在tomcat服务器中从我的webapp发送https请求时抛出Follwing异常
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径
这是我的小礼服
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package LBS;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.Proxy;
import java.net.SocketAddress;
import java.net.URL;
import java.net.URLConnection;
import javax.net.ssl.HttpsURLConnection;
//import javax.net.ssl.SSLContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.X509Certificate;
import javax.net.*;
import javax.net.ssl.*;
import java.security.cert.*;
/**
*
* @author Ruwan
*/
public class LBS2 extends HttpServlet {
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
try {
LBS2 s=new LBS2();
s.myReq();
} finally {
out.close();
}
}
public void myReq(){
System.setProperty("https.proxyHost", "10.48.242.90");
System.setProperty("https.proxyPort", "3128");
String uri = "https://somthing.com/abc?username=USERNAME&password=PASWORD";
try{
SSLContext sslctx = SSLContext.getInstance("SSL");
sslctx.init(null, new X509TrustManager[] { new MyTrustManager()}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslctx.getSocketFactory());
URL url = new URL(uri);
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("GET");
con.setDoOutput(true);
con.connect();
if (con.getResponseCode() == HttpsURLConnection.HTTP_OK) {
BufferedReader br = new BufferedReader(new
InputStreamReader(con.getInputStream()));
String line;
while((line = br.readLine()) != null) {
System.out.println(line);
}
br.close();
}
con.disconnect();
}
catch(Exception e){
System.out.println(e.toString());
}
}
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}
class MyTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String
authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String
authType) {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
请提前帮助我在此代码中找到SSL Certificat处理的问题
5 回答
这可能会有所帮助:(摘自http://code.naishe.in/2011/07/looks-like-article-no-more-unable-to.html)
PS:渴望评论如此添加作为答案 .
您的信任库不信任服务器的证书 . 您需要从服务器导出它并将其安装在客户端 . 其他人发布的链接显示了一种方法 . 真正的问题可能是服务器使用自签名证书而不是CA签名证书,这只会导致每个客户端出现此问题 . 最好的解决方案是花钱并解决这个问题 .
Problem : 普通Java程序正常工作但是tomcat服务器中的webapp工作不正常,尽管我使用了相同的方法/代码
Solution: 所以我为tomcat配置了SSL证书 . 如果有任何一个有同样的问题 . 只需为tomcat配置SSL证书即可 .
This will be helpful to configure tomcat for SSL Certificate
感谢您的所有答案和评论 . :)
来自赛门铁克的有效签名通配符证书存在同样的问题 .
首先尝试用 -Djavax.net.debug=SSL 运行你的java应用程序,看看到底发生了什么 .
我最终 importing the intermediate certificate 导致证书链断裂 .
我从赛门铁克下载了缺少的中间证书(您可以在ssl握手日志中看到缺少证书的下载链接:在我的情况下是http://svrintl-g3-aia.verisign.com/SVRIntlG3.cer) .
我在java密钥库中导入了cert . 导入中间证书后,我的通配符ssl证书终于开始工作了:
您需要返回null以绕过证书验证