如何解决Winrm NTLM 身份验证在 java 中使用 winrm4j 无法通过 https 工作
我无法通过使用 java 的 winrm4j 通过 https 成功进行 Winrm NTLM 身份验证。
以下是我的代码
import io.cloudsoft.winrm4j.winrm.WinRmTool;
import io.cloudsoft.winrm4j.winrm.WinRmToolResponse;
import org.apache.http.client.config.AuthSchemes;
public class WinrmToolTest {
public static void main(String...args) {
String hostname = args[0];
String domain = args[1];
String username = args[2];
String password = args[3];
// System.setProperty("java.security.krb5.kdc",hostname);
//System.setProperty("java.security.krb5.realm",domain.toupperCase());
//System.setProperty("sun.security.krb5.debug","true");
System.setProperty("javax.security.auth.useSubjectCredsOnly","true");
System.setProperty("http.agent","kNown agent");
System.setProperty("javax.net.debug","all");
System.setProperty("java.security.debug","all");
//System.setProperty("java.security.auth.login.config","C:\\Users\\stamma\\WorkSpace\\Code_Base\\BotSink\\main\\src\\user_interface\\endpoint_utility\\WinRmKerberosDemo\\gss-jaas.conf");
WinRmTool.Builder builder = WinRmTool.Builder.builder(
hostname,domain,username,password);
builder.port(WinRmTool.DEFAULT_WINRM_HTTPS_PORT);
//builder.port(WinRmTool.DEFAULT_WINRM_PORT);
builder.useHttps(true);
builder.sslSocketFactory(TrustManagerFactory.getSSLContext().getSocketFactory());
builder.hostnameVerifier(TrustManagerFactory.getHostNameVerifier());
builder.sslContext(TrustManagerFactory.getSSLContext());
//builder.authenticationScheme(AuthSchemes.KERBEROS);
builder.authenticationScheme(AuthSchemes.NTLM);
//builder.requestNewKerberosTicket(true);
WinRmTool tool = builder.build();
WinRmToolResponse result = tool.executeCommand("echo aaa");
System.out.println(result.getStdOut());
System.err.println(result.getStdErr());
}
}
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public class TrustManagerFactory {
private static javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[]{
new javax.net.ssl.x509trustmanager() {
public X509Certificate[] getAcceptedissuers() {
return null;
}
public void checkServerTrusted(X509Certificate[] certs,String authType) throws CertificateException {
return;
}
public void checkClientTrusted(X509Certificate[] certs,String authType) throws CertificateException {
return;
}
}
};
private static HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName,javax.net.ssl.SSLSession session) {
if (!urlHostName.equalsIgnoreCase(session.getPeerHost())) {
}
return true;
}
};
public static SSLContext getSSLContext() {
SSLContext sc = null;
try {
sc = SSLContext.getInstance("TLS");
sc.init(null,trustAllCerts,new SecureRandom());
} catch (Exception e) {
e.printstacktrace();
}
return sc;
}
public static HostnameVerifier getHostNameVerifier() {
return hv;
}
}
错误日志
main,READ: TLSv1.2 Application Data,length = 256
Padded plaintext after DECRYPTION: len = 256
0000: 92 C4 77 04 60 8F EA CB DA 7E F5 61 AE A0 77 79 ..w.`......a..wy
0010: 48 54 54 50 2F 31 2E 31 20 34 30 31 20 0D 0A 53 HTTP/1.1 401 ..S
0020: 65 72 76 65 72 3A 20 4D 69 63 72 6F 73 6F 66 74 erver: Microsoft
0030: 2D 48 54 54 50 41 50 49 2F 32 2E 30 0D 0A 57 57 -HTTPAPI/2.0..WW
0040: 57 2D 41 75 74 68 65 6E 74 69 63 61 74 65 3A 20 W-Authenticate:
0050: 4E 65 67 6F 74 69 61 74 65 0D 0A 57 57 57 2D 41 Negotiate..WWW-A
0060: 75 74 68 65 6E 74 69 63 61 74 65 3A 20 4B 65 72 uthenticate: Ker
0070: 62 65 72 6F 73 0D 0A 44 61 74 65 3A 20 54 68 75 beros..Date: Thu
0080: 2C 20 30 34 20 46 65 62 20 32 30 32 31 20 30 37,04 Feb 2021 07
0090: 3A 34 36 3A 31 38 20 47 4D 54 0D 0A 43 6F 6E 6E :46:18 GMT..Conn
00A0: 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 43 ection: close..C
00B0: 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 30 ontent-Length: 0
00C0: 0D 0A 0D 0A EB 4C DE 83 84 34 44 27 52 EF 08 4C .....L...4D'R..L
00D0: 7C 4A 33 4A EF A6 94 4F 91 B1 22 12 A9 82 2B D6 .J3J...O.."...+.
