SSLPeerUnverifiedException异常

时间:2017-12-14 13:04:25

标签: http groovy http-headers

我正在尝试使用以下代码触发HTTP Get请求:

httpBuilder = new HTTPBuilder(url)
httpBuilder.setHeaders(['Authorization':'Basic MyKey'])

httpBuilder.request( GET, JSON ) {
    response.success = { resp, reader ->
    .......

我知道密钥是正确的,但我仍然从汇总付款中获取“同行未经过身份验证”的网址:https://test.api.promisepay.com/users

我检查了异常类及其SSLPeerUnverifiedException。似乎与TLS协议有关。

更新

我运行了以下两个命令:

echo -n | openssl s_client -connect test.api.promisepay.com:443 |   sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/test.api.promisepay.com.cert

证书已下载并存储在/tmp/test.api.promisepay.com.cert 

sudo keytool -importcert -alias "assembly" -file /tmp/test.api.promisepay.com.cert    -keystore /opt/java/jre/lib/security/cacerts -storepass changeit

证书已成功导入密钥库,但仍然抛出错误SSLPeerUnverifiedException exception

更新2: 

trustStore is: /opt/jdk1.7.0_80/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4eb200670c035d4f
  Valid from Wed Oct 25 14:06:00 IST 2006 until Sat Oct 25 14:06:00 IST 2036
adding as trusted cert:
  Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Issuer:  EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Algorithm: RSA; Serial number: 0x1
  Valid from Sat Jun 26 03:53:48 IST 1999 until Wed Jun 26 03:53:48 IST 2019
adding as trusted cert:
  Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
  Valid from Fri Nov 17 05:30:00 IST 2006 until Thu Jul 17 05:29:59 IST 2036
adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  Algorithm: RSA; Serial number: 0x456b5054
  Valid from Tue Nov 28 01:53:42 IST 2006 until Sat Nov 28 02:23:42 IST 2026
adding as trusted cert:
  Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
  Issuer:  CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
  Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285
  Valid from Tue May 26 05:30:00 IST 2009 until Tue May 26 05:30:00 IST 2020
adding as trusted cert:
  Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Issuer:  CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce
  Valid from Fri Aug 01 18:01:40 IST 2008 until Sat Jul 31 18:01:40 IST 2038




 /// Lots of adding as trusted cert messages...........








trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
http-bio-8080-exec-2, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  
GMT: 1513260023 
bytes = { 
59, 
22, 
52, 
225, 
123, 
49, 
3, 
40, 
88, 
64, 
182, 
97, 
150, 
68, 
98, 
52, 
74, 
82, 
175, 
184, 
181, 
239, 
34, 
60, 
214, 
113, 
43, 
80 }
Session ID:  
{}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 
0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes:  len = 149
0000: 01 00 00 91 03 01 5A 33   84 F7 3B 16 34 E1 7B 31  ......Z3..;.4..1
0010: 03 28 58 40 B6 61 96 44   62 34 4A 52 AF B8 B5 EF  .(X@.a.Db4JR....
0020: 22 3C D6 71 2B 50 00 00   2A C0 09 C0 13 00 2F C0  "<.q+P..*...../.
0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........
0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................
0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...
0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................
0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................
0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................
0090: 0B 00 02 01 00                                     .....
http-bio-8080-exec-2, WRITE: TLSv1 Handshake, length = 149
[Raw write]: length = 154
0000: 16 03 01 00 95 01 00 00   91 03 01 5A 33 84 F7 3B  ...........Z3..;
0010: 16 34 E1 7B 31 03 28 58   40 B6 61 96 44 62 34 4A  .4..1.(X@.a.Db4J
0020: 52 AF B8 B5 EF 22 3C D6   71 2B 50 00 00 2A C0 09  R...."<.q+P..*..
0030: C0 13 00 2F C0 04 C0 0E   00 33 00 32 C0 08 C0 12  .../.....3.2....
0040: 00 0A C0 03 C0 0D 00 16   00 13 C0 07 C0 11 00 05  ................
0050: C0 02 C0 0C 00 04 00 FF   01 00 00 3E 00 0A 00 34  ...........>...4
0060: 00 32 00 17 00 01 00 03   00 13 00 15 00 06 00 07  .2..............
0070: 00 09 00 0A 00 18 00 0B   00 0C 00 19 00 0D 00 0E  ................
0080: 00 0F 00 10 00 11 00 02   00 12 00 04 00 05 00 14  ................
0090: 00 08 00 16 00 0B 00 02   01 00                    ..........
http-bio-8080-exec-2, received EOFException: error
http-bio-8080-exec-2, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
http-bio-8080-exec-2
, SEND TLSv1 ALERT:  
fatal, 
description = handshake_failure
http-bio-8080-exec-2, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28                               ......(
http-bio-8080-exec-2, called closeSocket()
http-bio-8080-exec-2, IOException in getSession():  javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
http-bio-8080-exec-2, called close()
http-bio-8080-exec-2, called closeInternal(true)
http-bio-8080-exec-2, called close()
http-bio-8080-exec-2, called closeInternal(true)
Exception javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Finalizer, called close()
Finalizer, called closeInternal(true)

1 个答案:

答案 0 :(得分:1)

证书链的根证书已添加到Java 8u51的默认信任库中。

您必须执行以下任务的一个

  • 使用新的Java版本,至少8u51
  • 允许客户端中的不受信任的证书
  • 将该特定证书添加为可信证书
  • 将根证书添加为受信任的根证书
相关问题
最新问题