java - 使用 MATLAB 的 urlread 命令处理无效的安全证书

Question

我正在使用 MATLAB 的 urlread 访问内部数据库命令，一切正常，直到将服务移至安全服务器(即使用 HTTPS 地址而不是 HTTP 地址)。现在 urlread 不再成功检索结果。它给出了一个错误:

Error downloading URL. Your network connection may be down or your proxy settings improperly configured.

我认为问题是该服务使用了无效的数字证书，因为如果我尝试直接在 Web 浏览器中访问该资源，我会收到“不受信任的连接”警告，我可以通过将站点添加到异常(exception) list 。 urlread 没有明显的方法来处理这个问题。

在引擎盖下urlread是使用Java访问网络资源，并在这一行抛出错误:

inputStream = urlConnection.getInputStream;

其中 urlConnection 是一个 Java 对象:sun.net.www.protocol.https.HttpsURLConnectionImpl。

有人建议解决此问题的方法吗？

Answer 1

考虑以下 Java 类。借用这段代码:Disabling Certificate Validation in an HTTPS Connection

C:\MATLAB\MyJavaClasses\com\stackoverflow\Downloader.java

package com.stackoverflow;

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.net.ssl.HostnameVerifier;

public class Downloader {
    public static String getData(String address) throws Exception {
        // Create a trust manager that does not validate certificate chains
        TrustManager[] trustAllCerts = new TrustManager[] {
            new X509TrustManager() {
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                }
                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                }
            }
        };

        // Create a host name verifier that always passes
        HostnameVerifier allHostsValid = new HostnameVerifier() {
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        };

        // Install the all-trusting trust manager
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

        // Install the all-trusting host verifier
        HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);

        // open connection
        URL page = new URL(address);
        HttpURLConnection conn = (HttpURLConnection) page.openConnection();
        BufferedReader buff = new BufferedReader(new InputStreamReader(conn.getInputStream()));

        // read text
        String line;
        StringBuffer text = new StringBuffer();
        while ( (line = buff.readLine()) != null ) {
            //System.out.println(line);
            text.append(line + "\n");
        }
        buff.close();

        return text.toString();
    }

    public static void main(String[] argv) throws Exception {
        String str = getData("https://expired.badssl.com/");
        System.out.println(str);
    }
}

MATLAB

首先我们编译Java类(我们必须使用与MATLAB兼容的JDK版本):

>> version -java
>> system('javac C:\MATLAB\MyJavaClasses\com\stackoverflow\Downloader.java');

接下来我们实例化 MATLAB 并将其用作:

javaaddpath('C:\MATLAB\MyJavaClasses')
dl = com.stackoverflow.Downloader;
str = char(dl.getData('https://expired.badssl.com/'));
web(['text://' str], '-new')

这里有一些带有错误 SSL 证书的 URL 需要测试:

urls = {
    'https://expired.badssl.com/'       % expired
    'https://wrong.host.badssl.com/'    % wrong host
    'https://self-signed.badssl.com/'   % self-signed
    'https://revoked.grc.com/'          % revoked
};

---

更新:我应该提一下，从 R2014b 开始，MATLAB 有一个新函数 webread取代 urlread .