访问HTTPS请求遇到SSL信任问题
在Java编程中,请求远程https链接的时候,如果报了这个错误该如何解决呢?
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
解决方案有两种
一、获得有效证书
编译安装证书程序 javac InstallCert.java(代码如下)
可以通过命令行 javac InstallCert.java 编译
/** Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.** Redistribution and use in source and binary forms, with or without* modification, are permitted provided that the following conditions* are met:** - Redistributions of source code must retain the above copyright* notice, this list of conditions and the following disclaimer.** - Redistributions in binary form must reproduce the above copyright* notice, this list of conditions and the following disclaimer in the* documentation and/or other materials provided with the distribution.** - Neither the name of Sun Microsystems nor the names of its* contributors may be used to endorse or promote products derived* from this software without specific prior written permission.** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.*/import java.io.*;
import java.net.URL;import java.security.*;
import java.security.cert.*;import javax.net.ssl.*;public class InstallCert {public static void main(String[] args) throws Exception {String host;int port;char[] passphrase;if ((args.length == 1) || (args.length == 2)) {String[] c = args[0].split(":");host = c[0];port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);String p = (args.length == 1) ? "changeit" : args[1];passphrase = p.toCharArray();} else {System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");return;}File file = new File("jssecacerts");if (file.isFile() == false) {char SEP = File.separatorChar;File dir = new File(System.getProperty("java.home") + SEP+ "lib" + SEP + "security");file = new File(dir, "jssecacerts");if (file.isFile() == false) {file = new File(dir, "cacerts");}}System.out.println("Loading KeyStore " + file + "...");InputStream in = new FileInputStream(file);KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());ks.load(in, passphrase);in.close();SSLContext context = SSLContext.getInstance("TLS");TrustManagerFactory tmf =TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());tmf.init(ks);X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);context.init(null, new TrustManager[] {tm}, null);SSLSocketFactory factory = context.getSocketFactory();System.out.println("Opening connection to " + host + ":" + port + "...");SSLSocket socket = (SSLSocket)factory.createSocket(host, port);socket.setSoTimeout(10000);try {System.out.println("Starting SSL handshake...");socket.startHandshake();socket.close();System.out.println();System.out.println("No errors, certificate is already trusted");} catch (SSLException e) {System.out.println();e.printStackTrace(System.out);}X509Certificate[] chain = tm.chain;if (chain == null) {System.out.println("Could not obtain server certificate chain");return;}BufferedReader reader =new BufferedReader(new InputStreamReader(System.in));System.out.println();System.out.println("Server sent " + chain.length + " certificate(s):");System.out.println();MessageDigest sha1 = MessageDigest.getInstance("SHA1");MessageDigest md5 = MessageDigest.getInstance("MD5");for (int i = 0; i < chain.length; i++) {X509Certificate cert = chain[i];System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());System.out.println(" Issuer " + cert.getIssuerDN());sha1.update(cert.getEncoded());System.out.println(" sha1 " + toHexString(sha1.digest()));md5.update(cert.getEncoded());System.out.println(" md5 " + toHexString(md5.digest()));System.out.println();}System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");String line = reader.readLine().trim();int k;try {k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;} catch (NumberFormatException e) {System.out.println("KeyStore not changed");return;}X509Certificate cert = chain[k];String alias = host + "-" + (k + 1);ks.setCertificateEntry(alias, cert);OutputStream out = new FileOutputStream("jssecacerts");ks.store(out, passphrase);out.close();System.out.println();System.out.println(cert);System.out.println();System.out.println("Added certificate to keystore 'jssecacerts' using alias '"+ alias + "'");}private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();private static String toHexString(byte[] bytes) {StringBuilder sb = new StringBuilder(bytes.length * 3);for (int b : bytes) {b &= 0xff;sb.append(HEXDIGITS[b >> 4]);sb.append(HEXDIGITS[b & 15]);sb.append(' ');}return sb.toString();}private static class SavingTrustManager implements X509TrustManager {private final X509TrustManager tm;private X509Certificate[] chain;SavingTrustManager(X509TrustManager tm) {this.tm = tm;}public X509Certificate[] getAcceptedIssuers() {throw new UnsupportedOperationException();}public void checkClientTrusted(X509Certificate[] chain, String authType)throws CertificateException {throw new UnsupportedOperationException();}public void checkServerTrusted(X509Certificate[] chain, String authType)throws CertificateException {this.chain = chain;tm.checkServerTrusted(chain, authType);}}}
class文件生成后,运行安装证书程序生成证书
java InstallCert smtp.zhangsan.com:465
如果不加参数password和host的端口号,上面的获取证书程序中默认给的端口号是:443,密码是:changeit
根据运行提示信息,输入1,回车,在当前目录下生成名为: jssecacerts 的证书
将证书放置到$JAVA_HOME/jre/lib/security目录下, 切记该JDK的jre是工程所用的环境!!!
