Question

我对httpclient很新，但我要做的是从本地https服务器获取和发布内容。当我使用浏览器访问此URL时，我需要手动接受并继续。我几乎使用了apache提供的sample code。在我的编辑器中就是如此

public class ClientCustomSSL {

   public final static void main(String[] args) throws Exception {
      // Trust own CA and all self-signed certs
      final SSLContext sslcontext = SSLContext.getDefault();
      // Allow TLSv1 protocol only
      final SSLConnectionSocketFactory sslsf =
            new SSLConnectionSocketFactory(sslcontext,
                  new String[] { "TLSv1" }, null,
                  SSLConnectionSocketFactory.getDefaultHostnameVerifier());
      final CloseableHttpClient httpclient =
            HttpClients.custom().setSSLSocketFactory(sslsf).build();
      try {

         final HttpGet httpget =
               new HttpGet("https://localhost:8443/portal/css/style.css");

         System.out.println("executing request " + httpget.getRequestLine());

         final CloseableHttpResponse response = httpclient.execute(httpget);
         try {
            final HttpEntity entity = response.getEntity();

            System.out.println("----------------------------------------");
            System.out.println(response.getStatusLine());
            EntityUtils.consume(entity);
         } finally {
            response.close();
         }
      } finally {
         httpclient.close();
      }
   }

}

然而，我得到了以下例外......

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.ssl.Alerts.getSSLException(Unknown Source)
   at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
   at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
   at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
   at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
   at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
   at sun.security.ssl.Handshaker.processLoop(Unknown Source)
   at sun.security.ssl.Handshaker.process_record(Unknown Source)
   at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
   at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
   at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
   at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
   at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:354)
   at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
   at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
   at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
   at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
   at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
   at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
   at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
   at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
   at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
   at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
   at com.vmware.vdi.installer.broker.ClientCustomSSL.main(ClientCustomSSL.java:67)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
   at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
   at sun.security.validator.Validator.validate(Unknown Source)
   at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
   at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
   at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
   ... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
   at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
   at java.security.cert.CertPathBuilder.build(Unknown Source)
   ... 27 more

不确定我需要做什么......

Answer 1

在this page中有关于此主题的解决方案。

其中一个解决方案是更新JRE_HOME / lib目录中的CACERT文件。为此，您可以查看here。

另一个解决方案是覆盖支票并接受不受信任的证书。

TrustManager[] trustAllCerts = new TrustManager[] {
       new X509TrustManager() {
          public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
          }

          public void checkClientTrusted(X509Certificate[] certs, String authType) {  }

          public void checkServerTrusted(X509Certificate[] certs, String authType) {  }

       }
    };

apache httpclient 4.4的HTTP连接

1 个答案: