apache http客户端loadtrustmaterial不工作

zpqajqem  于 2021-06-26  发布在  Java
关注(0)|答案(1)|浏览(691)

首先,源代码中没有注解。 org.apache.hc.core5.ssl.SSLContextBuilder#loadTrustMaterial(org.apache.hc.core5.ssl.TrustStrategy) ```
public SSLContextBuilder loadTrustMaterial(
final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException {
return loadTrustMaterial(null, trustStrategy);
}

下面是将触发混乱行为的代码,它与apache office demo apache demo相同

@Test
void customStrategy() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException, IOException, ParseException {

SSLContextBuilder sslContextBuilder = SSLContexts.custom();
sslContextBuilder.loadTrustMaterial((chain, authType) -> false);
SSLContext sslcontext = sslContextBuilder.build();

SSLConnectionSocketFactoryBuilder sslConnectionSocketFactoryBuilder = SSLConnectionSocketFactoryBuilder.create();
sslConnectionSocketFactoryBuilder.setSslContext(sslcontext);
sslConnectionSocketFactoryBuilder.setTlsVersions(TLS.V_1_2);
SSLConnectionSocketFactory sslConnectionSocketFactory = sslConnectionSocketFactoryBuilder.build();

PoolingHttpClientConnectionManagerBuilder poolingHttpClientConnectionManagerBuilder = PoolingHttpClientConnectionManagerBuilder.create();
poolingHttpClientConnectionManagerBuilder.setSSLSocketFactory(sslConnectionSocketFactory);
HttpClientConnectionManager httpClientConnectionManager = poolingHttpClientConnectionManagerBuilder.build();

HttpClientBuilder httpClientBuilder = HttpClients.custom();
httpClientBuilder.setConnectionManager(httpClientConnectionManager);
CloseableHttpClient closeableHttpClient = httpClientBuilder.build();

HttpClientContext clientContext = HttpClientContext.create();

CloseableHttpResponse response = closeableHttpClient.execute(new HttpGet("https://www.baidu.com"), clientContext);

System.out.println("BODY-Length " + EntityUtils.toString(response.getEntity()).length());

SSLSession sslSession = clientContext.getSSLSession();

System.out.println(sslSession.getPeerHost() + ":" + sslSession.getPeerPort());

}

输出为:

... ...
BODY-Length 2443
www.baidu.com:443

连我都直接回来了 `false` 在我的习惯策略中。

sslContextBuilder.loadTrustMaterial((chain, authType) -> {
throw new CertificateException();
});

这将中断连接,但我不认为如果接口返回false,而只是在异常是正确用法时中断。
问:为什么返回false不起作用?这让我感觉不对,这是我的设计吗?
hjqgdpho

hjqgdpho1#

请参阅 TrustStrategy#isTrusted . 如果 TrustStrategyisTrusted 方法证书验证由在ssl上下文中配置的信任管理器执行。

相关问题