gpt4 book ai didi

java - 验证服务器 Verisign 证书抛出不受信任的服务器证书异常

转载 作者:塔克拉玛干 更新时间:2023-11-03 00:10:45 28 4
gpt4 key购买 nike

我在尝试使用 HttpsURLConnection 连接到我们的后端时验证 Verisign 证书时遇到问题。

当前的认证链:$openssl s_client -connect 主机:443

0 s:/C=AT/ST=xxx/L=xxx/O=xxx/CN=host
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3

1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Auth
ority - G5

2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Auth
ority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority

3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority

我很确定我已经下载了所有证书并将其添加到 KeyStore 中,但我仍然遇到异常:“javax.net.ssl.SSLException: Not trusted server certificate”,原因是 java.security.cert.CertificateException:java.security.cert.CertPathValidatorException:找到 TrustAnchor 但证书验证失败。

我的获取连接的代码:

String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("verisign_0", getVerisign0());
keyStore.setCertificateEntry("verisign_1", getVerisign1());
keyStore.setCertificateEntry("verisign_2", getVerisign2());
keyStore.setCertificateEntry("verisign_3", getVerisign3());

String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);

SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);

HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
return urlConnection;

调用 connection.connect() 时出现问题。所有 getVerisign() 方法都会返回正确的证书。有没有我忘记的步骤?也许应该添加证书的特殊顺序?

澄清一下,我已经将这种技术与 swisssign 证书一起使用并且有效。我遇到这个问题是因为一些 Android 2.1、2.2 设备没有一些根证书。提前致谢。

堆栈跟踪:

[0] = {java.lang.StackTraceElement@830078967208}"org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)"
[1] = {java.lang.StackTraceElement@830078967584}"org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)"
[2] = {java.lang.StackTraceElement@830078967960}"org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnection.getSecureSocket(HttpConnection.java:168)"
[3] = {java.lang.StackTraceElement@830078968368}"org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:399)"
[4] = {java.lang.StackTraceElement@830078968816}"org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:147)"

最佳答案

如果没有进一步的代码,我无法判断,但是,我可以看到您加载了受信任的证书,但是您在哪里加载自己的 keystore ?如果它在其他代码中,我无法判断。

还有当您尝试使用外部信任库时会发生什么,例如$JAVA_HOME/jre/lib/security/cacerts

假设您真的想使用动态信任库(通常它们是非常静态的),请查看

http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-store/

关于java - 验证服务器 Verisign 证书抛出不受信任的服务器证书异常,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16417606/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com