java - Swagger 生成的客户端代码无法调用 https localhost 端点

Question

我有一个非常脆弱和复杂的开发设置。我有一个 ssh 隧道到一台机器，该机器在该网络上公开一台机器，当 ssh 隧道到位时，我可以通过Postman或curl这样轻松访问我的 api。

curl -X GET -u admin:admin123 -k " https://172.23.1.175/api/storage/aggregates/?fields=space&return_records=true&return_timeout=15 " -H "accept: application/hal+json"

我的客户端代码是通过创建的swagger，出于开发目的，我希望能够在 IntelliJ 中的 java 应用程序中尝试进行实际的 API 调用。我知道这完全不受欢迎。我得到的错误是这样的：

io.swagger.ontap.client.ApiException: javax.net.ssl.SSLPeerUnverifiedException: Hostname localhost not verified:
    certificate: sha1/o6KF0+STnresD1HaPMVoHNMgwpY=
    DN: C=US, CN=ontapcloud-net0ejmuaf-1
    subjectAltNames: []

这是在我尝试将证书导入我的 java 配置之后的一个较新的错误，之前它是这样的。

导致 javax.net.ssl.SSLHandshakeException：sun.security.validator.ValidatorException：PKIX 路径构建失败：sun.security.provider.certpath.SunCertPathBuilderException：无法找到请求目标的有效证书路径

可以修改下面的代码以适应请求吗？

private void applySslSettings() {
    try {
        TrustManager[] trustManagers = null;
        HostnameVerifier hostnameVerifier = null;
        System.out.println("verifyingSsl: " + verifyingSsl);
        if (!verifyingSsl) {
            TrustManager trustAll = new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
                @Override
                public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
                @Override
                public X509Certificate[] getAcceptedIssuers() { return null; }
            };
            SSLContext sslContext = SSLContext.getInstance("TLS");
            trustManagers = new TrustManager[]{ trustAll };
            hostnameVerifier = new HostnameVerifier() {
                @Override
                public boolean verify(String hostname, SSLSession session) { return true; }
            };
        } else if (sslCaCert != null) {
            char[] password = null; // Any password will work.
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(sslCaCert);
            if (certificates.isEmpty()) {
                throw new IllegalArgumentException("expected non-empty set of trusted certificates");
            }
            KeyStore caKeyStore = newEmptyKeyStore(password);
            int index = 0;
            for (Certificate certificate : certificates) {
                String certificateAlias = "ca" + Integer.toString(index++);
                caKeyStore.setCertificateEntry(certificateAlias, certificate);
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(caKeyStore);
            trustManagers = trustManagerFactory.getTrustManagers();
        }

        if (keyManagers != null || trustManagers != null) {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(keyManagers, trustManagers, new SecureRandom());
            httpClient.setSslSocketFactory(sslContext.getSocketFactory());
        } else {
            httpClient.setSslSocketFactory(null);
        }
        httpClient.setHostnameVerifier(hostnameVerifier);
    } catch (GeneralSecurityException e) {
        throw new RuntimeException(e);
    }
}

Answer 1

解决方案相当简单，swagger 提供的属性可以解决我的问题。

ApiClient apiClient = new ApiClient();
    apiClient.setBasePath("https://localhost:8077/api");
    apiClient.setVerifyingSsl(false);