1

我正在为客户端到服务器执行相互身份验证。

我有一个带有自签名证书的服务器。我创建了一个 Java 密钥库 (trustStore),其中包括该服务器在信任库中。我有一个包含我的证书和私钥的密钥库。我的证书由服务器签名(与我的信任库中的自签名证书相同)。我使用 API 创建了一个 SSLSocketFactory,它注册了我的密钥库和信任库(类似于这篇文章Mutual Authentication with x509 Certificates using HttpClient 4.0.1)。

使用 Apache HTTPClient 4.0.1 一切正常。我升级到 4.1,除了必须重新排序 Scheme 构造函数中的参数之外,代码是相同的。但是,现在我得到一个 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

请帮忙?

我看到 4.1 中有一个 org.apache.http.conn.ssl.TrustSelfSignedStrategy 但还没有找到任何使用它的例子。我什至不确定我是否想使用它。我必须做出用户选择,这似乎对他们来说最好只给我他们的服务器证书以添加到我的信任库中。(http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/TrustSelfSignedStrategy.html

下面是代码:

    String doGet(URI uri, String acceptType) throws Exception 
    { 
            // To be replaced by common module. 
            String result = null; 
            DefaultHttpClient httpclient = new DefaultHttpClient(); 
            try 
            { 
                    SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, String.valueOf(keyStorePassword), trustStore); 
                    Scheme sch = new Scheme("https", 443, socketFactory); 
                    httpclient.getConnectionManager().getSchemeRegistry().register(sch); 

                    HttpGet httpget = new HttpGet(uri.toASCIIString()); 
                    httpget.addHeader("Accept", acceptType); 
                    HttpResponse response = httpclient.execute(httpget); 
                    HttpEntity entity = response.getEntity(); 

                    result = IOUtils.getContent(entity.getContent()); 
            } finally 
            { 
                    httpclient.getConnectionManager().shutdown(); 
            } 

            return result; 
    }

以下是我在 4.1 中遇到的异常:

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) 
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) 
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390) 
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) 
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149) 
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) 
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:562) 
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415) 
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) 
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754) 
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
4

1 回答 1

1

我在 HTTPClient 用户列表上发布了这个,在与开发人员交互后,发现了 4.1 中的错误,并将在 4.1.1 中修复。

http://old.nabble.com/SSL-Mutual-Authentication-Code-worked-in-4.0.1-but-fails-in-4.1-tt31092864.html

于 2011-03-10T16:30:04.347 回答