java - 当我尝试从我的 webapp 在 tomcat 服务器中发送 get 或 post https 请求时出现 SSLHandshakeException

Question

从我在tomcat服务器中的webapp发送https请求时抛出以下异常

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

这是我的servet

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package LBS;


import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.Proxy;
import java.net.SocketAddress;
import java.net.URL;
import java.net.URLConnection;
import javax.net.ssl.HttpsURLConnection;
//import javax.net.ssl.SSLContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.X509Certificate;
import javax.net.*;
import javax.net.ssl.*;
import java.security.cert.*;


/**
 *
 * @author Ruwan
 */
public class LBS2 extends HttpServlet {

/** 
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();
    try {
        LBS2 s=new LBS2();
        s.myReq();

    } finally {            
        out.close();
    }
}



public void myReq(){
  System.setProperty("https.proxyHost", "10.48.242.90");
  System.setProperty("https.proxyPort", "3128");
        String uri = "https://somthing.com/abc?username=USERNAME&password=PASWORD";

    try{
        SSLContext sslctx = SSLContext.getInstance("SSL");
        sslctx.init(null, new X509TrustManager[] { new MyTrustManager()}, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sslctx.getSocketFactory());
        URL url = new URL(uri);
        HttpURLConnection con = (HttpURLConnection) url.openConnection();
        con.setRequestMethod("GET");
        con.setDoOutput(true);
        con.connect();
        if (con.getResponseCode() == HttpsURLConnection.HTTP_OK) {
            BufferedReader br = new BufferedReader(new
            InputStreamReader(con.getInputStream()));
            String line;
            while((line = br.readLine()) != null) {
            System.out.println(line);
            }
            br.close();
        }
        con.disconnect();

        }
        catch(Exception e){
        System.out.println(e.toString());
        }
}


    // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the +     sign on the left to edit the code.">
    /** 
 * Handles the HTTP <code>GET</code> method.
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    processRequest(request, response);
}

/** 
 * Handles the HTTP <code>POST</code> method.
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    processRequest(request, response);
}

/** 
 * Returns a short description of the servlet.
 * @return a String containing servlet description
 */
@Override
public String getServletInfo() {
    return "Short description";
}// </editor-fold>
}


class MyTrustManager implements X509TrustManager {
        @Override
            public void checkClientTrusted(X509Certificate[] chain, String
            authType) {
            }

        @Override
            public void checkServerTrusted(X509Certificate[] chain, String
            authType) {
            }

        @Override
            public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
 }    

请帮我找出这段代码中 SSL 证书处理的问题 提前致谢

Answer 1

这可能会有所帮助:(摘自 http://code.naishe.in/2011/07/looks-like-article-no-more-unable-to.html )

Some of you may be familiar with the (not very user friendly) exception message

  javax.net.ssl.SSLHandshakeException: 
  sun.security.validator.ValidatorException: PKIX path building failed:
  sun.security.provider.certpath.SunCertPathBuilderException:
  unable to find valid certification path to requested target

when trying to open an SSL connection to a host using JSSE. What this usually means is that the server is using a test certificate (possibly generated using keytool) rather than a certificate from a well known commercial Certification Authority such as Verisign or GoDaddy. Web browsers display warning dialogs in this case, but since JSSE cannot assume an interactive user is present it just throws an exception by default.

PS:渴望评论所以添加为答案。