java - Java HTTPComponents SOAP请求,SSLHandshake异常(PKIX路径构建失败)

标签 java web-services ssl soap

我正在尝试使用HTTPComponents将自定义SOAP消息发送到特定的Web服务。我们使用证书进行通信,而Web服务端点使用证书进行https加密。

通过一个自定义的Java操作,我试图发送SOAP消息,但是在执行httppost的时候抛出了一个错误:

Executing request POST https://webserviceurl/endpoint HTTP/1.1
Exception While Connecting sun.security.validator.ValidatorException: PKIX path building failed:     sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested     target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:      sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)


我对此问题进行了一些研究,显然Java需要在cacerts中用于Web服务URL的证书。使用名为InstallCert的Java工具,我尝试将证书添加到cacerts,但是仍然出现此错误。

PS:我也尝试使用keytool将证书添加到cacerts,但是也没有运气。

那么为什么连接失败。我需要将端点证书添加到cacerts文件中是否正确?关于如何解决此问题/如何将证书成功添加到受信任证书的任何想法?

这是我执行请求的完整Java代码:

 // Trust own CA and all self-signed certs
    SSLContext sslcontext = SSLContexts.custom()
            .loadTrustMaterial(new File("C:/ourcert.p12"), "MyPass".toCharArray(),
                    new TrustSelfSignedStrategy())
            .build();        

    // Allow TLSv1 protocol only
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
            sslcontext,
            new String[] { "TLSv1" },
            null,
            SSLConnectionSocketFactory.getDefaultHostnameVerifier());

    CloseableHttpClient httpclient = HttpClients.custom()
            .setSSLSocketFactory(sslsf)
            .build();


    Byte[] result = null;
    HttpParams httpParameters = new BasicHttpParams();
    // Set the timeout in milliseconds until a connection is established.
    int timeoutConnection = 15000;
    HttpConnectionParams.setConnectionTimeout(httpParameters, timeoutConnection);
    // Set the default socket timeout (SO_TIMEOUT)
    // in milliseconds which is the timeout for waiting for data.
    int timeoutSocket = 35000;
    HttpConnectionParams.setSoTimeout(httpParameters, timeoutSocket);         

    byte[] result1 = null; 


        HttpPost httppost = new HttpPost(webserviceUrl);
        httppost.setHeader("soapaction", "aanleveren");
        httppost.setHeader("Content-Type", "text/xml; charset=utf-8");


        System.out.println("Executing request " + httppost.getRequestLine());

        try {
             HttpEntity entity = new StringEntity(soapBericht,HTTP.UTF_8);
             httppost.setEntity(entity); 
             HttpResponse response = httpclient.execute(httppost);// calling server
             HttpEntity r_entity = response.getEntity();  //get response
             if (r_entity != null) {       
                 result1 = new byte[(int) r_entity.getContentLength()];  
                 if (r_entity.isStreaming()) {
                     DataInputStream is = new DataInputStream(
                             r_entity.getContent());
                     is.readFully(result1);
                 }
             }

            EntityUtils.consume(entity);
        } catch (Exception E) {
            Core.getLogger("SBR").log(LogLevel.WARNING,"ERROR " + E.getMessage() + E.getStackTrace());
            System.out.println("Exception While Connecting " +E.getMessage());
            E.printStackTrace();
        }

        httpclient.close(); //shut down the connection

最佳答案

与其将其添加到系统根证书中,不如尝试将其添加到您的应用程序信任中。

keytool -import -alias <ALIAS_NAME> -keystore <your_app_trust>.jks -trustcacerts -file <CERTIFICATE_TO_ADD.der> -v


我有同样的问题,它解决了我的问题。

关于java - Java HTTPComponents SOAP请求,SSLHandshake异常(PKIX路径构建失败),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36449105/

相关文章:

java - 使用Axis2部署Web服务时出错

tomcat - HTTPS (SSL) IE9 - FontAwesome 无法正确显示,仅显示正方形。 | Apache Tomcat

ssl - 如何获取类型为boost::asio::ssl::stream <boost::asio::ip::tcp::socket>的套接字的远程端点的ip地址

Java访问Window的 "Open with..."列表

java - Android: ContactsContract查询,需要更高级的选择字符串

java - 使用 JAX-RS/Jersey 绕过 JAX-WS SOAP 开销?

bash - 将密码短语添加到环境变量 (bashrc) 以便在重新启动 Apache 服务器时使用

java - servlet请求参数值包含&符吗?

java - 多人Java游戏-通过GUI启动服务器时程序卡住

c# - 根据环境更改肥皂 Action URI