00E0: 00 7E F3 7C 69 F3 10 EC 9B 01 85 13 AB BB 30 C3 ....i.........0.
00F0: EA 22 8B DB 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ."..............
main,called close()
main,called closeInternal(true)
main,SEND TLSv1.2 ALERT: warning,description = close_notify
Padded plaintext before ENCRYPTION: len = 80
0000: 19 F7 52 6F 94 88 C7 66 D4 F0 E9 E9 57 27 D0 96 ..Ro...f....W'..
0010: 01 00 11 60 D5 46 64 32 17 19 A7 3A 3B 08 38 ED ...`.Fd2...:;.8.
0020: 4E 4F 09 E3 81 D0 25 E0 45 8B 39 1F 28 95 EA 59 NO....%.E.9.(..Y
0030: 81 C7 41 69 30 FC A9 74 7B 1C C8 E0 13 A9 EC 7C ..Ai0..t........
0040: 20 02 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D ...............
main,WRITE: TLSv1.2 Alert,length = 80
[Raw write]: length = 85
0000: 15 03 03 00 50 F6 A4 06 9A 8D EB 87 1F AD C2 E7 ....P...........
0010: C1 8C B0 44 E9 05 56 CB E0 37 C3 02 57 5B D1 9D ...D..V..7..W[..
0020: 78 E9 2D 03 E9 60 5A 5A 83 0A 9D 46 0C 65 14 89 x.-..`ZZ...F.e..
0030: 51 D8 5C ED EB 6A B2 7F 7E A1 40 94 5D 59 A0 4A Q.\..j....@.]Y.J
0040: 99 00 54 43 87 8D A5 F2 30 FD 27 A8 20 6D 37 2E ..TC....0.'. m7.
0050: 10 1A 8A 1F 8E .....
main,called closeSocket(true)
Feb 04,2021 1:16:10 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd}WinRmService#{http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd}Create has thrown exception,unwinding Now
org.apache.cxf.interceptor.Fault: Could not send Message.
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:67)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140)
at com.sun.proxy.$Proxy46.create(UnkNown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at io.cloudsoft.winrm4j.client.retryingProxyHandler.invokeWithRetry(retryingProxyHandler.java:47)
at io.cloudsoft.winrm4j.client.retryingProxyHandler.invoke(retryingProxyHandler.java:34)
at com.sun.proxy.$Proxy47.create(UnkNown Source)
at io.cloudsoft.winrm4j.client.WinRmClient.createShell(WinRmClient.java:475)
at io.cloudsoft.winrm4j.winrm.WinRmTool.executeCommand(WinRmTool.java:359)
at io.cloudsoft.winrm4j.winrm.WinRmTool.executeCommand(WinRmTool.java:304)
at WinrmToolTest.main(WinrmToolTest.java:40)
Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '401: null' when communicating with https://ACM-RT-DNS-01.acme-labs.local:5986/wsman
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.doProcessResponseCode(HTTPConduit.java:1618)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1625)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1570)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1371)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:671)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
... 19 more
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main,setSoTimeout(120000) called
main,the prevIoUs server name in SNI (type=host_name (0),value=ACM-RT-DNS-01.acme-labs.local) was replaced with
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。