二、忽略证书信任问题
通过工具类来实行(代码如下)
import lombok.extern.slf4j.Slf4j;
import sun.net.www.protocol.https.HttpsURLConnectionImpl;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;@Slf4j
public class HttpsURLValidator {HostnameVerifier hv = new HostnameVerifier() {public boolean verify(String urlHostName, SSLSession session) {System.out.println("Warning: URL Host: " + urlHostName + " vs. "+ session.getPeerHost());return true;}};/*** https忽略SSL的方法* @param url*/public static void httpsRequestTrue(String url){//访问https地址直接调用这个方法try {//忽略https证书的再请求HttpsURLValidator.trustAllHttpsCertificates();HostnameVerifier hv = new HostnameVerifier() {public boolean verify(String urlHostName, SSLSession session) {return true;}};URL u = new URL(url);HttpsURLConnection.setDefaultHostnameVerifier(hv);URLConnection urlConnection = (HttpsURLConnectionImpl)u.openConnection();}catch (Exception e){log.error(e.getMessage());}}protected final String retrieveResponseFromServer(final URL validationUrl,final String ticket) {HttpURLConnection connection = null;try {connection = (HttpURLConnection) validationUrl.openConnection();final BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));String line;final StringBuffer stringBuffer = new StringBuffer(255);synchronized (stringBuffer) {while ((line = in.readLine()) != null) {stringBuffer.append(line);stringBuffer.append("\n");}return stringBuffer.toString();}} catch (final IOException e) {log.error(e.getMessage());return null;} catch (final Exception e1){log.error(e1.getMessage());return null;}finally {if (connection != null) {connection.disconnect();}}}protected static void trustAllHttpsCertificates() throws Exception {javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];javax.net.ssl.TrustManager tm = new miTM();trustAllCerts[0] = tm;javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");sc.init(null, trustAllCerts, null);javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());}static class miTM implements javax.net.ssl.TrustManager,javax.net.ssl.X509TrustManager {public java.security.cert.X509Certificate[] getAcceptedIssuers() {return null;}public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) {return true;}public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) {return true;}public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)throws java.security.cert.CertificateException {return;}public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)throws java.security.cert.CertificateException {return;}}
}
使用方式,直接使用
HttpsURLValidator.httpsRequestTrue(url); //url为https请求地址
以上两种方式经实测都有效
转载于:java开发https请求ssl不受信任问题解决方法
访问HTTPS请求遇到SSL信任问题相关推荐
- 谷歌浏览器访问https请求总是显示不安全提示
谷歌浏览器访问https请求总是显示不安全提示: 鼠标右键–>属性–>目标–> --allow-running-insecure-content 如下图所示:注意.exe后面有空格 ...
- JAVA实现发送HTTPS请求(SSL双向认证)
一.项目背景 Java项目需要作为客户端发起HTTPS请求访问服务端,并且需要携带证书进行SSL双向认证,当前提供的证书相关文件有:ca.crt.ca.key.client.crt.client.ke ...
