报错信息:

sun.security.validator.ValidatorException: PKIXpath building failed: 
sun.security.provider,javax.net.ssT.SSLHandshakeExceptions.certpath.SunCertPathBuilderException: unable to find valid certification path to reguested target

问题描述:

在java代码中调用其他项目接口,发起的是https请求。报错信息说找不到有效证书路径。

问题解决:

信任所有SSL证书

1、新建一个SslUtil类

package com.asiainfo.strategy.cloud.base.utils;

import javax.net.ssl.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * @Author huoyl
 * @create 2023/1/3 14:45
 */
public class SslUtil {
    private static void trustAllHttpsCertificates() throws Exception {
        TrustManager[] trustAllCerts = new TrustManager[1];
        TrustManager tm = new miTM();
        trustAllCerts[0] = tm;
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    }
    static class miTM implements TrustManager, X509TrustManager {
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public boolean isServerTrusted(X509Certificate[] certs) {
            return true;
        }
        public boolean isClientTrusted(X509Certificate[] certs) {
            return true;
        }
        public void checkServerTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }
        public void checkClientTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }
    }
    /**
     * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
     * @throws Exception
     */
    public static void ignoreSsl() throws Exception{
        HostnameVerifier hv = new HostnameVerifier() {
            public boolean verify(String urlHostName, SSLSession session) {
                System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
                return true;
            }
        };
        trustAllHttpsCertificates();
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
    }
}

2、在HttpUtil工具类中修改代码


        InputStream inputStream = null;
        OutputStream outStream = null;
        HttpURLConnection conn = null;
        try {
        	byte[] entity = jsonObject.toJSONString().getBytes();
		//信任所有SSL证书
		URL url = new URL(path);
		if("https".equalsIgnoreCase(url.getProtocol())){
			SslUtil.ignoreSsl();
		}
		conn = (HttpURLConnection) url.openConnection();
//		conn = (HttpURLConnection) new URL (path).openConnection ();
            conn.setConnectTimeout (5000);// 设置超时
            conn.setRequestMethod ("POST");
            // 允许对外输出数据
            conn.setDoOutput (true);
            ...
        } catch (Exception e) {
            e.printStackTrace ();
            logger.info("http调用发生异常,错误信息:{}", e.getMessage());
        } finally {
        	if (outStream != null) {
        		outStream.close();
            }
            if (conn != null) {
                conn.disconnect ();
            }
        }

忽略HTTPS请求的SSL证书代码,必须在openConnection之前调用

解决方案参考文章https://developer.aliyun.com/article/812846

Logo

开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!

更多推荐