使用 mitmproxy 代理 JAVA 应用 HTTPS 请求

612 查看

背景问题

设置 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8080 使 JAVA 应用所有 HTTPS 请求经过 mitmproxy 代理发出. 结果得到下面的错误:

Server access Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested ...

环境

Mac OSX 10.10.2
java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)

解决方案

mitmproxy 的证书导入到 JDK 默认的 keystore 中:

sudo keytool -importcert -alias mitmproxy  \
-keystore <keystore_path> \
-storepass <password> \
-trustcacerts \
-file ~/.mitmproxy/mitmproxy-ca-cert.pem

password 默认是 changeit

查明 keystore 路径

scala -e 'import java.net._; new URL("https://www.wacai.com").openConnection.asInstanceOf[HttpURLConnection].disconnect' -Djavax.net.debug=SSL | grep "trustStore is"