证书中存在关键策略限定符

时间:2013-06-04 11:02:18

标签: java certificate

我收到了.p12证书,我需要使用网络服务。如果我在浏览器中导入证书,我可以访问该服务,但如果我尝试执行POST请求,则会收到此错误:

Caused by: java.security.cert.CertPathValidatorException: critical policy qualifiers present in certificate
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)
... 24 more

这是我的代码:

KeyStore clientStore = KeyStore.getInstance("PKCS12");
    clientStore.load(new FileInputStream("client.p12"), "password".toCharArray());

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(clientStore, "password".toCharArray());
    KeyManager[] kms = kmf.getKeyManagers();

    KeyStore trustStore = KeyStore.getInstance("JKS");
    trustStore.load(new FileInputStream("client.keystore"), "password".toCharArray());

    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(trustStore);
    TrustManager[] tms = tmf.getTrustManagers();

    SSLContext sslContext = null;
    sslContext = SSLContext.getInstance("TLS");
    sslContext.init(kms, tms, new SecureRandom());

    HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
    URL url = new URL("https://cistest.apis-it.hr:8446/g2bservis");

    HttpsURLConnection con = (HttpsURLConnection) url.openConnection();

    String query = "<SendDocument></SendDocument>";
    con.setRequestMethod("POST");

    con.setRequestProperty("Content-Type","text");
    con.setDoOutput(true);
    con.setDoInput(true);

    DataOutputStream output = new DataOutputStream(con.getOutputStream());

    output.writeBytes(query);

    output.close();

    DataInputStream input = new DataInputStream( con.getInputStream() );

    for( int c = input.read(); c != -1; c = input.read() )
        System.out.print( (char)c );
    input.close();

    System.out.println("Resp Code:"+con .getResponseCode());
    System.out.println("Resp Message:"+ con .getResponseMessage());

豁免发生在 con.getOutputStream()

1 个答案:

答案 0 :(得分:0)

我通过从chrome导出服务器的证书并使用它来代替我对页面的默认根证书来解决问题。我注意到证书可能是问题,当我能够在chrome中打开页面而不是在Firefox中打开。