如何解决Apache HTTP 客户端 loadTrustMaterial 不起作用
首先,源代码中没有注释。
org.apache.hc.core5.ssl.SSLContextBuilder#loadTrustMaterial(org.apache.hc.core5.ssl.TrustStrategy)
public SSLContextBuilder loadTrustMaterial(
final TrustStrategy trustStrategy) throws NoSuchAlgorithmException,KeyStoreException {
return loadTrustMaterial(null,trustStrategy);
}
这里是会触发混淆行为的代码,同apache官方演示Apache Demo
@Test
void customStrategy() throws KeyStoreException,NoSuchAlgorithmException,KeyManagementException,IOException,ParseException {
SSLContextBuilder sslContextBuilder = SSLContexts.custom();
sslContextBuilder.loadTrustMaterial((chain,authType) -> false);
SSLContext sslcontext = sslContextBuilder.build();
SSLConnectionSocketFactoryBuilder sslConnectionSocketFactoryBuilder = SSLConnectionSocketFactoryBuilder.create();
sslConnectionSocketFactoryBuilder.setSslContext(sslcontext);
sslConnectionSocketFactoryBuilder.setTlsversions(TLS.V_1_2);
SSLConnectionSocketFactory sslConnectionSocketFactory = sslConnectionSocketFactoryBuilder.build();
PoolingHttpClientConnectionManagerBuilder poolingHttpClientConnectionManagerBuilder = PoolingHttpClientConnectionManagerBuilder.create();
poolingHttpClientConnectionManagerBuilder.setSSLSocketFactory(sslConnectionSocketFactory);
HttpClientConnectionManager httpClientConnectionManager = poolingHttpClientConnectionManagerBuilder.build();
HttpClientBuilder httpClientBuilder = HttpClients.custom();
httpClientBuilder.setConnectionManager(httpClientConnectionManager);
CloseableHttpClient closeableHttpClient = httpClientBuilder.build();
HttpClientContext clientContext = HttpClientContext.create();
CloseableHttpResponse response = closeableHttpClient.execute(new HttpGet("https://www.baidu.com"),clientContext);
System.out.println("BODY-Length " + EntityUtils.toString(response.getEntity()).length());
SSLSession sslSession = clientContext.getSSLSession();
System.out.println(sslSession.getPeerHost() + ":" + sslSession.getPeerPort());
}
输出为:
... ...
BODY-Length 2443
www.baidu.com:443
即使我在自定义 TrustStrategy 中直接返回 false
。
sslContextBuilder.loadTrustMaterial((chain,authType) -> {
throw new CertificateException();
});
那会中断连接,但我不认为如果接口返回false,但只有在异常正确使用时才中断。
问题: 为什么返回 false 不起作用? Thorw execption 让我感觉不对,这是设计的吗?
解决方法
请参阅 TrustStrategy#isTrusted
的 javadoc。如果 TrustStrategy
从 isTrusted
方法返回 false,则证书验证由 SSL 上下文中配置的信任管理器执行。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。