WebService系列之Axis Https(SSL)证书校验错误处理方法
【摘要】 WebService系列之Axis Https(SSL)证书校验错误处理方法
最近在用Axis调用https的接口,抛出异常:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.securi...
WebService系列之Axis Https(SSL)证书校验错误处理方法
最近在用Axis调用https的接口,抛出异常:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
异常原因是ssl证书校验失败,因为自己网站是http的,对方公司是https的接口,所以证书校验失败,处理方法是在网上找的一个不错的方法,思路是重写一个不验证证书的SocketFactory,Axis默认SocketFactory,会对server端的证书进行验证,导致验证异常
package com.common.utils.web;
import org.apache.axis.components.net.BooleanHolder;
import org.apache.axis.components.net.JSSESocketFactory;
import org.apache.axis.components.net.SecureSocketFactory;
import javax.net.ssl.*;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.util.Hashtable;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* <pre>
* Axis自定义JSSESocketFactory
* </pre>
*
* <pre>
* @author mazq
* 修改记录
* 修改后版本: 修改人: 修改日期: 2020/12/12 14:44 修改内容:
* </pre>
*/
public class WSTLSSocketSecureFactory extends JSSESocketFactory implements SecureSocketFactory { public WSTLSSocketSecureFactory(Hashtable attributes) { super(attributes); } @Override public Socket create(String host, int port, StringBuffer otherHeaders, BooleanHolder useFullURL) throws Exception{ Socket s = super.create(host, port, otherHeaders, useFullURL); ((SSLSocket)s).setEnabledProtocols(new String[] {"SSLv2Hello", "SSLv3", "TLSv1"}); return s; } @Override protected void initFactory() throws IOException { SSLContext context = null; try { context = getContext(); } catch (Exception e) { e.printStackTrace(); } this.sslFactory = context.getSocketFactory(); } protected SSLContext getContext() throws Exception { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { // Trust always } public void checkServerTrusted(X509Certificate[] certs, String authType) { // Trust always } } }; // Install the all-trusting trust manager SSLContext sslContext = SSLContext.getInstance("SSL"); // Create empty HostnameVerifier HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } }; sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); return sslContext; }
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
客户端调用时设置setProperty:
// 支持Https Webservice接口调用
AxisProperties.setProperty("axis.socketSecureFactory", WSTLSSocketSecureFactory.class.getName());
- 1
- 2
- 3
注意点,不同版本jdk对TLS验证是有差别的:oracle官网博客Diagnosing TLS, SSL, and HTTPS列出了差别
补充知识点:
- SSL:SSL 是“Secure Sockets Layer”的缩写,是在上世纪90年代中期,由网景公司设计的
- TLS:IETF 就在那年把 SSL 标准化。标准化之后的名称改为 TLS(是“Transport Layer Security”的缩写),中文叫做“传输层安全协议”
文章来源: smilenicky.blog.csdn.net,作者:smileNicky,版权归原作者所有,如需转载,请联系作者。
原文链接:smilenicky.blog.csdn.net/article/details/111309854
【版权声明】本文为华为云社区用户转载文章,如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)