由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
Java版 - https certificate??
相关主题
问个truststore问题[转载] Re: java thread problem
SSL on JBossan Array question
why it does not work?? :(((How would clear a BufferedImage?
java.security.KeyStoreQuestion on JSP EL
jar文件签名[合集] Web Service Java 客户端的问题
web服务器与客户端双向认证[合集] How to check whether a file is locked?
怎样吧byte[]变成java.security.Key?[合集] How to get all classes under a package?
Help needed on Java mail security issue[合集] java 得 inner class 有没有 static 有什么区别啊?
相关话题的讨论汇总
话题: https话题: keystore话题: do话题: library
进入Java版参与讨论
1 (共1页)
w******c
发帖数: 574
1
我现在在用url写一个connection
http的连接没问题 一般的https使用普通的certificate的也没问题
但有时会遇到未知的certificate会有exception
然后这时我只能手动去把那个url上的certificate当下来放到keystore里面
然后就可以连接了
我想问有没有方式可以让java自动下载这些unknown certificate
然后我就不用每次手动去当了
//thx
t*******e
发帖数: 684
2
KeyTool有command line和API方法,可以在runtime programmatically往keystore里添加certificates,thus, the approach you proposed is attainable.
w******c
发帖数: 574
3
thx! that's exactly what I want to do.
is there any document describing such a method? what is the keyword I should
google?
//bow

添加certificates,thus, the approach you proposed is attainable.

【在 t*******e 的大作中提到】
: KeyTool有command line和API方法,可以在runtime programmatically往keystore里添加certificates,thus, the approach you proposed is attainable.
t*******e
发帖数: 684
k***r
发帖数: 4260
5
This is really annoying, because most of the time you don't really care
about certificates. Is there a way to disable the exception, and just take
any certs?
A**o
发帖数: 1550
6
write your own handshaker and eat whatever the cert given to you?

【在 k***r 的大作中提到】
: This is really annoying, because most of the time you don't really care
: about certificates. Is there a way to disable the exception, and just take
: any certs?

m******t
发帖数: 2416
7

I wonder if one of those more sophisticated libraries
like httpclient has this out of box. Never had to do it
myself, so I wouldn't know.

【在 A**o 的大作中提到】
: write your own handshaker and eat whatever the cert given to you?
k***r
发帖数: 4260
8
I've never done that, or researched that. Is it possible to inject my own
handler if I'm using a third party library that makes the HTTPS call?

【在 A**o 的大作中提到】
: write your own handshaker and eat whatever the cert given to you?
g*****g
发帖数: 34805
9
certificate is that kind of "get it once and forget about it" stuff.
What magicfat suggested is using this kind of third party to access
the url once and do the dirty work, then you can go back to your
code. You introduce some overhead but usually not a problem.

【在 k***r 的大作中提到】
: I've never done that, or researched that. Is it possible to inject my own
: handler if I'm using a third party library that makes the HTTPS call?

k***r
发帖数: 4260
10
Thanks for the reply but you didn't read my post right :)
In my case, it's a third party library that I have to use, and I don't have
source for. That library is making the call to HTTPS site. Because I don't
have the source, I can not replace the http client used by that library...

【在 g*****g 的大作中提到】
: certificate is that kind of "get it once and forget about it" stuff.
: What magicfat suggested is using this kind of third party to access
: the url once and do the dirty work, then you can go back to your
: code. You introduce some overhead but usually not a problem.

相关主题
web服务器与客户端双向认证[转载] Re: java thread problem
怎样吧byte[]变成java.security.Key?an Array question
Help needed on Java mail security issueHow would clear a BufferedImage?
进入Java版参与讨论
g*****g
发帖数: 34805
11
You don't get it. Java maintains a keystore, certificate is issued by CA.
Certain CAs (M$, Sun etc.) are automatically trusted, others you need to
implement a trusting process (this is like you ssh to a new site, you need
to manually accept a certificate).
Some of these third party libraries may have implemented this trusting
process. If that's the case, then by calling these libs, you are able
to import certificate to your local keystore, then you can do whatever
you need to. You don't have to

【在 k***r 的大作中提到】
: Thanks for the reply but you didn't read my post right :)
: In my case, it's a third party library that I have to use, and I don't have
: source for. That library is making the call to HTTPS site. Because I don't
: have the source, I can not replace the http client used by that library...

k***r
发帖数: 4260
12
I'm sorry but I understand that well. My question is, is there a way to
ignore the cert (use it without verifying it) and just go ahead and get the
page, like what the http client lib of the other languages or HTTP client
applications (IE/FF/etc.) let you do. I don't want to trust them, say, https
content. I have no intention of importing the certs.
w******c
发帖数: 574
13

you mean automatically import to your local keystore?
or you need to manually write some code to import?
do you know any such library?
many thanks

【在 g*****g 的大作中提到】
: You don't get it. Java maintains a keystore, certificate is issued by CA.
: Certain CAs (M$, Sun etc.) are automatically trusted, others you need to
: implement a trusting process (this is like you ssh to a new site, you need
: to manually accept a certificate).
: Some of these third party libraries may have implemented this trusting
: process. If that's the case, then by calling these libs, you are able
: to import certificate to your local keystore, then you can do whatever
: you need to. You don't have to

g*****g
发帖数: 34805
14
Certificate is public key, you import certificate from server so that you
can
encrypt your request and the server can decrypt it. If the server doesn't
operate on non-secure mode, I am afraid you can't do that.

the
https

【在 k***r 的大作中提到】
: I'm sorry but I understand that well. My question is, is there a way to
: ignore the cert (use it without verifying it) and just go ahead and get the
: page, like what the http client lib of the other languages or HTTP client
: applications (IE/FF/etc.) let you do. I don't want to trust them, say, https
: content. I have no intention of importing the certs.

g*****g
发帖数: 34805
15
Never did this before but I found some discussion about it,
http://forums.sun.com/thread.jspa?messageID=2674364

【在 w******c 的大作中提到】
:
: you mean automatically import to your local keystore?
: or you need to manually write some code to import?
: do you know any such library?
: many thanks

k***r
发帖数: 4260
16
Let me rephrase: I'd like to download and use the cert, without explicitly
importing it to the key store. I can do this with IE/FF. Every time you
visit a site, even with self-signed certs, IE/FF let you ignore the issue
and view the page. I can do this with Python. I think Python skips the check
by default (although I haven't looked deaper.) But Java doesn't let you do
that easily.

【在 g*****g 的大作中提到】
: Certificate is public key, you import certificate from server so that you
: can
: encrypt your request and the server can decrypt it. If the server doesn't
: operate on non-secure mode, I am afraid you can't do that.
:
: the
: https

1 (共1页)
进入Java版参与讨论
相关主题
[合集] java 得 inner class 有没有 static 有什么区别啊?jar文件签名
[合集] Is there any free java PDF viewer?web服务器与客户端双向认证
[合集] 问一下这个cast在java里是怎么work的怎样吧byte[]变成java.security.Key?
How do I declare a transaction among 2 spring service callsHelp needed on Java mail security issue
问个truststore问题[转载] Re: java thread problem
SSL on JBossan Array question
why it does not work?? :(((How would clear a BufferedImage?
java.security.KeyStoreQuestion on JSP EL
相关话题的讨论汇总
话题: https话题: keystore话题: do话题: library