您的位置:首页 > 产品设计 > UI/UE

javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building失败

2016-09-05 11:21 801 查看
调用第三方接口的时候出现了错误,错误信息是:

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:sun.security.provider.certpath.
SunCertPathBuilderException: unable to find valid certification path to requested target


这是因为第三方对证书进行了更新, 影响了https开头的接口的调用,然后我在网上找了一些解决方案,经过了修改,最终解决了问题。

修改之前调用的接口是https开头的接口,需要向第三方服务器B发送json数据,采用的是post方式,方法如下:

public class XxxUtil {

public static String sendPost(String url, String param,String token) throws Exception {
//PrintWriter out = null;
//需要用outputStreamWriter
OutputStreamWriter out=null;
BufferedReader in = null;
String result = "";
try {
URL realUrl = new URL(url);
//打开和URL之间的连接
URLConnection conn = realUrl.openConnection();
//设置通用的请求属性
conn.setRequestProperty("Accept", "application/json");
conn.setRequestProperty("connection", "Keep-Alive");
conn.setRequestProperty("user-agent","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)");
conn.setRequestProperty("Content-Type", "application/json");
conn.setRequestProperty("Authorization", token);
//发送POST请求必须设置如下两行
conn.setDoOutput(true);
conn.setDoInput(true);
//获取URLConnection对象对应的输出流
out = new OutputStreamWriter(conn.getOutputStream(), "UTF-8");
//out = new PrintWriter(conn.getOutputStream());
//发送请求参数
out.append(param);
//out.print(param);
//flush输出流的缓冲
out.flush();
//定义BufferedReader输入流来读取URL的响应
in = new BufferedReader(
new InputStreamReader(conn.getInputStream(),"UTF-8"));

String line;
while ((line = in .readLine()) != null) {
result +=  line;
}
} catch (Exception e) {
System.out.println("发送POST请求出现异常!" + e);
e.printStackTrace();
}
//使用finally块来关闭输出流、输入流
finally {
try {
if (out != null) {
out.close();
}
if ( in != null) {
in .close();
}
} catch (IOException ex) {
ex.printStackTrace();
}
}
return result;
}
}


最近两天报了上面的错误,后来修改后,https的证书发放是基于x509的 ,证书可以是自己生成的(叫做自签名证书),可以是CA中心发放的 ,X509TrustManager产生的就是一个自签名证书。配置的tomcat接受https自签名证书,代码如下:

public class XxxUtil {
//这里用到了内部类
private static class TrustAnyTrustManager implements X509TrustManager {

public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}

public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}

public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
}
}

private static class TrustAnyHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
return true;
}
}

public static String sendPost(String url, String param,String token) throws Exception {
//PrintWriter out = null;
//需要用outputStreamWriter
//新增SSL安全信任
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new java.security.SecureRandom());
//end
OutputStreamWriter out=null;
BufferedReader in = null;
String result = "";
try {
URL realUrl = new URL(url);
//打开和URL之间的连接
HttpsURLConnection conn = (HttpsURLConnection)realUrl.openConnection();
//新增conn连接属性
conn.setSSLSocketFactory(sc.getSocketFactory());
conn.setHostnameVerifier(new TrustAnyHostnameVerifier());
//end
//设置通用的请求属性
conn.setRequestProperty("Accept", "application/json");
conn.setRequestProperty("connection", "Keep-Alive");
conn.setRequestProperty("user-agent","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)");
conn.setRequestProperty("Content-Type", "application/json");
conn.setRequestProperty("Authorization", token);
//发送POST请求必须设置如下两行
conn.setDoOutput(true);
conn.setDoInput(true);
//获取URLConnection对象对应的输出流
out = new OutputStreamWriter(conn.getOutputStream(), "UTF-8");
//out = new PrintWriter(conn.getOutputStream());
//发送请求参数
out.append(param);
//out.print(param);
//flush输出流的缓冲
out.flush();
//定义BufferedReader输入流来读取URL的响应
in = new BufferedReader(
new InputStreamReader(conn.getInputStream(),"UTF-8"));

String line;
while ((line = in .readLine()) != null) {
result +=  line;
}
} catch (Exception e) {
System.out.println("发送POST请求出现异常!" + e);
e.printStackTrace();
}
//使用finally块来关闭输出流、输入流
finally {
try {
if (out != null) {
out.close();
}
if ( in != null) {
in .close();
}
} catch (IOException ex) {
ex.printStackTrace();
}
}
return result;
}
}


修改之后,功能恢复正常。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  ssl https 接口调用
相关文章推荐
新的分享
章节导航