22

根据文档,您可以通过一个相当笨重的过程手动从浏览器导出证书并在本地识别它。有什么类似于 curl 的--insecureswitch 的东西可以使它实用吗?

4

2 回答 2

33

大家好消息!:-) 刚刚发现 HttpBuilder 的新版本(0.7.1)引入了方法:

ignoreSSLIssues()

这解决了有关无效 SSL 证书的所有问题(当然您必须知道它也会降低安全性)。

有关此方法的更多信息:https ://github.com/jgritman/httpbuilder/wiki/SSL (底部部分)

于 2014-08-01T09:20:28.897 回答
5

找到了一种不涉及证书导入或 httpbuilder hacks 的方法

//== HTTPBUILDER IMPORTS
@Grab(group='org.codehaus.groovy.modules.http-builder', module='http-builder', version='0.5.0-RC2' )
import groovyx.net.http.*
import static groovyx.net.http.ContentType.*
import static groovyx.net.http.Method.*
//== END HTTPBUILDER IMPORTS

import javax.net.ssl.X509TrustManager
import javax.net.ssl.SSLContext
import java.security.cert.X509Certificate
import javax.net.ssl.TrustManager
import java.security.SecureRandom
import org.apache.http.conn.ssl.SSLSocketFactory
import org.apache.http.conn.scheme.Scheme
import org.apache.http.conn.scheme.SchemeRegistry

def http = new HTTPBuilder( "https://your_unsecure_certificate_host" )

    //=== SSL UNSECURE CERTIFICATE ===
   def sslContext = SSLContext.getInstance("SSL")              
   sslContext.init(null, [ new X509TrustManager() {public X509Certificate[]   
   getAcceptedIssuers() {null }
   public void checkClientTrusted(X509Certificate[] certs, String authType) { }
   public void checkServerTrusted(X509Certificate[] certs, String authType) { }
   } ] as TrustManager[], new SecureRandom())
   def sf = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
   def httpsScheme = new Scheme("https", sf, 443)
   http.client.connectionManager.schemeRegistry.register( httpsScheme )
   //================================

//do your http call with the http object
http.request( ....
于 2013-01-31T18:04:07.373 回答