java.security.cert.CertificateException:不存在主题替代名称;

时间:2016-01-17 18:19:44

标签: java ssl wso2 ssl-certificate wso2-am

我正在使用WSO2 API Manager版本1.9.1。在这个工具中,我发布了我的示例项目(即proxied)并订阅该项目以获取消费者密钥和秘密。这个工具也给了我CURL命令,它工作正常。

以下CURL命令运行正常。

curl -k -d "grant_type=password&username=XXXXX&password=XXXXX" -H "Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, Content-Type: application/x-www-form-urlencoded" https://XXXXXXXXXXX:XXXX/token

现在我正在尝试使用java开发RestTemplate代码,该SSL protected site代码将连接到cert verification而不insecure,即public static void main(String[] args) { HttpHeaders headers = new HttpHeaders(); headers.add("Accept", "application/json"); headers.add("Content-Type", MediaType.APPLICATION_FORM_URLENCODED.toString()); headers.add("Authorization", "Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); String url = "https://XXXXXXXXXXXXXX:XXXX/token"; String data = "grant_type=password&username=XXXXX&password=XXXXX"; RestTemplate restTemplate = new RestTemplate(); HttpEntity<String> entity = new HttpEntity<String>(data,headers); HttpEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, entity, String.class); System.out.println("RESPONSE : "+response.getBody()); } 方式查看上面的CURL命令。 到目前为止,我开发了以下代码,但是当我运行时,我看到以下错误。

Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://XXXXXXXXXXX:8243/token":java.security.cert.CertificateException: No subject alternative names present; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:580)
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:530)
    at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:448)
    at com.java.wso2.TokenDemo.main(TokenDemo.java:74)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
    at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:81)
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:569)
    ... 3 more

我面临的错误。 请建议我们如何连接到SSL站点不安全的方式,同样的curl命令呢?

define-key

我们如何解决这个错误?偏离我的问题与javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

不相似

1 个答案:

答案 0 :(得分:6)

通过应用以下代码可以解决以下问题,这些代码以不安全的方式连接到受SSL保护的站点。 (注意:为了使用cert enable连接到SSL站点,您需要添加tomcat SSL配置。)

以下代码可以正常使用。

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.web.client.RestTemplate;


static {
        disableSslVerification();
    }

    private static void disableSslVerification() {
        try{
            // Create a trust manager that does not validate certificate chains
            TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                }
                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                }
            }
            };

            // Install the all-trusting trust manager
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

            // Create all-trusting host name verifier
            HostnameVerifier allHostsValid = new HostnameVerifier() {
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            };

            // Install the all-trusting host verifier
            HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
    }

    public static void main(String[] args) {
        HttpHeaders headers = new HttpHeaders();
        headers.add("Accept", "application/json");
        headers.add("Content-Type", MediaType.APPLICATION_FORM_URLENCODED.toString());
        headers.add("Authorization", "Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXX");

        String url = "https://XXXXXXXXXXXXX:XXXX/token";

        String dataJSON = "grant_type=password&username=XXXXX&password=XXXXX";

        RestTemplate restTemplate = new RestTemplate();
        HttpEntity<String> entity = new HttpEntity<String>(dataJSON,headers);
        HttpEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, entity, String.class);
        System.out.println("O/P : "+response.getBody());
    }