Testing with untrusted Https
Testing web applications in developmental environments that attempt to utilize Https through unsigned certificates can be challenging, especially if you’ve never had the pleasure of working with Sun’s keytool utility and X.509 security certificates.
This issue manifests itself as javax.net.ssl.SSLHandshakeExceptions and sun.security.validator.ValidatorExceptions. For example, attempting to access untrusted Https through Java may yield stack traces with these tidbits:
Javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
...
Caused by: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Solving this problem requires two steps. First, the web server’s certificate must be captured. Then, the certificate must be imported with Sun’s keytool utility (which comes with Java).
Obtaining a copy of the certificate in X.509 format requires Microsoft’s Internet Explorer. By placing the https URL into the browser window, a dialog will pop up requesting permission to accept the certificate. Click the View Certificate button and then the Details tab. In this tab, click the Copy to File button, then click Next and select the Base-64 encoded X.509 (.CER) option. After that, click Next to save the resulting file.
Importing the .cer file requires using the keytool utility, which can be found in bin directory of a Java installation. Via this tool, the .cer file is imported into a cacerts file, which is located in the lib/security directory of a Java installation. The easiest thing to do is to copy the .cer file obtained via Internet Explorer to my Java home dir/lib/security.
For example, if using the Java sdk for 1.4.2, the location on windows could be something like: C:/j2sdk1.4.2_05/jre/lib/security.
Once the .cer file has been copied to that directory, open a command prompt and either go to the security directory or use qualified paths. Type the following command:
$ ../../bin/keytool.exe -import -storepass changeit -file mycert.cer
-keystore cacerts -alias mycert
The only aspects requiring changes is the name of the certificate (in this case mycert.cer) and the alias (mycert).The keytool will issue a series of statements describing the certificate and finally request whether or not to trust the certificate. Type yes and hit enter.
The problem should be solved. Verifying things is as easy as writing a test case. For instance, the following JUnit test verifies an untrusted Https site can be hit via Jakarta’s HttpClient.
package test.com.srv.rls.https.submit;
import junit.framework.TestCase;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.GetMethod;
public class HttpsSubmitTest extends TestCase {
public void testHttpsConnection() throws Exception{
HttpClient httpclient = new HttpClient();
GetMethod httpget =
new GetMethod("https://prf.acme.com:4175/invoke/ir/rve");
try {
httpclient.executeMethod(httpget);
assertEquals("should have been 200",
200, httpget.getStatusLine().getStatusCode());
}finally {
httpget.releaseConnection();
}
}
}
Now testing web applications via JUnit extensions like jWebUnit or HttpUnit is a breeze, so long as they run in the VM which contains the updated keystore.
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
Is Eclipse IDE dying?In 2014 the Eclipse IDE is the leading development environment for Java with a market share of approximately 65%. but ac...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.