚蠢的 X509 信任管理器的实现:
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.transport.http.HTTPConduit;
[...]
public class ApiClient {
private WebClient webClient;
[...]
public void init() {
webClient = createWebClient(URI).accept(MediaType.APPLICATION_JSON).type(MediaType.APPLICATION_JSON);
addX509TrustManager();
}
private void addX509TrustManager() {
Assert.notNull(webClient, "Client needs to be initialized");
HTTPConduit conduit = WebClient.getConfig(webClient).getHttpConduit();
TLSClientParameters params = conduit.getTlsClientParameters();
if (params == null) {
params = new TLSClientParameters();
conduit.setTlsClientParameters(params);
}
params.setTrustManagers(new TrustManager[] { new BlindTrustManager() });
params.setDisableCNCheck(true);
}
}
Where BlindTrustManager is defined as follows:
其中 BlindTrustManager 定义如下:
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
/**
* This dumb X509TrustManager trusts all certificate. TThis SHOULD NOT be used in Production.
*/
public class BlindTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws java.security.cert.CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
It may be useful to check this links for a better understanding:
检查此链接以更好地理解可能很有用:
