java后端訪問https證書的問題及解決

更新時間：2022年10月27日 11:02:40 作者：阿拉的夢想

這篇文章主要介紹了java后端訪問https證書的問題及解決，具有很好的參考價值，希望對大家有所幫助。如有錯誤或未考慮完全的地方，望不吝賜教

java后端通過https獲取圖片

? ? public static void main(String[] args) {
? ? ? ? try {
? ? ? ? ? ? BufferedImage image = ImageIO.read(new URL("https://10.128.33.56:6202/object/download?pool=s_alarm&id=2dfa47ccaa56ca64c66078588977532e,360,b43e").openStream());
? ? ? ? ? ? //輸出流
? ? ? ? ? ? ByteArrayOutputStream stream = new ByteArrayOutputStream();
? ? ? ? ? ? ImageIO.write(image, "jpg", stream);
? ? ? ? ? ? String str = Base64.encodeBase64String(stream.toByteArray()).replaceAll(" ", "+").replaceAll("\r|\n", "");
? ? ? ? ? ? System.out.println(str);
? ? ? ? } catch (Exception e) {
? ? ? ? ? ?log.error("獲取圖片異常",e);
? ? ? ? }
? ? }

報錯如下

因為沒有安裝證書

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
   at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
   at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
   at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846)
   at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
   at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
   at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
   at InstallCert.main(InstallCert.java:63)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
   at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
   at sun.security.validator.Validator.validate(Validator.java:203)
   at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
   at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158)
   at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
   at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)
   ... 7 more

安裝證書，解決

1.瀏覽器訪問此地址，點擊證書

2.下載證書

3.將證書復(fù)制到j(luò)dk目錄

D:\program\Java\jdk1.8.0_271\jre\lib\security 下面

安裝證書：keytool -import -alias abc -keystore cacerts -file img_https.cer -storepass changeit
刪除證書：keytool -delete -keystore cacerts -file img_https.cer -storepass changeit

安裝完成。

然后又報錯

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 10.128.33.56 found
   at sun.security.ssl.Alert.createSSLException(Alert.java:131)
   at sun.security.ssl.TransportContext.fatal(TransportContext.java:353)
   at sun.security.ssl.TransportContext.fatal(TransportContext.java:296)
   at sun.security.ssl.TransportContext.fatal(TransportContext.java:291)
   at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652)
   at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471)
   at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367)
   at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376)
   at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
   at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
   at sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
   at sun.security.ssl.SSLTransport.decode(SSLTransport.java:154)
   at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1279)
   at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1188)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:401)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373)
   at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:587)
   at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
   at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)
   at java.net.URL.openStream(URL.java:1067)
   at cn.cloudwalk.util.ImageUtils.main(ImageUtils.java:73)
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 10.128.33.56 found
   at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:173)
   at sun.security.util.HostnameChecker.match(HostnameChecker.java:99)
   at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:441)
   at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:422)
   at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:228)
   at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128)
   at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:636)
   ... 18 common frames omitted

解決

類中加入下面代碼，靜態(tài)塊中，程序啟動就運行;

測試發(fā)現(xiàn)，用下面代碼禁用SSL驗證，不用導(dǎo)入證書也可正常運行。

 static {
        disableSslVerification();
    }

    private static void disableSslVerification() {
        try
        {
            // Create a trust manager that does not validate certificate chains
            TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
                @Override
                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                }
                @Override
                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                }
            }
            };

            // Install the all-trusting trust manager
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

            // Create all-trusting host name verifier
            HostnameVerifier allHostsValid = new HostnameVerifier() {
                @Override
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            };

            // Install the all-trusting host verifier
            HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
    }

這樣就可以正常訪問到https的資源了。

以上為個人經(jīng)驗，希望能給大家一個參考，也希望大家多多支持腳本之家。

您可能感興趣的文章: