WebMagic is an open-source web scraping framework for Java that provides a simple way to extract information from the web. When dealing with SSL/TLS secured websites (https://), you need to ensure that your scraper can handle the HTTPS protocol and verify the SSL certificates appropriately.
By default, WebMagic should be able to handle HTTPS connections without any additional setup. However, sometimes you may encounter SSL handshake errors due to various reasons like expired certificates, self-signed certificates, or certificates from an untrusted authority.
To handle SSL/TLS secured websites with WebMagic, you can follow these steps:
1. Trust All Certificates (Not recommended for production)
For development purposes or when scraping websites with self-signed certificates, you can configure WebMagic to trust all certificates. This is not recommended for production use due to security risks.
Here's an example of how to achieve this in Java:
import us.codecraft.webmagic.Site;
import us.codecraft.webmagic.Spider;
import us.codecraft.webmagic.processor.example.GithubRepoPageProcessor;
import us.codecraft.webmagic.proxy.Proxy;
import us.codecraft.webmagic.proxy.SimpleProxyProvider;
import javax.net.ssl.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public class WebMagicSSLExample {
public static void main(String[] args) {
// Trust all certs
trustAllCertificates();
Site site = Site.me().setRetryTimes(3).setSleepTime(1000)
.setTimeOut(10000);
Spider.create(new GithubRepoPageProcessor())
.addUrl("https://github.com")
.setSite(site)
.thread(5)
.run();
}
private static void trustAllCertificates() {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
}
}
};
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = (hostname, session) -> true;
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
} catch (Exception e) {
e.printStackTrace();
}
}
}
In this code, we create a custom TrustManager that does not perform any certificate validation and a HostnameVerifier that allows any hostname. Then we set these to be the default for HttpsURLConnection.
2. Using a Custom SSL Context with Trusted Certificates
For production environments, you should use a custom SSL context with a KeyStore containing the trusted certificates.
import javax.net.ssl.*;
import java.io.FileInputStream;
import java.security.KeyStore;
public class CustomSSLContext {
public SSLContext createSSLContext(String keyStorePath, String keyStorePassword) throws Exception {
// Load the keystore
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
try (FileInputStream inputStream = new FileInputStream(keyStorePath)) {
keyStore.load(inputStream, keyStorePassword.toCharArray());
}
// Create key manager
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
// Create trust manager
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
// Initialize SSL context
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new java.security.SecureRandom());
return sslContext;
}
}
You will need to initialize WebMagic's HttpClient with this custom SSLContext. This method ensures that you trust the certificates that you have added to your keystore, making it more secure than trusting all certificates.
Additional Tips
- Make sure you have the required certificates in your Java keystore. If you get SSL handshake errors, you might need to add the website's certificate to your keystore using the
keytoolcommand. - Always prefer to use a specific trust strategy that includes the certificates you know and trust rather than trusting all certificates to avoid potential security risks.
Remember to handle SSL contexts and certificates responsibly, especially when deploying your web scraper to a production environment.
