sun.security.validator.ValidatorException: PKIXpath building failed: sun.security.provider,javax.net
在java代码中调用其他项目接口,发起的是https请求。报错信息说找不到有效证书路径。
·
报错信息:
sun.security.validator.ValidatorException: PKIXpath building failed:
sun.security.provider,javax.net.ssT.SSLHandshakeExceptions.certpath.SunCertPathBuilderException: unable to find valid certification path to reguested target
问题描述:
在java代码中调用其他项目接口,发起的是https请求。报错信息说找不到有效证书路径。
问题解决:
信任所有SSL证书
1、新建一个SslUtil类
package com.asiainfo.strategy.cloud.base.utils;
import javax.net.ssl.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* @Author huoyl
* @create 2023/1/3 14:45
*/
public class SslUtil {
private static void trustAllHttpsCertificates() throws Exception {
TrustManager[] trustAllCerts = new TrustManager[1];
TrustManager tm = new miTM();
trustAllCerts[0] = tm;
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
static class miTM implements TrustManager, X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isServerTrusted(X509Certificate[] certs) {
return true;
}
public boolean isClientTrusted(X509Certificate[] certs) {
return true;
}
public void checkServerTrusted(X509Certificate[] certs, String authType)
throws CertificateException {
return;
}
public void checkClientTrusted(X509Certificate[] certs, String authType)
throws CertificateException {
return;
}
}
/**
* 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
* @throws Exception
*/
public static void ignoreSsl() throws Exception{
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
return true;
}
};
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
}
2、在HttpUtil工具类中修改代码
InputStream inputStream = null;
OutputStream outStream = null;
HttpURLConnection conn = null;
try {
byte[] entity = jsonObject.toJSONString().getBytes();
//信任所有SSL证书
URL url = new URL(path);
if("https".equalsIgnoreCase(url.getProtocol())){
SslUtil.ignoreSsl();
}
conn = (HttpURLConnection) url.openConnection();
// conn = (HttpURLConnection) new URL (path).openConnection ();
conn.setConnectTimeout (5000);// 设置超时
conn.setRequestMethod ("POST");
// 允许对外输出数据
conn.setDoOutput (true);
...
} catch (Exception e) {
e.printStackTrace ();
logger.info("http调用发生异常,错误信息:{}", e.getMessage());
} finally {
if (outStream != null) {
outStream.close();
}
if (conn != null) {
conn.disconnect ();
}
}
忽略HTTPS请求的SSL证书代码,必须在openConnection之前调用
开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!
更多推荐
已为社区贡献1条内容
所有评论(0)