【问题标题】:Dropwizard client deal with self signed certificateDropwizard 客户端处理自签名证书
【发布时间】:2017-02-25 23:36:18
【问题描述】:

Dropwizard 很新。

我找到了很多处理 Jersey 和 ssl 自签名证书的解决方案。 Dropwizard 版本是 0.9.2

我尝试设置 SSLContext 但我得到了

The method sslContext(SSLContext) is undefined for the type JerseyClientBuilder

代码:

   TrustManager[] certs = new TrustManager[]{
          new X509TrustManager() {
              @Override
              public X509Certificate[] getAcceptedIssuers() {
                  return null;
              }

              @Override
              public void checkServerTrusted(X509Certificate[] chain, String authType)
                      throws CertificateException {
              }

              @Override
              public void checkClientTrusted(X509Certificate[] chain, String authType)
                      throws CertificateException {
              }
          }
  };

  public static class TrustAllHostNameVerifier implements HostnameVerifier {

      public boolean verify(String hostname, SSLSession session) {
          return true;
      }

  }
  private Client getWebClient(AppConfiguration configuration, Environment env) {
      SSLContext ctx = SSLContext.getInstance("SSL");
      ctx.init(null, certs, new SecureRandom());
      Client client = new JerseyClientBuilder(env)
          .using(configuration.getJerseyClient())
          .sslContext(ctx)
          .build("MyClient");
      return client;
  }

配置部分:

private JerseyClientConfiguration jerseyClient = new JerseyClientConfiguration();

public JerseyClientConfiguration getJerseyClient() {
    return jerseyClient;   
} 

【问题讨论】:

    标签: ssl ssl-certificate dropwizard jersey-client


    【解决方案1】:

    我找到了一个简单的解决方案,只使用配置

    jerseyClient:
      tls:
        verifyHostname: false
        trustSelfSignedCertificates: true
    

    【讨论】:

    • 感谢您的回答。
    【解决方案2】:

    我认为要在 0.9.2 中创建一个不安全的客户端,您将使用 ConnectionSocketFactory 的注册表,类似于...

        final SSLContext sslContext = SSLContext.getInstance("SSL");
    
        sslContext.init(null, new TrustManager[] { new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
                        throws java.security.cert.CertificateException {
                }
                @Override
                public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
                        throws java.security.cert.CertificateException {
                }
                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            } }, new SecureRandom());
    
    
        final SSLConnectionSocketFactory sslConnectionSocketFactory =
                new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
    
        final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
                .register("https", sslConnectionSocketFactory)
                .register("http", PlainConnectionSocketFactory.INSTANCE)
                .build();
    
        builder.using(registry);
    
        Client client = new JerseyClientBuilder(env)
          .using(configuration.getJerseyClient())
          .using(registry)
          .build("MyInsecureClient");
    

    【讨论】:

      猜你喜欢
      • 2018-09-21
      • 2013-07-14
      • 2022-01-07
      • 2017-08-12
      • 1970-01-01
      • 2020-05-17
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多