个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
29
4
我正在使用一个库连接到 Azure,它使用 okhttp3 来处理连接。该库的一部分调用 okhttp3.internal.Util#platformTrustManager:
public static X509TrustManager platformTrustManager() {
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore)null);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length == 1 && trustManagers[0] instanceof X509TrustManager) {
return (X509TrustManager)trustManagers[0];
} else {
throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
}
} catch (GeneralSecurityException var2) {
throw assertionError("No System TLS", var2);
}
}
还有javax.net.ssl.TrustManagerFactory#getInstance(java.lang.String):
public static final TrustManagerFactory getInstance(String var0) throws NoSuchAlgorithmException {
Instance var1 = GetInstance.getInstance("TrustManagerFactory", TrustManagerFactorySpi.class, var0);
return new TrustManagerFactory((TrustManagerFactorySpi)var1.impl, var1.provider, var0);
}
由于某种原因,我收到javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到有效的证书路径达到要求的目标
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:320)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:284)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:169)
at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:258)
at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135)
at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:127)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at com.microsoft.rest.retry.RetryHandler.intercept(RetryHandler.java:75)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at com.microsoft.rest.interceptors.CustomHeadersInterceptor.intercept(CustomHeadersInterceptor.java:140)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at com.microsoft.rest.interceptors.UserAgentInterceptor.intercept(UserAgentInterceptor.java:83)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at com.microsoft.azure.credentials.AzureTokenCredentialsInterceptor.intercept(AzureTokenCredentialsInterceptor.java:40)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at com.microsoft.azure.management.resources.fluentcore.utils.ResourceManagerThrottlingInterceptor.intercept(ResourceManagerThrottlingInterceptor.java:54)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at com.microsoft.azure.management.resources.fluentcore.utils.ProviderRegistrationInterceptor.intercept(ProviderRegistrationInterceptor.java:40)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at com.microsoft.rest.interceptors.BaseUrlHandler.intercept(BaseUrlHandler.java:43)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at com.microsoft.rest.interceptors.RequestIdHeaderInterceptor.intercept(RequestIdHeaderInterceptor.java:29)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:257)
at okhttp3.RealCall.execute(RealCall.java:93)
at retrofit2.OkHttpCall.execute(OkHttpCall.java:186)
at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:40)
at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:24)
at rx.Observable.unsafeSubscribe(Observable.java:10327)
at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48)
at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
at rx.Observable.subscribe(Observable.java:10423)
at rx.Observable.subscribe(Observable.java:10390)
at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:443)
... 35 more
证书在sun.security.ssl.ClientHandshaker#serverCertificate处进行验证:
((X509ExtendedTrustManager)var6).checkServerTrusted((X509Certificate[])var2.clone(), var4, this.conn);
这是一个真正有效的证书,但错误仍然存在。
我不知道如何解决这个问题。我想完全禁用证书验证,但我似乎也找不到在此设置中执行此操作的方法。
为什么有效的证书会抛出此错误?
如何“安装”此证书(我只能通过调试以文本形式获取它),或禁用验证?
此外,我正在 Windows 上运行它。
最佳答案
已关注 Synoli's answer and great explanation我成功地加载了正确的 Windows 证书存储:
System.setProperty("javax.net.ssl.trustStore", "NUL");
System.setProperty("javax.net.ssl.trustStoreType", "Windows-ROOT");
我不确定 Windows 中如何保存和分隔证书,但如果没有此修复,则会加载大量证书,但我需要的证书除外。
关于java - TrustManagerFactory - 忽略证书检查,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60525974/
29
4
0
我正在尝试向现有的应用程序服务器 (TomCat) 产品添加一些额外的 JUnit 测试。我遇到了(现有的和已部署的)自定义 TrustManager 的问题。这东西在生产中工作正常,但在 JUnit
我正在使用一个库连接到 Azure,它使用 okhttp3 来处理连接。该库的一部分调用 okhttp3.internal.Util#platformTrustManager: public sta
我的应用程序有一个个人 keystore ,其中包含用于本地网络的受信任的自签名证书 - 比如 mykeystore.jks。我希望能够使用本地提供的自签名证书连接到公共(public)站点(比如 g
我有一个 SSLSocketFactory 和一个 TrustManagerFactory,如下所示: TrustManagerFactory tmf = TrustManagerFactory.ge
我已经根据安装指南设置了 Elasticsearch、Kibana 和 X-pack,并确保它们按预期工作。现在我想使用 X-Pack 中的观察者发送 Kibana 报告。我关注了this tutor
我正在研究 TrustStrategy 以与 RestTemplate 结合使用。在 isTrusted 方法中,检查(打印)的证书与 TrustManagerFactory 中定义的证书不同(此处打
我从分析中注意到,当构建器正在创建我的 OkHttpClient 时,TrustManagerFactory.getTrustManagers 似乎需要很长时间并且阻塞了我的 UI 线程在启动时。完成
我刚刚从以前的 rc5 更新到 reSTLet rc6。 Android 应用程序对外部 URL 进行简单的 https 调用。 在 rc5 中一切正常,在 rc6 中我现在得到以下错误: 08-30
我正在阅读 https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLCont
我在 JBoss 4.2.2 容器中的 Java 组件试图访问 SSL 网络服务,但出现异常(不重要,功能正常,从 ssl 网络服务检索响应)。 操作系统:AIX java : > /usr/java
我是一名优秀的程序员,十分优秀!