java - 连接到 HTTPS 站点时发生 SSLHandshakeException

标签 java certificate sslhandshakeexception jks httpsurlconnection

我正在 Java HttpsURLConnection 中创建。我从网站下载了证书并使用该证书创建了文件 truststore.jks 。我的应用程序正在从 truststore.jks 获取证书并连接到网站。它可以在我的电脑上运行。但是在服务器上部署应用程序后,我得到了这个丑陋的异常:

Cause: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Stack trace:
[sun.security.ssl.Alerts.getSSLException(Unknown Source)
 sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
 sun.security.ssl.Handshaker.fatalSE(Unknown Source)
 sun.security.ssl.Handshaker.fatalSE(Unknown Source)
 sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
 sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
 sun.security.ssl.Handshaker.processLoop(Unknown Source)
 sun.security.ssl.Handshaker.process_record(Unknown Source)
 sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
 sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
 sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)

我正在 ConnectionFactory 类中创建 HttpsURLConnection,并运行 connection.getInputStream() 方法。

ConnectionFactory.java:

public final class ConnectionFactory {

    public HttpsURLConnection getHttpsURLConnection(URL url, String trustStorePath, String trustStorePassword)
            throws FileTransferWorkerException {
        KeyStore keyStore = loadKeyStore(trustStorePath, trustStorePassword);
        TrustManagerFactory trustManagerFactory = initTrustManagerFactory(keyStore);
        SSLSocketFactory sslSocketFactory = buildSSLSocketFactory(trustManagerFactory);
        return buildConnection(url, sslSocketFactory);
    }

    private KeyStore loadKeyStore(String path, String password) throws FileTransferWorkerException {
        KeyStore keystore;
        try {
            keystore = KeyStore.getInstance("JKS");
        } catch (KeyStoreException e) {
            throw new FileTransferWorkerException(e);
        }

        try (FileInputStream fileInputStream = new FileInputStream(path)) {
            keystore.load(fileInputStream, password.toCharArray());
        } catch (IOException | CertificateException | NoSuchAlgorithmException e) {
            throw new FileTransferWorkerException("Can not load keyStore from " + path, e);
        }

        return keystore;
    }

    private TrustManagerFactory initTrustManagerFactory(KeyStore keyStore) throws FileTransferWorkerException {
        TrustManagerFactory trustManagerFactory;

        try {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        } catch (NoSuchAlgorithmException e) {
            throw new FileTransferWorkerException(e);
        }

        try {
            trustManagerFactory.init(keyStore);
        } catch (KeyStoreException e) {
            throw new FileTransferWorkerException(e);
        }

        return trustManagerFactory;
    }

    private SSLSocketFactory buildSSLSocketFactory(TrustManagerFactory trustManagerFactory) throws FileTransferWorkerException {
        SSLContext sslContext;
        try {
            sslContext = SSLContext.getInstance("TLS");
        } catch (NoSuchAlgorithmException e) {
            throw new FileTransferWorkerException(e);
        }

        try {
            sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
        } catch (KeyManagementException e) {
            throw new FileTransferWorkerException(e);
        }

        return sslContext.getSocketFactory();
    }

    private HttpsURLConnection buildConnection(URL url, SSLSocketFactory sslSocketFactory) throws FileTransferWorkerException {
        HttpsURLConnection connection;

        try {
            connection = (HttpsURLConnection) url.openConnection();
        } catch (IOException e) {
            throw new FileTransferWorkerException("Can not connect to " + url.getPath(), e);
        }

        connection.setSSLSocketFactory(sslSocketFactory);
        return connection;
    }
}

并调用方法:

 private void download(URL url, String trustStorePath, String trustStorePassword, File file)
            throws IOException, FileTransferWorkerException {
        HttpsURLConnection connection = new ConnectionFactory().getHttpsURLConnection(url, trustStorePath, trustStorePassword);
        try (ReadableByteChannel reader = Channels.newChannel(connection.getInputStream()){
            ...
        } finally {
            connection.disconnect();
        }
    }

我需要使用我的 truststor.jks 文件,而不是 cacerts。您对我在哪里犯了错误有什么想法吗?帮助。

最佳答案

我想到了。在本地,我连接到公司的网络,并且拥有他们的证书(因为代理)。但服务器不使用代理,并且应该具有来自端点服务器的真实证书。

关于java - 连接到 HTTPS 站点时发生 SSLHandshakeException,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59719064/

上一篇:java - 在 Tomcat 上托管的 .jsp 应用程序上存储驱动程序 JAR 的最佳位置

下一篇:sql - 如何在 Liquibase 中对数据库架构的基线进行版本控制

相关文章:

ssl - 尝试从 Twilio 接收 SMS,twilio 出现 SSL/TLS 握手错误

batch-file - SSl Handshake_failure SOAPUI

java - AWT KeyListener react 慢

java - 存储并遍历排序的文件hdfs/spark

iOS 内部应用程序 - SSL 证书的分发

c++ - 当我尝试加载 cer 文件时 QSslCertificate 崩溃

amazon-web-services - 续订 IAM SSL 服务器证书

java - java中的方法覆盖和继承

java - Recyclerview 不在嵌套的 ScrollView 内滚动

Java - 收到致命警报 : handshake_failure

©2024 IT工具网  联系我们