- python接口自动化(十二)--https请求(SSL)(详解)
简介 本来最新的requests库V2.13.0是支持https请求的,但是一般写脚本时候,我们会用抓包工具fiddler,这时候会 报:requests.exceptions.SSLError: [ ...
- springboot 使用restTemplate 发送https请求 忽略ssl证书
最近在写接口的时候给对方回推数据,发送https请求的时候遇到这么个报错:javax.net.ssl.SSLHandshakeException: sun.security.validator.Val ...
- python怎么爬虫https的内容_爬虫15 python 如何处理HTTPS请求访问 SSL证书验证
1 https和SSL之间是什么关系 https和SSL之间是什么关系:https就是在http上面加了一层ssl协议,在http站点上部署SSL数字证书就变成了https. 现在随处可见 https ...
- Python3处理HTTPS请求 SSL证书验证
Python3处理HTTPS请求 SSL证书验证 金融类的公司网站一般都是https 开头的网站,urllib.request可以为 HTTPS 请求验证SSL证书,就像web浏览器一样,如果网站的S ...
- XP系统下IE7访问HTTPS网站提示“此网站的安全证书有问题”的解题思路
没有正式阐述解题思路之前,我们先了解下HTTPS.SSL的相关知识点.SSL(Secure Socket Layer)是目前解决传输层安全问题的一个主要协议,其设计的初衷是基于TCP协议之上提供可靠 ...
- 无证书访问https外部接口
楼主公司需要调用gis服务器,但是服务器提供的https请求,同时公司也没有证书,这样会照成访问后不能直接调到接口,需要手动添加证书.所以用一下方式调用https接口可以避免上述情况. java直接访 ...
- 记录一次nginx升级,支持ipv4和ipv6访问https
项目要求,需要让现有网站项目支持https,并同时支持ipv6访问,经过分析,现在nginx版本较老,所以决定升级nignx,并且同步配置https和ipv6. 升级准备 服务器网络环境需要支持ipv ...
最新文章
- 综述:激光雷达全景分割的传统点云聚类方法的技术总结
- 杰奇数据库mysql_杰奇模板出现Unable to save result set in…可尝试修复数据库
- 8.1 概述-机器学习笔记-斯坦福吴恩达教授
- golang网络编程基础知识:OSI网络模型、IP、端口号详解
- Quagga的安装碰到的问题
- stick和stuck的区别_怎样区别“stick to”、“stick with”和“stick by”这三个表达?...
- 更简洁的方式修改Chrome的User Agent,轻松体验移动版网络
- 开发经验漫谈 -- Git在开发流程中的运用
- Hessian学习(springboot环境)
- DevOps使用教程 华为云(11)git分支怎么用 分支合并 评审
- c语言ftell函数,C语言中ftell函数的使用方法
- 12306智能刷票,订票
- 英特尔卖了通信与手机处理器,中国厂商是哭还是笑?
- 让老照片重现光彩:Bringing Old Photos Back to Life(实战)
- 全排列(下一个排列,算法)
- Unity中ComputeShader入门
- 求每个月的最后一天日期
- 老板儿子来公司实习,还让我带着他学Python?搞笑
- 代码风格检查工具vera++
- 【ISP】Sharpen(2)
热门文章
- vcruntime140.dll文件缺失,去哪下载vcruntime140.dll文件
- linux代码怎么运行gedit,Linux中gedit命令起什么作用呢?
- AxureRP实战(三)Banner轮播图交互(进阶篇)
- Leaflet学习教程+笔记(Mars2D)
- win10清理_win10安全清理小建议
- 24 前 K 个高频元素
- 一个Fluent动网格问题及解决方法的记录
- 鹏业安装算量喷淋管件修改问题解答
- sql server数据库中raiserror函数的用法1
- 武宣计算机培训学校,武宣县职业技术学校