Liping Huang Liping Huang - 18 days ago 8
Java Question

HttpClient javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated when time shifted?

Due to the requirement, we need test the https connection by shift the system date to a future date like 2025-05-05, the problem is when using the

HttpClient
(version 4.2), will encounter the exception
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated


The simple code segment as below:

@Test
public void httpsShouldWorking() throws Exception {

HttpClient client = new DefaultHttpClient();

String urlOverHttps = "https://URL";
HttpGet getMethod = new HttpGet(urlOverHttps);
HttpResponse response = client.execute(getMethod);

assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
}


Also I google it and found a solution HttpClient with SSL

as mentioned:


Let’s now configure the http client to trust all certificate chains regardless of their validity:


But after the try, it is not working and still get the auth exception.

Is there a solution to avoid the auth when shift the system date?

Answer

It is possible to make HttpClient get around the checks of SSL certificate validity. This code can be used to obtain an instance of HttpClient:

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
......
private static HttpClient getHttpClient() {

    try {
        SSLContext sslContext = SSLContext.getInstance("SSL");

        sslContext.init(null,
                new TrustManager[]{new X509TrustManager() {
                    public X509Certificate[] getAcceptedIssuers() {

                        return null;
                    }

                    public void checkClientTrusted(
                            X509Certificate[] certs, String authType) {

                    }

                    public void checkServerTrusted(
                            X509Certificate[] certs, String authType) {

                    }
                }}, new SecureRandom());

        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext,SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);



        HttpClient httpClient = HttpClientBuilder.create().setSSLSocketFactory(socketFactory).build();

        return httpClient;

    } catch (Exception e) {
        e.printStackTrace();
        return HttpClientBuilder.create().build();
    }
}

The exception will no longer be thrown, when the certification is expired, the browser will issues a warning about an expired certificate and let user confirm.

Comments