apache httpclient 4.4的HTTPS连接

【问题标题】:HTTPs connection by apache httpclient 4.4apache httpclient 4.4的HTTPS连接
【发布时间】:2015-02-16 08:22:44
【问题描述】:

我对 httpclient 很陌生,但我想做的是从我的本地 https 服务器获取和发布内容。当我使用浏览器访问这个 url 时,我需要手动接受并继续。我几乎使用 apache 提供的这个sample code。我的编辑器就是这样

public class ClientCustomSSL {

   public final static void main(String[] args) throws Exception {
      // Trust own CA and all self-signed certs
      final SSLContext sslcontext = SSLContext.getDefault();
      // Allow TLSv1 protocol only
      final SSLConnectionSocketFactory sslsf =
            new SSLConnectionSocketFactory(sslcontext,
                  new String[] { "TLSv1" }, null,
                  SSLConnectionSocketFactory.getDefaultHostnameVerifier());
      final CloseableHttpClient httpclient =
            HttpClients.custom().setSSLSocketFactory(sslsf).build();
      try {

         final HttpGet httpget =
               new HttpGet("https://localhost:8443/portal/css/style.css");

         System.out.println("executing request " + httpget.getRequestLine());

         final CloseableHttpResponse response = httpclient.execute(httpget);
         try {
            final HttpEntity entity = response.getEntity();

            System.out.println("----------------------------------------");
            System.out.println(response.getStatusLine());
            EntityUtils.consume(entity);
         } finally {
            response.close();
         }
      } finally {
         httpclient.close();
      }
   }

}

但是,我遇到了以下异常...

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.ssl.Alerts.getSSLException(Unknown Source)
   at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
   at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
   at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
   at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
   at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
   at sun.security.ssl.Handshaker.processLoop(Unknown Source)
   at sun.security.ssl.Handshaker.process_record(Unknown Source)
   at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
   at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
   at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
   at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
   at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:354)
   at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
   at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
   at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
   at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
   at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
   at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
   at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
   at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
   at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
   at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
   at com.vmware.vdi.installer.broker.ClientCustomSSL.main(ClientCustomSSL.java:67)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
   at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
   at sun.security.validator.Validator.validate(Unknown Source)
   at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
   at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
   at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
   ... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
   at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
   at java.security.cert.CertPathBuilder.build(Unknown Source)
   ... 27 more

不知道我需要做什么......

【问题讨论】:

    标签: java apache apache-httpclient-4.x


    【解决方案1】:

    this page 中有关于此主题的解决方案。

    其中一个解决方案是更新 JRE_HOME/lib 目录中的 CACERT 文件。为此,您可以查看 here

    另一种解决方案是覆盖检查并接受不受信任的证书。

    TrustManager[] trustAllCerts = new TrustManager[] {
       new X509TrustManager() {
          public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
          }

          public void checkClientTrusted(X509Certificate[] certs, String authType) {  }

          public void checkServerTrusted(X509Certificate[] certs, String authType) {  }

       }
    };

    【讨论】:

      猜你喜欢
      • 2016-05-03
      • 2013-01-16
      • 1970-01-01
      • 1970-01-01
      • 2023-03-06
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode