wsimport-over-ssl和假(dev)证书

zxlwwiss  于 2021-07-13  发布在  Java
关注(0)|答案(2)|浏览(428)

最近,我花了几个小时试图让wsimport在通过https托管的web服务上工作,并使用假证书(dev deployment)。
我试着用windows版本的 wsimport.exe ,来自Java8JDK。
我指定了选项 -XdisableSSLHostnameVerification ,但它一直在抱怨错误的证书。确实,证书是无效的,但在dev环境中它应该是可以接受的。
我没有找到使wsimport跳过证书检查的简单方法。

xggvc2p6

xggvc2p61#

最后我得到了一个解决方案,使用 Package 类。
我认为分享解决方案是有意义的。希望它能节省一些人的时间,以更好的目的。
解决方案(假设java安装在 c:\Program Files\Java\jdk1.8.0_40 ):
如何编译 "c:\Program Files\Java\jdk1.8.0_40\bin\javac" -cp "c:\Program Files\Java\jdk1.8.0_40\lib\tools.jar" WSImportSSLByPass.java 如何使用 "c:\Program Files\Java\jdk1.8.0_40\bin\java" -cp "c:\Program Files\Java\jdk1.8.0_40\lib\tools.jar";. WSImportSSLByPass %wsimport args% 代码
投入 WSImportSSLByPass.java ```
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class WSImportSSLByPass {

    public static void main(String[] args) throws Throwable{
        configureBypassSSL();
        com.sun.tools.internal.ws.WsImport.main(args);
    }

    private static void configureBypassSSL() throws NoSuchAlgorithmException,
            KeyManagementException {
        SSLContext ssl_ctx = SSLContext.getInstance("SSL");
        TrustManager[] trust_mgr = get_trust_mgr();
        ssl_ctx.init(null, // key manager
                trust_mgr, // trust manager
                new SecureRandom()); // random number generator
        SSLSocketFactory sf = ssl_ctx.getSocketFactory();

        HttpsURLConnection.setDefaultSSLSocketFactory(sf);
        HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostVerifier());
    }

    private static TrustManager[] get_trust_mgr() {
        TrustManager[] certs = new TrustManager[] { new X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            public void checkClientTrusted(X509Certificate[] certs, String t) {
            }

            public void checkServerTrusted(X509Certificate[] certs, String t) {
            }
        } };
        return certs;
    }
}
class DummyHostVerifier implements HostnameVerifier {

    public boolean verify(String name, SSLSession sess) {
        return true;
    }
}
6yoyoihd

6yoyoihd2#

在双向ssl握手的情况下,我们可以这样修改wsimportsslbaypass类

import com.sun.tools.internal.ws.WsImport;

public class OCBWSImport {

    /**
     * @param args the command line arguments
     */
    public static void main(String[] args) throws Throwable {
        // TODO code application logic here
        //System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Java\\jdk1.8.0_131\\jre\\lib\\security\\cacerts");
        //System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
        //System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");

        //Certificate for 2-way handshake
        System.setProperty("javax.net.ssl.keyStore", "D:\\tuanpa\\yourp12file.p12");
        System.setProperty("javax.net.ssl.keyStorePassword", "password of p12 file");

        //Hostname checking bypass
        javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
                new javax.net.ssl.HostnameVerifier() {

            public boolean verify(String hostname,
                    javax.net.ssl.SSLSession sslSession) {
                //return hostname.equals("192.168.1.10");
                return true;
            }
        });
        WsImport.main(args);
    }

}

相关问题