Java HTTPComponents SOAP 请求,SSLHandshake 异常(PKIX 路径构建失败)

标签 java web-services ssl soap

我正在尝试使用 HTTPComponents 将自定义 SOAP 消息发送到特定的网络服务。我们使用证书进行通信,网络服务端点使用证书进行 https 加密。

通过自定义 Java 操作,我尝试发送 SOAP 消息,但在我执行 httppost 时抛出错误:

Executing request POST https://webserviceurl/endpoint HTTP/1.1
Exception While Connecting sun.security.validator.ValidatorException: PKIX path building failed:     sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested     target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:      sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

我对这个问题做了一些研究,显然 Java 需要在其 cacerts 中用于 web 服务 URL 的证书。我尝试使用名为 InstallCert 的 Java 工具将证书添加到 cacerts,但仍然出现此错误。

PS:我也尝试使用 keytool 将证书添加到 cacerts,但也没有成功。

那么为什么连接失败了。我需要将端点证书添加到 cacerts 文件中是否正确?关于如何解决此问题/如何成功将证书添加到受信任证书的任何想法?

这是我执行请求的完整 java 代码:

 // Trust own CA and all self-signed certs
    SSLContext sslcontext = SSLContexts.custom()
            .loadTrustMaterial(new File("C:/ourcert.p12"), "MyPass".toCharArray(),
                    new TrustSelfSignedStrategy())
            .build();        

    // Allow TLSv1 protocol only
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
            sslcontext,
            new String[] { "TLSv1" },
            null,
            SSLConnectionSocketFactory.getDefaultHostnameVerifier());

    CloseableHttpClient httpclient = HttpClients.custom()
            .setSSLSocketFactory(sslsf)
            .build();


    Byte[] result = null;
    HttpParams httpParameters = new BasicHttpParams();
    // Set the timeout in milliseconds until a connection is established.
    int timeoutConnection = 15000;
    HttpConnectionParams.setConnectionTimeout(httpParameters, timeoutConnection);
    // Set the default socket timeout (SO_TIMEOUT)
    // in milliseconds which is the timeout for waiting for data.
    int timeoutSocket = 35000;
    HttpConnectionParams.setSoTimeout(httpParameters, timeoutSocket);         

    byte[] result1 = null; 


        HttpPost httppost = new HttpPost(webserviceUrl);
        httppost.setHeader("soapaction", "aanleveren");
        httppost.setHeader("Content-Type", "text/xml; charset=utf-8");


        System.out.println("Executing request " + httppost.getRequestLine());

        try {
             HttpEntity entity = new StringEntity(soapBericht,HTTP.UTF_8);
             httppost.setEntity(entity); 
             HttpResponse response = httpclient.execute(httppost);// calling server
             HttpEntity r_entity = response.getEntity();  //get response
             if (r_entity != null) {       
                 result1 = new byte[(int) r_entity.getContentLength()];  
                 if (r_entity.isStreaming()) {
                     DataInputStream is = new DataInputStream(
                             r_entity.getContent());
                     is.readFully(result1);
                 }
             }

            EntityUtils.consume(entity);
        } catch (Exception E) {
            Core.getLogger("SBR").log(LogLevel.WARNING,"ERROR " + E.getMessage() + E.getStackTrace());
            System.out.println("Exception While Connecting " +E.getMessage());
            E.printStackTrace();
        }

        httpclient.close(); //shut down the connection

最佳答案

与其将其添加到系统根证书,不如尝试将其添加到您的应用程序信任中。

keytool -import -alias <ALIAS_NAME> -keystore <your_app_trust>.jks -trustcacerts -file <CERTIFICATE_TO_ADD.der> -v

我遇到了同样的问题,它解决了我的问题。

关于Java HTTPComponents SOAP 请求,SSLHandshake 异常(PKIX 路径构建失败),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36449105/

相关文章:

java - 如何在首选项 Activity 中显示应用程序版本?

java - 如何测试我的 Web 应用程序可以处理 "100 users"?

java - 每次调用后都有不同的Web服务对象

c++ - Boost Asio https 同步调用 - 错误代码 400 错误请求

amazon-web-services - 默认 Elastic Load Balancer DNS 与 Amazon Certificate Manager 一起使用?

ssl - 将客户端证书插入 HTTPS POST 请求

java - 准备好的SQL语句可以被数据库改写吗?

web-services - ASP.NET Web 服务错误地返回 XML 而不是 JSON

java - URL 中文件路径的 blackslah 问题

java - 使用 COM4J 连接到 Quality Center v11