连接到HTTPS站点时出现SSLHandshakeException

时间:2020-01-13 14:59:24

标签: java certificate sslhandshakeexception jks httpsurlconnection

我正在用Java HttpsURLConnection创建。我从网站下载了证书,并使用此证书创建了文件truststore.jks。我的应用程序是从truststore.jks获取证书并连接到网站。它可以在我的PC上运行。但是在服务器上部署应用程序后,我遇到了这个丑陋的异常:

Cause: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Stack trace:
[sun.security.ssl.Alerts.getSSLException(Unknown Source)
 sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
 sun.security.ssl.Handshaker.fatalSE(Unknown Source)
 sun.security.ssl.Handshaker.fatalSE(Unknown Source)
 sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
 sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
 sun.security.ssl.Handshaker.processLoop(Unknown Source)
 sun.security.ssl.Handshaker.process_record(Unknown Source)
 sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
 sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
 sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)

我正在ConnectionFactory类中创建HttpsURLConnection,并运行connection.getInputStream()方法。

ConnectionFactory.java:

public final class ConnectionFactory {

    public HttpsURLConnection getHttpsURLConnection(URL url, String trustStorePath, String trustStorePassword)
            throws FileTransferWorkerException {
        KeyStore keyStore = loadKeyStore(trustStorePath, trustStorePassword);
        TrustManagerFactory trustManagerFactory = initTrustManagerFactory(keyStore);
        SSLSocketFactory sslSocketFactory = buildSSLSocketFactory(trustManagerFactory);
        return buildConnection(url, sslSocketFactory);
    }

    private KeyStore loadKeyStore(String path, String password) throws FileTransferWorkerException {
        KeyStore keystore;
        try {
            keystore = KeyStore.getInstance("JKS");
        } catch (KeyStoreException e) {
            throw new FileTransferWorkerException(e);
        }

        try (FileInputStream fileInputStream = new FileInputStream(path)) {
            keystore.load(fileInputStream, password.toCharArray());
        } catch (IOException | CertificateException | NoSuchAlgorithmException e) {
            throw new FileTransferWorkerException("Can not load keyStore from " + path, e);
        }

        return keystore;
    }

    private TrustManagerFactory initTrustManagerFactory(KeyStore keyStore) throws FileTransferWorkerException {
        TrustManagerFactory trustManagerFactory;

        try {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        } catch (NoSuchAlgorithmException e) {
            throw new FileTransferWorkerException(e);
        }

        try {
            trustManagerFactory.init(keyStore);
        } catch (KeyStoreException e) {
            throw new FileTransferWorkerException(e);
        }

        return trustManagerFactory;
    }

    private SSLSocketFactory buildSSLSocketFactory(TrustManagerFactory trustManagerFactory) throws FileTransferWorkerException {
        SSLContext sslContext;
        try {
            sslContext = SSLContext.getInstance("TLS");
        } catch (NoSuchAlgorithmException e) {
            throw new FileTransferWorkerException(e);
        }

        try {
            sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
        } catch (KeyManagementException e) {
            throw new FileTransferWorkerException(e);
        }

        return sslContext.getSocketFactory();
    }

    private HttpsURLConnection buildConnection(URL url, SSLSocketFactory sslSocketFactory) throws FileTransferWorkerException {
        HttpsURLConnection connection;

        try {
            connection = (HttpsURLConnection) url.openConnection();
        } catch (IOException e) {
            throw new FileTransferWorkerException("Can not connect to " + url.getPath(), e);
        }

        connection.setSSLSocketFactory(sslSocketFactory);
        return connection;
    }
}

并调用方法:

 private void download(URL url, String trustStorePath, String trustStorePassword, File file)
            throws IOException, FileTransferWorkerException {
        HttpsURLConnection connection = new ConnectionFactory().getHttpsURLConnection(url, trustStorePath, trustStorePassword);
        try (ReadableByteChannel reader = Channels.newChannel(connection.getInputStream()){
            ...
        } finally {
            connection.disconnect();
        }
    }

我需要使用我的truststor.jks文件,而不是cacerts。你有什么想法我做错了吗?帮助。

1 个答案:

答案 0 :(得分:0)

我知道了。我在本地连接到公司的网络,并且拥有他们的证书(由于代理)。但是服务器未使用代理,因此应具有来自端点服务器的真实证书。