gpt4 book ai didi

ssl - Springboot : PKIX path building failed/javax.net.ssl.SSLHandshakeException异常

转载 作者:太空宇宙 更新时间:2023-11-03 14:23:47 24 4
gpt4 key购买 nike

我有一个 SpringBoot 应用程序,它必须调用需要证书的 REST API。我从提出此 REST 服务的服务中获得了 2 个文件:一个 P12 文件和一个 CA 根文件。

我首先创建了一个 keystore (JKS):

keytool -keystore keystore.jks -genkey -alias client

然后我在 JKS 文件中添加了一个 CA 根:

keytool -keystore keystore.jks -import -file certeurope_root_ca_3.cer -alias cacert

现在在我的应用程序中,我必须调用其余 API:

public DocumentDto sendRequest(DocumentDto documentDto) throws Exception {

// Set variables
String ts = "C:\\keystore\\keystore.jks";
String ks = "C:\\keystore\\CERTIFICATE.p12";

String tsPassword = properties.getProperty("signature.api.passphrase");
String ksPassword = properties.getProperty("signature.api.passphrase");

KeyStore clientStore = KeyStore.getInstance("PKCS12");
clientStore.load(new FileInputStream(ks), ksPassword.toCharArray());
log.warn("# clientStore : " + clientStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(clientStore, ksPassword.toCharArray());
KeyManager[] kms = kmf.getKeyManagers();

KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(ts), tsPassword.toCharArray());

TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(trustStore);
TrustManager[] tms = tmf.getTrustManagers();

SSLContext sslContext = null;
sslContext = SSLContext.getInstance("TLS");
sslContext.init(kms, tms, new SecureRandom());

// set the URL to send the request
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
URL url = new URL(properties.getProperty("signature.api.url.full"));

// opening the connection
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();

// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) { return true; }
};

// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
HttpsURLConnection.setDefaultAllowUserInteraction( true );
HttpsURLConnection.setFollowRedirects( false );
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());

urlConnection.setRequestMethod("POST");
urlConnection.setDoOutput(true);
urlConnection.setDoInput(true);
urlConnection.setUseCaches(false);
urlConnection.setAllowUserInteraction(true);
urlConnection.setReadTimeout(15000);

// create the JSON String
ObjectMapper mapper = new ObjectMapper();
// convert an oject to a json string
String jsonInString = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(documentDto);

InputStreamReader isr=null;
try(OutputStream os = urlConnection.getOutputStream()) {
byte[] input = jsonInString.getBytes(StandardCharsets.UTF_8);
os.write(input, 0, input.length);
// check 400 & 403
if(urlConnection.getResponseCode() == 400 || urlConnection.getResponseCode() == 403) {
isr = new InputStreamReader(urlConnection.getErrorStream(), StandardCharsets.UTF_8);
String st= IOUtils.toString(isr);

log.warn("# errorStream :" + st );
} else if(urlConnection.getResponseCode() != 200) {
isr = new InputStreamReader(urlConnection.getErrorStream(), StandardCharsets.UTF_8);
String st= IOUtils.toString(isr);
} else {
isr = new InputStreamReader(urlConnection.getInputStream(), StandardCharsets.UTF_8);
}
}

// read the response
try(BufferedReader br = new BufferedReader(new InputStreamReader(urlConnection.getInputStream(), StandardCharsets.UTF_8))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}

System.out.println(jsonInString);
return documentDto;
}

我还更改了端口服务器:server.port=8443。我有两个问题:如果我有:TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");

我获得:javax.net.ssl.SSLHandshakeException:找不到受信任的证书

如果我有:TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

我获得:javax.net.ssl.SSLHandshakeException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径

我在这些东西上停留了一段时间,但我看不出哪里出了问题。

最佳答案

好吧,我找到了一个可能根本不是最优雅的解决方案。但至少它有效。我也做了一些重构......

public DocumentCreateRequestDto sendRequest(DocumentDto documentDto) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {

// Set variables
String certificate = properties.getProperty("signature.api.certificate");
String PwdPk12 = properties.getProperty("signature.api.passphrase");
String httpsRestUrl = properties.getProperty("signature.api.url.full");

HttpsURLConnection con = getHttpsURLConnection(certificate, PwdPk12, httpsRestUrl);

// create the JSON String
ObjectMapper mapper = new ObjectMapper();
// convert an oject to a json string

String jsonInString = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(documentDto);
jsonInString = "[" + jsonInString + "]";
StringBuilder response = getStringBuilder(con, jsonInString);

String output = response.toString();
output = output.substring(1, output.length()-1);

return mapper.readValue(output, DocumentCreateRequestDto.class);
}



private HttpsURLConnection getHttpsURLConnection(String certificate, String pwdPk12, String httpsRestUrl) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException {

KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream(certificate), pwdPk12.toCharArray());

TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}

@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}

@Override
public X509Certificate[] getAcceptedIssuers() {
// return new X509Certificate[0];
return null;
}
}
};

SSLContext ctx = SSLContext.getInstance("TLS");

// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) { return true; }
};


KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
kmf.init( ks, pwdPk12.toCharArray() );
ctx.init( kmf.getKeyManagers(), trustAllCerts, new SecureRandom() );

// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
HttpsURLConnection.setDefaultAllowUserInteraction( true );
HttpsURLConnection.setFollowRedirects( false );
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());


URL url = new URL(httpsRestUrl);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();

//connection
con.setRequestMethod("POST");
con.setDoOutput(true);
con.setRequestProperty("Accept-Encoding", "gzip,deflate");
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("Connection", "Keep-Alive");
con.setRequestProperty("User-Agent", "Apache-HttpClient/4.1.1 (java 1.5)");
con.setReadTimeout(15000);
con.setDoInput(true);
con.setUseCaches(false);
con.setAllowUserInteraction(true);
return con;
}

和:

private StringBuilder getStringBuilder(HttpsURLConnection con, String jsonInString) throws IOException {
InputStreamReader isr = null;
try (OutputStream os = con.getOutputStream()) {
byte[] input = jsonInString.getBytes(StandardCharsets.UTF_8);
os.write(input, 0, input.length);
// check 400 & 403
if (con.getResponseCode() == 400 || con.getResponseCode() == 403) {
isr = new InputStreamReader(con.getErrorStream(), StandardCharsets.UTF_8);
String st = IOUtils.toString(isr);

log.warn("# errorStream :" + st);
} else if (con.getResponseCode() != 200) {
isr = new InputStreamReader(con.getErrorStream(), StandardCharsets.UTF_8);
} else {
isr = new InputStreamReader(con.getInputStream(), StandardCharsets.UTF_8);
}
}

// read the response
String responseLine;
StringBuilder response = new StringBuilder();
try (BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream(), StandardCharsets.UTF_8))) {
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
}
return response;
}

关于ssl - Springboot : PKIX path building failed/javax.net.ssl.SSLHandshakeException异常,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58608755/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com