logo
Redian新闻
>未名空间
>Java - 爪哇娇娃
>
https certificate??
avatar
https certificate??# Java - 爪哇娇娃
w*c
1
我现在在用url写一个connection
http的连接没问题 一般的https使用普通的certificate的也没问题
但有时会遇到未知的certificate会有exception
然后这时我只能手动去把那个url上的certificate当下来放到keystore里面
然后就可以连接了
我想问有没有方式可以让java自动下载这些unknown certificate
然后我就不用每次手动去当了
//thx
avatar
t*e
2
KeyTool有command line和API方法,可以在runtime programmatically往keystore里添加certificates,thus, the approach you proposed is attainable.
avatar
w*c
3
thx! that's exactly what I want to do.
is there any document describing such a method? what is the keyword I should
google?
//bow

添加certificates,thus, the approach you proposed is attainable.

【在 t*******e 的大作中提到】
: KeyTool有command line和API方法,可以在runtime programmatically往keystore里添加certificates,thus, the approach you proposed is attainable.
avatar
k*r
5
This is really annoying, because most of the time you don't really care
about certificates. Is there a way to disable the exception, and just take
any certs?
avatar
A*o
6
write your own handshaker and eat whatever the cert given to you?

【在 k***r 的大作中提到】
: This is really annoying, because most of the time you don't really care
: about certificates. Is there a way to disable the exception, and just take
: any certs?
avatar
m*t
7

I wonder if one of those more sophisticated libraries
like httpclient has this out of box. Never had to do it
myself, so I wouldn't know.

【在 A**o 的大作中提到】
: write your own handshaker and eat whatever the cert given to you?
avatar
k*r
8
I've never done that, or researched that. Is it possible to inject my own
handler if I'm using a third party library that makes the HTTPS call?

【在 A**o 的大作中提到】
: write your own handshaker and eat whatever the cert given to you?
avatar
g*g
9
certificate is that kind of "get it once and forget about it" stuff.
What magicfat suggested is using this kind of third party to access
the url once and do the dirty work, then you can go back to your
code. You introduce some overhead but usually not a problem.

【在 k***r 的大作中提到】
: I've never done that, or researched that. Is it possible to inject my own
: handler if I'm using a third party library that makes the HTTPS call?
avatar
k*r
10
Thanks for the reply but you didn't read my post right :)
In my case, it's a third party library that I have to use, and I don't have
source for. That library is making the call to HTTPS site. Because I don't
have the source, I can not replace the http client used by that library...

【在 g*****g 的大作中提到】
: certificate is that kind of "get it once and forget about it" stuff.
: What magicfat suggested is using this kind of third party to access
: the url once and do the dirty work, then you can go back to your
: code. You introduce some overhead but usually not a problem.
avatar
g*g
11
You don't get it. Java maintains a keystore, certificate is issued by CA.
Certain CAs (M$, Sun etc.) are automatically trusted, others you need to
implement a trusting process (this is like you ssh to a new site, you need
to manually accept a certificate).
Some of these third party libraries may have implemented this trusting
process. If that's the case, then by calling these libs, you are able
to import certificate to your local keystore, then you can do whatever
you need to. You don't have to

【在 k***r 的大作中提到】
: Thanks for the reply but you didn't read my post right :)
: In my case, it's a third party library that I have to use, and I don't have
: source for. That library is making the call to HTTPS site. Because I don't
: have the source, I can not replace the http client used by that library...
avatar
k*r
12
I'm sorry but I understand that well. My question is, is there a way to
ignore the cert (use it without verifying it) and just go ahead and get the
page, like what the http client lib of the other languages or HTTP client
applications (IE/FF/etc.) let you do. I don't want to trust them, say, https
content. I have no intention of importing the certs.
avatar
w*c
13

you mean automatically import to your local keystore?
or you need to manually write some code to import?
do you know any such library?
many thanks

【在 g*****g 的大作中提到】
: You don't get it. Java maintains a keystore, certificate is issued by CA.
: Certain CAs (M$, Sun etc.) are automatically trusted, others you need to
: implement a trusting process (this is like you ssh to a new site, you need
: to manually accept a certificate).
: Some of these third party libraries may have implemented this trusting
: process. If that's the case, then by calling these libs, you are able
: to import certificate to your local keystore, then you can do whatever
: you need to. You don't have to
avatar
g*g
14
Certificate is public key, you import certificate from server so that you
can
encrypt your request and the server can decrypt it. If the server doesn't
operate on non-secure mode, I am afraid you can't do that.

the
https

【在 k***r 的大作中提到】
: I'm sorry but I understand that well. My question is, is there a way to
: ignore the cert (use it without verifying it) and just go ahead and get the
: page, like what the http client lib of the other languages or HTTP client
: applications (IE/FF/etc.) let you do. I don't want to trust them, say, https
: content. I have no intention of importing the certs.
avatar
g*g
15
Never did this before but I found some discussion about it,
http://forums.sun.com/thread.jspa?messageID=2674364

【在 w******c 的大作中提到】
:
: you mean automatically import to your local keystore?
: or you need to manually write some code to import?
: do you know any such library?
: many thanks
avatar
k*r
16
Let me rephrase: I'd like to download and use the cert, without explicitly
importing it to the key store. I can do this with IE/FF. Every time you
visit a site, even with self-signed certs, IE/FF let you ignore the issue
and view the page. I can do this with Python. I think Python skips the check
by default (although I haven't looked deaper.) But Java doesn't let you do
that easily.

【在 g*****g 的大作中提到】
: Certificate is public key, you import certificate from server so that you
: can
: encrypt your request and the server can decrypt it. If the server doesn't
: operate on non-secure mode, I am afraid you can't do that.
:
: the
: https
相关阅读
a stupid question刚才笔记本上装了Netbeans5.0, 但启动得时侯怎么特别慢呢?java developer 的工作是不是都是跟网络相关的?关于inner class的继承应该站哪条队:.NET 还是 Java/J2EE?ArrayList and Link list谁能介绍一下java有哪些比较有名的open source projectJava runtime array memory layout?AJAX or javascript forum recommendation?Converge of languages and design pattern[ZT] choose your java xml parser有没有类似MS Visual Studio的Java IDE?About TreeMap in Javahelp: Double or BigDecimalj2ee1.5/j2sd1.5发布immutable listjava的接口runnable急聘java高手辅导作业和期末考试sigh, Java needs arraycopy for imagingWho can recommend me a JavaScript IDE
logo
联系我们隐私协议©2024 redian.news
Redian新闻
Redian.news刊载任何文章,不代表同意其说法或描述,仅为提供更多信息,也不构成任何建议。文章信息的合法性及真实性由其作者负责,与Redian.news及其运营公司无关。欢迎投稿,如发现稿件侵权,或作者不愿在本网发表文章,请版权拥有者通知本网处理。