个人中心
gpt4 book ai didi

java - SOAP - PKIX 路径构建失败

转载 作者:行者123 更新时间:2023-12-01 04:50:02 25 4
gpt4 key购买 nike

我正在构建一个必须调用两个网络服务的服务器。 Web 服务具有相同的 CA 证书 (PKCS12)。

第一个通过 GET 接收请求,另一个通过 SOAP 调用接收请求。

遵循为 GET 请求创建连接的部分代码

            InputStream inputStream = null;

            // is https protocol?
            if (url.getProtocol().toLowerCase().equals("https")) {

                trustAllHosts();
                // create connection
                HttpsURLConnection httpsUrlConnection = null;
                if(proxy != null){
                    httpsUrlConnection = (HttpsURLConnection) url.openConnection(proxy);
                } else {
                    httpsUrlConnection = (HttpsURLConnection) url.openConnection();
                }
                // set the check to: do not verify
                httpsUrlConnection.setHostnameVerifier(new HostnameVerifier() {
                    @Override
                    public boolean verify(String hostname, SSLSession session) {
                        return true;
                    }
                });

                setHeaders(httpsUrlConnection, headers);    

                //set del certificato

                log.debug("set certificate for get...");
                File cerp12 = new File(Utils.getWebAppLocalPath(),"WEB-INF"+String.valueOf(File.separatorChar)+PropConfig.getProperty("cer.p12"));
                ((HttpsURLConnection) httpsUrlConnection).setSSLSocketFactory(security(cerp12,PropConfig.getProperty("cer.pwd"))); 
                httpsUrlConnection.connect();

                inputStream = httpsUrlConnection.getInputStream();

            } else {
                HttpURLConnection httpUrlConnection = null;
                if(proxy != null){
                    httpUrlConnection = (HttpURLConnection) url.openConnection(proxy);
                } else {
                    httpUrlConnection = (HttpURLConnection) url.openConnection();
                }

                setHeaders(httpUrlConnection, headers);    

                inputStream = httpUrlConnection.getInputStream();
            }

            in = new BufferedReader(new InputStreamReader(inputStream));

            String inputLine;
            while ((inputLine = in.readLine()) != null) {
                result.append(inputLine);
            }

这部分是针对 SOAP 请求的

            InputStream inputStream = null;

            // is https protocol?
            if (url.getProtocol().toLowerCase().equals("https")) {

                trustAllHosts();
                // create connection
                HttpsURLConnection httpsUrlConnection = null;
                if(proxy != null){
                    httpsUrlConnection = (HttpsURLConnection) url.openConnection(proxy);
                } else {
                    httpsUrlConnection = (HttpsURLConnection) url.openConnection();
                }
                // set the check to: do not verify
                httpsUrlConnection.setHostnameVerifier(new HostnameVerifier() {
                    @Override
                    public boolean verify(String hostname, SSLSession session) {
                        return true;
                    }
                });

                setHeaders(httpsUrlConnection, headers);    

                //set del certificato

                log.debug("set certificate for get...");
                File cerp12 = new File(Utils.getWebAppLocalPath(),"WEB-INF"+String.valueOf(File.separatorChar)+PropConfig.getProperty("cer.p12"));
                ((HttpsURLConnection) httpsUrlConnection).setSSLSocketFactory(security(cerp12,PropConfig.getProperty("cer.pwd"))); 
                httpsUrlConnection.connect();

                inputStream = httpsUrlConnection.getInputStream();

            } else {
                HttpURLConnection httpUrlConnection = null;
                if(proxy != null){
                    httpUrlConnection = (HttpURLConnection) url.openConnection(proxy);
                } else {
                    httpUrlConnection = (HttpURLConnection) url.openConnection();
                }

                setHeaders(httpUrlConnection, headers);    

                inputStream = httpUrlConnection.getInputStream();
            }

            in = new BufferedReader(new InputStreamReader(inputStream));

            String inputLine;
            while ((inputLine = in.readLine()) != null) {
                result.append(inputLine);
            }

代码几乎相同

对于 GET 请求我没有问题,但是对于 SOAP 请求 httpsUrlConnection.connect(); 抛出 PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径

最佳答案

以下是如何为 HTTPS 连接创建 ssl 上下文。 

        SSLSocketFactory socketFactory = createSSLContext().getSocketFactory();

        HttpsURLConnection connection = (HttpsURLConnection) (url).openConnection();
        connection.setSSLSocketFactory(socketFactory);

以及创建 SSL 上下文的方法。请注意,它从 .pem 文件(x509 格式)加载根服务器证书,从 .p12(pkcs12 格式)加载客户端证书。如果服务器不需要客户端证书,请为 key 管理器传递 null。如果服务器证书由权威机构颁发,且已位于 $JRE_HOME/lib/security/cacerts 中,则将 null 作为信任管理器传递。

还有一点需要注意:在 .pem 文件中,您应该将根证书存储在服务器证书的 PKIX 路径中。例如,github.com 该站点具有 PKIX 路径 CN = github.com -> CN = DigiCert High Assurance EV CA-1 -> CN = DigiCert High保证 EV 根 CA -> CN = GTE Cyber​​Trust 全局根。因此,您存储GTE Cyber​​Trust Global Root

private final SSLContext createSSLContext()
            throws NoSuchAlgorithmException, KeyStoreException,
            CertificateException, IOException,
            UnrecoverableKeyException, KeyManagementException {


        KeyStore keyStore = KeyStore.getInstance("PKCS12");

        FileInputStream fis = null;
        try {
            fis = new FileInputStream(new File(Config.getString(Config.KEYSTORE_PATH)));
        } catch (Exception ex) {
            throw new IOException("not found keystore file: " Config.getString(Config.KEYSTORE_PATH), ex);
        }
        try{
            keyStore.load(fis, Config.getString(Config.KEYSTORE_PASSWORD).toCharArray());
        }finally {
            IOUtils.closeQuietly(fis);
        }
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        FileInputStream in = new FileInputStream(Config.getString(Config.HTTPS_SERVER_CERT));
        KeyStore trustStore = KeyStore.getInstance("JKS");
        trustStore.load(null);
        try {
            X509Certificate cacert = (X509Certificate) cf.generateCertificate(in);
            trustStore.setCertificateEntry("alias", cacert);
        } finally {
            IOUtils.closeQuietly(in);
        }

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(trustStore);

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(keyStore, Config.getString(Config.KEYSTORE_PASSWORD).toCharArray());

        SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
        return sslContext;
    }

关于java - SOAP - PKIX 路径构建失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15138660/

25 4 0
文章推荐: java - html 内的样式属性 :text expression error
文章推荐: python-3.x - 逻辑不在 scipy 稀疏矩阵上
文章推荐: angular2-universal - Angular 2 Universal 404 Not Found 重定向
文章推荐: java - 在 Eclipse 中将 Java Enums 和 ArrayList 与 JAX-WS 结合使用
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com