Certificates does not conform toalgorithm constraints
akast:
使用burpsuite 之前要先把 java.security 文件里面的 #jdk.certpath.disabledAlgorithms=MD2 禁止掉, 否则测试https的时候会遇到错误: Burp proxy error: java.security.cert.CertificateException: Certificates does not conform toalgorithm constraints 。
===========================
回复于: 2009-10-23 11:08:43
// 自己参考别人的搞定了,由于服务器端证书验证失败,所有信任所有证书^o^。
/**
*
* 所有主机默认通过
*/
private static HostnameVerifier hnv = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
/**
*
* 关键在这信任所有证书
*/
private static TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkServerTrusted(X509Certificate[] certs,
String authType) {
return;
}
public void checkClientTrusted(X509Certificate[] certs,
String authType) {
return;
}
} // X509TrustManager
};// TrustManager[]
String keyf = "F:\\test.pfx";
String pass = "12345678";
// set up a connection
SSLSocketFactory ssf = null;
PrintWriter out = null;
BufferedReader in = null;
String result = "";
try
{
// init context
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory
.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("PKCS12");
// load keystore
ks.load(new FileInputStream(keyf), pass.toCharArray());
kmf.init(ks, pass.toCharArray());
ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
System.out.println("load keystore success.");
ssf = ctx.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(ssf);
HttpsURLConnection.setDefaultHostnameVerifier(hnv);
URL realUrl = new URL(url);
// 打开和URL之间的连接
HttpsURLConnection conn = (HttpsURLConnection) realUrl
.openConnection();
// 设置通用的请求属性
conn.setRequestProperty("accept", "*/*");
conn.setRequestProperty("connection", "Keep-Alive");
conn.setRequestProperty("user-agent",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)");
// 发送POST请求必须设置如下两行
conn.setDoOutput(true);
conn.setDoInput(true);
// 获取URLConnection对象对应的输出流
out = new PrintWriter(conn.getOutputStream());
// 发送请求参数
out.print(param);
// flush输出流的缓冲
out.flush();
// 定义BufferedReader输入流来读取URL的响应
in = new BufferedReader(
new InputStreamReader(conn.getInputStream()));
String line;
while ((line = in.readLine()) != null)
{
result += "\n" + line;
}
}
catch (Exception e)
{
System.out.println("发送POST请求出现异常!" + e);
e.printStackTrace();
}
// 使用finally块来关闭输出流、输入流
finally
{
try
{
if (out != null)
{
out.close();
}
if (in != null)
{
in.close();
}
}
catch (IOException ex)
{
ex.printStackTrace();
}
}
ps:
工行的东西一项很烂,鄙视,你看看他们的网银做的。真他妈的烂。
这段代码我见过,但是好象不是webform的写法?
****************************************
Sou[httpsurlconnection表单]:: 用java 自动登录一个网站的例子
在这个例子中,我将用java的HttpURLConnection,去登录一个web 站点。用这种方法的时候,一般是在一个form 中登录的。
在这个例子中,用到如下工具 :
1. Google chrome 浏览器。
2. jsoup 库,用来提取html form 表单中的值. (你可以在这里下载 http://jsoup.org/ )
3. jdk 6.
一。分析http header,form data
要登录一个网站,必须知道的几件事:
1. 登录的 URL
2. 登录所需要的数据
3. 认证的URL
4. Http request/response header.
用chrome 浏览器打开上述页面,然后右键点击页面,可以看到 "查看元素" inspect element, 然后选择 网络 network Tab 页。首先打开gooogle 网站,并尝试登录,查看http request,response 数据,在后面我们会模拟这些数据.
