为什么我的放心 POST 方法不能接受所有主机?
我们的目标服务器 (censored.local) 具有 HTTPS 证书,CN = censored.com, *.censored.com
测试引发异常:
javax.net.ssl.SSLException: Certificate for
"censored.local" doesn't match any of the subject alternative
names: [censored.com, *.censored.com]
我理解为什么会发生这种情况(RFC 2818),但我想出于测试目的绕过它。无法在目标服务器上安装不同的证书。
.relaxedHTTPSValidation() 和 .allowAllHostnames() 不起作用。所以,我尝试编写代码:
我的测试课:
...
.given().spec(reqSpec)
...
我的配置类:
public abstract class Configurator {
protected static TestEnv envConf = chooseEnv();
protected static RequestSpecification reqSpec;
static { try { reqSpec = configureRestAssured(); } catch (Exception e) {e.printStackTrace(); } }
protected static TestEnv chooseEnv() {
// Some logic following to select an instance from TestEnv (not shown here)
...
envConf = TestEnv.BETA;
return envConf;
}
protected static RequestSpecification configureRestAssured() {
RequestSpecification reqSpec = new RequestSpecBuilder().build();
reqSpec
.header("Authorization", String.format("Bearer %s", envConf.getBearerToken()))
// This gets the censored.local URI:
.baseUri(envConf.getBaseURI())
.config(getRAconfig());
return reqSpec;
}
private static RestAssuredConfig getRAconfig() {
SSLSocketFactory sslSocket = getSSLsocket (envConf.getKeystoreFile(), "keystorePassword", "PrivateKeyPassword");
RestAssuredConfig raConfig = RestAssuredConfig.config()
.sslConfig(SSLConfig.sslConfig().sslSocketFactory(sslSocket));
return raConfig;
}
STRICT基本上显示了我的问题吗?如果是这样,如何破解非严格的 x509HostnameVerifier?
另外,我知道以下内容,但不知道如何将其用于我的放心连接:https://tutoref.com/how-to-disable-ssl-certificat-validation-in-java/
扬帆大鱼1回答
-
Cats萌萌
我找到了根据需要自定义 SSL 配置的方法。附有稍微审查的代码。寻找“圣杯”评论: protected static RequestSpecification configureRestAssured() { // Create the ReqSpec instance: RequestSpecification reqSpecToBuild = new RequestSpecBuilder().build(); // Configure more simple stuff for common request specification: reqSpecToBuild .header("Content-Type", "application/json") .baseUri(envConf.getBaseURI()) .config(getRAconfig()); return reqSpecToBuild; }// Add extended config object to the request spec:private static RestAssuredConfig getRAconfig() { // Create a special socket with our keystore and ALLOW_ALL_HOSTNAME_VERIFIER: SSLSocketFactory sslSocket = getSSLsocket (envConf.getKeystoreFile(), somePass, somePass); // Create a configuration instance to load into the request spec via config(): RestAssuredConfig raConfigToBuild = RestAssuredConfig.config() // Set SSL configuration into the RA configuration, with an SSLConfig object, that refers to our socket: .sslConfig(SSLConfig.sslConfig().sslSocketFactory(sslSocket)); return raConfigToBuild;}private static SSLSocketFactory getSSLsocket(String ksPath, String ksPassword, String pkPassword) { KeyStore keystore = KeyStore.getInstance("PKCS12"); // Load keystore file and password: keystore.load(new FileInputStream(ksPath), ksPassword.toCharArray()); SSLContext context = SSLContexts.custom() .loadKeyMaterial(keystore, pkPassword.toCharArray()) .build(); // This is the holy grail: SSLSocketFactory sslSocketToBuild = new SSLSocketFactory(context, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); return sslSocketToBuild;}}请注意,我不仅向 SSLSocketFactory 的构造函数提供一个参数,而且还提供常规参数(上下文)以及 ALLOW_ALL_HOSTNAME_VERIFIER 参数 - 这会产生影响!
随时随地看视频慕课网APP
相关分类
Java