我们的目标服务器 (censored.local) 具有 HTTPS 证书,CN = censored.com, *.censored.com测试引发异常:javax.net.ssl.SSLException: Certificate for "censored.local" doesn't match any of the subject alternative names: [censored.com, *.censored.com]我理解为什么会发生这种情况(RFC 2818),但我想出于测试目的绕过它。无法在目标服务器上安装不同的证书。.relaxedHTTPSValidation() 和 .allowAllHostnames() 不起作用。所以,我尝试编写代码:我的测试课:....given().spec(reqSpec)...我的配置类:public abstract class Configurator { protected static TestEnv envConf = chooseEnv(); protected static RequestSpecification reqSpec; static { try { reqSpec = configureRestAssured(); } catch (Exception e) {e.printStackTrace(); } } protected static TestEnv chooseEnv() { // Some logic following to select an instance from TestEnv (not shown here) ... envConf = TestEnv.BETA; return envConf; } protected static RequestSpecification configureRestAssured() { RequestSpecification reqSpec = new RequestSpecBuilder().build(); reqSpec .header("Authorization", String.format("Bearer %s", envConf.getBearerToken())) // This gets the censored.local URI: .baseUri(envConf.getBaseURI()) .config(getRAconfig()); return reqSpec; } private static RestAssuredConfig getRAconfig() { SSLSocketFactory sslSocket = getSSLsocket (envConf.getKeystoreFile(), "keystorePassword", "PrivateKeyPassword"); RestAssuredConfig raConfig = RestAssuredConfig.config() .sslConfig(SSLConfig.sslConfig().sslSocketFactory(sslSocket)); return raConfig; }STRICT基本上显示了我的问题吗?如果是这样,如何破解非严格的 x509HostnameVerifier?另外,我知道以下内容,但不知道如何将其用于我的放心连接:https://tutoref.com/how-to-disable-ssl-certificat-validation-in-java/
1 回答
Cats萌萌
TA贡献1805条经验 获得超9个赞
我找到了根据需要自定义 SSL 配置的方法。附有稍微审查的代码。寻找“圣杯”评论:
protected static RequestSpecification configureRestAssured() {
// Create the ReqSpec instance:
RequestSpecification reqSpecToBuild = new RequestSpecBuilder().build();
// Configure more simple stuff for common request specification:
reqSpecToBuild
.header("Content-Type", "application/json")
.baseUri(envConf.getBaseURI())
.config(getRAconfig());
return reqSpecToBuild;
}
// Add extended config object to the request spec:
private static RestAssuredConfig getRAconfig() {
// Create a special socket with our keystore and ALLOW_ALL_HOSTNAME_VERIFIER:
SSLSocketFactory sslSocket = getSSLsocket (envConf.getKeystoreFile(), somePass, somePass);
// Create a configuration instance to load into the request spec via config():
RestAssuredConfig raConfigToBuild = RestAssuredConfig.config()
// Set SSL configuration into the RA configuration, with an SSLConfig object, that refers to our socket:
.sslConfig(SSLConfig.sslConfig().sslSocketFactory(sslSocket));
return raConfigToBuild;
}
private static SSLSocketFactory getSSLsocket(String ksPath, String ksPassword, String pkPassword) {
KeyStore keystore = KeyStore.getInstance("PKCS12");
// Load keystore file and password:
keystore.load(new FileInputStream(ksPath), ksPassword.toCharArray());
SSLContext context = SSLContexts.custom()
.loadKeyMaterial(keystore, pkPassword.toCharArray())
.build();
// This is the holy grail:
SSLSocketFactory sslSocketToBuild = new SSLSocketFactory(context, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
return sslSocketToBuild;
}
}
请注意,我不仅向 SSLSocketFactory 的构造函数提供一个参数,而且还提供常规参数(上下文)以及 ALLOW_ALL_HOSTNAME_VERIFIER 参数 - 这会产生影响!
添加回答
举报
0/150
提交
取消