二. 用 HttpsURLConnection 完成demo
1. 发送 http get 请求 到 google 的登录form: https://accounts.google.com/ServiceLoginAuth
2. 通过google 浏览器分析 网络 tab 页面,
3. 利用jsoup 得到form 里面隐藏的数据,然后放入自己的username 和 password
4. 发送post 请求
5. 认证完毕,发送另外一个请求到gmail 页面。(这里仅仅是例子,如果是为了访问gmail ,可以直接利用google 提供的 GMAIL API 去完成)
private void sendPost(String url, String postParams) throws Exception {
URL obj = new URL(url);
conn = (HttpsURLConnection) obj.openConnection();
// Acts like a browser
conn.setUseCaches(false);
conn.setRequestMethod("POST");
conn.setRequestProperty("Host", "accounts.google.com");
conn.setRequestProperty("User-Agent", USER_AGENT);
conn.setRequestProperty("Accept",
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
conn.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
for (String cookie : this.cookies) {
conn.addRequestProperty("Cookie", cookie.split(";", 1)[0]);
}
conn.setRequestProperty("Connection", "keep-alive");
conn.setRequestProperty("Referer", "https://accounts.google.com/ServiceLoginAuth");
conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
conn.setRequestProperty("Content-Length", Integer.toString(postParams.length()));
conn.setDoOutput(true);
conn.setDoInput(true);
// Send post request
DataOutputStream wr = new DataOutputStream(conn.getOutputStream());
wr.writeBytes(postParams);
wr.flush();
wr.close();
int responseCode = conn.getResponseCode();
System.out.println("\nSending 'POST' request to URL : " + url);
System.out.println("Post parameters : " + postParams);
System.out.println("Response Code : " + responseCode);
BufferedReader in =
new BufferedReader(new InputStreamReader(conn.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
// System.out.println(response.toString());
}
private String GetPageContent(String url) throws Exception {
URL obj = new URL(url);
conn = (HttpsURLConnection) obj.openConnection();
// default is GET
conn.setRequestMethod("GET");
conn.setUseCaches(false);
// act like a browser
conn.setRequestProperty("User-Agent", USER_AGENT);
conn.setRequestProperty("Accept",
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
conn.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
if (cookies != null) {
for (String cookie : this.cookies) {
conn.addRequestProperty("Cookie", cookie.split(";", 1)[0]);
}
}
int responseCode = conn.getResponseCode();
System.out.println("\nSending 'GET' request to URL : " + url);
System.out.println("Response Code : " + responseCode);
BufferedReader in =
new BufferedReader(new InputStreamReader(conn.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
// Get the response cookies
setCookies(conn.getHeaderFields().get("Set-Cookie"));
return response.toString();
}
*******************************************
java.io.IOException: HTTPS hostname wrong: should be <localhost> 错误处理
java.io.IOException: HTTPS hostname wrong: should be <localhost> 异常处理
java.io.IOException: HTTPS hostname wrong: should be <localhost>:
原因:当访问HTTPS的网址。您可能已经安装了服务器证书到您的JRE的keystore 。但这个错误是指服务器的名称与证书实际域名不相等。这通常发生在你使用的是非标准网上签发的证书。
解决方法:让JRE相信所有的证书和对系统的域名和证书域名。以下是一小段代码,可以用来实现这一目标。
public class Servlet_test {
public static void main(String[] args)throws Exception {
URL url=new URL("https://localhost:8443/sso/servlet/SyncServlet?method=deleteOrg&appid=ec28d8fd22cf4bdf0122cf53e8a10002&orgcoding=001311&memo=");
HttpsURLConnection conn=(HttpsURLConnection)url.openConnection();
conn.setHostnameVerifier(new Servlet_test().new TrustAnyHostnameVerifier());
conn.connect();
InputStream ip= conn.getInputStream();
BufferedReader br=new BufferedReader(new InputStreamReader(ip));
String line;
StringBuffer strb = new StringBuffer();
while ((line = br.readLine()) != null) {
strb.append(line);
}
String ss = strb.toString();
System.out.println(ss);
}
public class TrustAnyHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
// 直接返回true
return true;
}
}
}
如果你为服务器证书经常改变,而自己的客户端方也跟随改变而头痛的话,以上方法也适合。