使用 MATLAB 的 urlread 命令处理无效的安全证书
我正在使用 MATLAB 的 urlread
命令,一切正常,直到服务被移动到安全服务器(即使用 HTTPS 地址而不是 HTTP 地址).现在 urlread
不再成功检索结果.它给出了一个错误:
I'm accessing an internal database using MATLAB's urlread
command, everything was working fine until the service was moved to a secure server (i.e. with an HTTPS address rather than an HTTP address). Now urlread
no longer successfully retrieves results. It gives an error:
下载网址出错.您的网络连接可能已关闭或您的代理设置配置不正确.
Error downloading URL. Your network connection may be down or your proxy settings improperly configured.
我认为问题在于该服务使用了无效的数字证书,因为如果我尝试直接在 Web 浏览器中访问该资源,我会收到不受信任的连接"警告,我可以通过将网站添加到例外列表.urlread
没有明显的方法来处理这个问题.
I believe the problem is that the service is using an invalid digital certificate since if I try to access the resource directly in a web browser I get "untrusted connection" warning which I am able to pass through by adding the site to an Exception list. urlread
doesn't have an obvious way of handling this problem.
urlread
是在使用 Java 访问 Web 资源,并在这一行抛出错误:
Under the hood urlread
is using Java to access web resources, and the error is thrown at this line:
inputStream = urlConnection.getInputStream;
其中 urlConnection
是一个 Java 对象:sun.net.www.protocol.https.HttpsURLConnectionImpl
.
where urlConnection
is a Java object: sun.net.www.protocol.https.HttpsURLConnectionImpl
.
有人建议解决此问题的方法吗?
Anyone suggest a workaround for this problem?
推荐答案
考虑下面的 Java 类.我将此页面用作参考:
Consider the following Java class. I used this page as reference:
在 HTTPS 连接中禁用证书验证p>
C:MATLABMyJavaClassescomstackoverflowDownloader.java
package com.stackoverflow;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.net.ssl.HostnameVerifier;
public class Downloader {
public static String getData(String address) throws Exception {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
// Create a host name verifier that always passes
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
// open connection
URL page = new URL(address);
HttpURLConnection conn = (HttpURLConnection) page.openConnection();
BufferedReader buff = new BufferedReader(new InputStreamReader(conn.getInputStream()));
// read text
String line;
StringBuffer text = new StringBuffer();
while ( (line = buff.readLine()) != null ) {
//System.out.println(line);
text.append(line + "
");
}
buff.close();
return text.toString();
}
public static void main(String[] argv) throws Exception {
String str = getData("https://expired.badssl.com/");
System.out.println(str);
}
}
MATLAB
首先我们编译Java类(我们必须使用与MATLAB兼容的JDK版本):
MATLAB
First we compile the Java class (we must use a JDK version compatible with MATLAB):
>> version -java
>> system('javac C:MATLABMyJavaClassescomstackoverflowDownloader.java');
接下来我们在 MATLAB 中实例化并使用它:
Next we instantiate and use it MATLAB as:
javaaddpath('C:MATLABMyJavaClasses')
dl = com.stackoverflow.Downloader;
str = char(dl.getData('https://expired.badssl.com/'));
web(['text://' str], '-new')
这里有一些带有错误 SSL 证书的 URL 需要测试:
Here are a few URLs with bad SSL certificates to test:
urls = {
'https://expired.badssl.com/' % expired
'https://wrong.host.badssl.com/' % wrong host
'https://self-signed.badssl.com/' % self-signed
'https://revoked.grc.com/' % revoked
};
<小时>
更新:我应该提一下,从 R2014b 开始,MATLAB 有一个新功能 webread
取代 urlread
.
UPDATE: I should mention that starting with R2014b, MATLAB has a new function webread
that supersedes urlread
.
相关文章