Java 信任所有SSL证书(解决PKIX path building failed问题)

简介: Java 信任所有SSL证书(解决PKIX path building failed问题)

java在请求某些不受信任的https网站时会报:
PKIX path building failed
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at SslTest.getRequest(SslTest.java:16)
at SslTest.main(SslTest.java:40)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:230)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 13 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 19 more

解决办法:

1、导入证书到本地证书库

2、信任所有SSL证书

最好的解决办法或许是信任所有SSL证书,因为某些时候不能每次都手动的导入证书非常麻烦。现在封装了个方法,在连接openConnection的时候忽略掉证书就行了。

1
SslUtils.ignoreSsl();

SslUtils.java:

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class SslUtils {

private static void trustAllHttpsCertificates() throws Exception {
    TrustManager[] trustAllCerts = new TrustManager[1];
    TrustManager tm = new miTM();
    trustAllCerts[0] = tm;
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, null);
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
static class miTM implements TrustManager,X509TrustManager {
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
    public boolean isServerTrusted(X509Certificate[] certs) {
        return true;
    }
    public boolean isClientTrusted(X509Certificate[] certs) {
        return true;
    }
    public void checkServerTrusted(X509Certificate[] certs, String authType)
            throws CertificateException {
        return;
    }
    public void checkClientTrusted(X509Certificate[] certs, String authType)
            throws CertificateException {
        return;
    }
}
/**
 * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
 * @throws Exception
 */
public static void ignoreSsl() throws Exception{
    HostnameVerifier hv = new HostnameVerifier() {
        public boolean verify(String urlHostName, SSLSession session) {
            System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
            return true;
        }
    };
    trustAllHttpsCertificates();
    HttpsURLConnection.setDefaultHostnameVerifier(hv);
}

}

SslTest.java:
import java.io.OutputStreamWriter;
import java.net.URL;
import java.net.URLConnection;
import org.apache.commons.io.IOUtils;
public class SslTest {

public String getRequest(String url,int timeOut) throws Exception{
    URL u = new URL(url);
    if("https".equalsIgnoreCase(u.getProtocol())){
        SslUtils.ignoreSsl();
    }
    URLConnection conn = u.openConnection();
    conn.setConnectTimeout(timeOut);
    conn.setReadTimeout(timeOut);
    return IOUtils.toString(conn.getInputStream());
}
public String postRequest(String urlAddress,String args,int timeOut) throws Exception{
    URL url = new URL(urlAddress);
    if("https".equalsIgnoreCase(url.getProtocol())){
        SslUtils.ignoreSsl();
    }
    URLConnection u = url.openConnection();
    u.setDoInput(true);
    u.setDoOutput(true);
    u.setConnectTimeout(timeOut);
    u.setReadTimeout(timeOut);
    OutputStreamWriter osw = new OutputStreamWriter(u.getOutputStream(), "UTF-8");
    osw.write(args);
    osw.flush();
    osw.close();
    u.getOutputStream();
    return IOUtils.toString(u.getInputStream());
}
public static void main(String[] args) {
    try {
        SslTest st = new SslTest();
        String a = st.getRequest("https://xxx.com/login.action", 3000);
        System.out.println(a);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

}

目录
相关文章
|
2月前
|
Java
IDEA Error:java: Compilation failed: internal java compiler error 解决办法
IDEA Error:java: Compilation failed: internal java compiler error 解决办法
|
6月前
|
Java
解决java.lang.IllegalStateException: Failed to load ApplicationContext错误~
解决java.lang.IllegalStateException: Failed to load ApplicationContext错误~
|
15天前
|
Java Maven Spring
SpringBoot运行出现 Lookup method resolution failed; nested exception is java.lang.IllegalStateException
SpringBoot运行出现 Lookup method resolution failed; nested exception is java.lang.IllegalStateException
22 0
|
2月前
|
关系型数据库 网络安全 对象存储
Flink报错问题之Flink报错java.io.EOFException: SSL peer shut down incorrectly如何解决
Flink报错通常是指在使用Apache Flink进行实时数据处理时遇到的错误和异常情况;本合集致力于收集Flink运行中的报错信息和解决策略,以便开发者及时排查和修复问题,优化Flink作业的稳定性。
|
6月前
|
Java 应用服务中间件
线上临时文件夹报错Failed to parse multipart servlet request; nested exception is java.lang.RuntimeException: java.nio.file.NoSuchFileException
Failed to parse multipart servlet request; nested exception is java.lang.RuntimeException: java.nio.file.NoSuchFileException、tmp、配置文件指定目录
121 0
|
6月前
|
Java Apache Maven
【异常解决】Handler dispatch failed;nested exception is java.lang.NoClassDefFoundError: org/apache/common
【异常解决】Handler dispatch failed;nested exception is java.lang.NoClassDefFoundError: org/apache/common
965 0
|
6月前
|
Java 网络安全 数据安全/隐私保护
【Java异常】Unrecognized SSL message, plaintext connection?https请求遇到异常分析
【Java异常】Unrecognized SSL message, plaintext connection?https请求遇到异常分析
243 0
|
7月前
|
Java 编译器
Java中环境变量 PATH 与 CLASSPATH 的区别
Java中环境变量 PATH 与 CLASSPATH 的区别
56 0
|
3月前
|
数据采集 存储 Java
Java爬虫与SSL代理:实际案例分析与技术探讨
Java爬虫与SSL代理:实际案例分析与技术探讨
|
3月前
|
安全 Java 网络安全
HTTPS的TLS/SSL协议详解及Java代码示例
HTTPS的TLS/SSL协议详解及Java代码示例
200 0