向https地址发送请求失败报错

于 2024-06-12 11:27:41 发布
阅读量463 收藏 3
点赞数 8
分类专栏: 随笔 文章标签: https 网络协议 http
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/LB_bei/article/details/139619402
版权

错误1:

10:13:47.520 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
10:13:47.523 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Shutdown connection
10:13:47.523 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection discarded
10:13:47.523 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://223.108.104.37:8180][total available: 0; route allocated: 0 of 2; total allocated: 0 of 20]
10:13:47.524 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager is shutting down
10:13:47.524 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager shut down
Exception in thread "main" javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
	at sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:171)
	at sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:106)
	at sun.security.ssl.TransportContext.kickstart(TransportContext.java:245)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:410)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:389)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
  • SSLHandshakeException 异常:我这边是使用的协议TLSv1版本太低,换一个就行
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
                    sslcontext,
                    new String[]{"TLSv1.2"},  // 使用 TLSv1.2 协议
                    null,
                    NoopHostnameVerifier.INSTANCE);

错误2:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:377)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:315)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367)
	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376)
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:479)
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:457)
	at sun.security.ssl.TransportContext.dispatch(TransportContext.java:200)
	at sun.security.ssl.SSLTransport.decode(SSLTransport.java:155)
	at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1320)
	at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1233)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:417)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:389)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
	at com.waterapidemo.util.HttpPostUtil.sslRequest(HttpPostUtil.java:108)
	at com.waterapidemo.util.HttpPostUtil.main(HttpPostUtil.java:74)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
	at sun.security.validator.Validator.validate(Validator.java:271)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:636)
	... 25 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
  • ​JVM默认信任证书不包含该目标网站的SSL证书,导致无法建立有效的信任链接。

keytool -importcert -alias xxx.xxx.xxx.xxx -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -file xxxxx.cert 

 解决办法:

1.获取服务器的证书

package com.waterapidemo.util;

import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class FetchServerCert {

    private static final String SERVER_HOST = "xxxxxxxxx";
    private static final int SERVER_PORT = xxxx;
    private static final String CERT_FILE = "X:\\xxx\\server-cert.cer";

    public static void main(String[] args) {
        try {
            // Step 1: Set up a TrustManager that accepts all certificates
            TrustManager[] trustAllCerts = new TrustManager[]{
                    new X509TrustManager() {
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return null;
                        }
                        public void checkClientTrusted(
                                java.security.cert.X509Certificate[] certs, String authType) {
                        }
                        public void checkServerTrusted(
                                java.security.cert.X509Certificate[] certs, String authType) {
                        }
                    }
            };

            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
            SSLSocketFactory factory = sslContext.getSocketFactory();

            // Step 2: Connect to the server and retrieve the server certificate
            try (SSLSocket socket = (SSLSocket) factory.createSocket(SERVER_HOST, SERVER_PORT)) {
                socket.startHandshake();
                Certificate[] serverCerts = socket.getSession().getPeerCertificates();

                // Step 3: Save the first server certificate to a file
                try (FileOutputStream fos = new FileOutputStream(CERT_FILE)) {
                    fos.write(serverCerts[0].getEncoded());
                }

                System.out.println("Server certificate saved to " + CERT_FILE);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
  • 定义一个自定义的 TrustManager,它将接受所有证书

2.将证书导入JVM信任库

package com.waterapidemo.util;

import java.io.*;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

public class ImportServerCert {

    private static final String CERT_FILE = "X:\\xxx\\server-cert.cer";
    private static final String TRUSTSTORE_PATH = "X:\\xxx\\truststore.jks";
    private static final String TRUSTSTORE_PASSWORD = "changeit";

    public static void main(String[] args) {
        try {
            // Load the server certificate from the file
            Certificate serverCert = loadCertificate(CERT_FILE);

            // Create a truststore and add the server certificate to it
            KeyStore trustStore = createTrustStore(serverCert, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD);

            // Save the truststore to a file
            try (FileOutputStream fos = new FileOutputStream(TRUSTSTORE_PATH)) {
                trustStore.store(fos, TRUSTSTORE_PASSWORD.toCharArray());
                System.out.println("Truststore created and saved to " + TRUSTSTORE_PATH);
            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private static Certificate loadCertificate(String certFilePath) throws Exception {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        try (FileInputStream fis = new FileInputStream(certFilePath)) {
            return cf.generateCertificate(fis);
        }
    }

    private static KeyStore createTrustStore(Certificate cert, String trustStorePath, String trustStorePassword) throws Exception {
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(null, null); // Initialize the empty truststore
        String alias = "server-cert";
        trustStore.setCertificateEntry(alias, cert);
        return trustStore;
    }
}

3.请求的时候携带好证书就可以了

    public static String sslRequest(String url, String params, String token) throws Exception {
        String results;

        // Load client certificate
        KeyStore keyStore = KeyStore.getInstance("xxxx");
        try (FileInputStream keyStoreStream = new FileInputStream(PATH)) {
            keyStore.load(keyStoreStream, PASSWORD.toCharArray());
        }

        // Load truststore containing server certificate
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        try (FileInputStream trustStoreStream = new FileInputStream(TRUSTSTORE_PATH)) {
            trustStore.load(trustStoreStream, TRUSTSTORE_PASSWORD.toCharArray());
        }

        // Set up SSL context with client certificate and truststore
        SSLContext sslContext = SSLContexts.custom()
                .loadKeyMaterial(keyStore, PASSWORD.toCharArray())
                .loadTrustMaterial(trustStore, null)
                .build();

        // Create SSL connection factory
        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);

        // Create HTTP client with custom SSL context
        try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build()) {
            // Create HTTP POST request
            HttpPost httpPost = new HttpPost(url);
            httpPost.setHeader("FROM", token);
            httpPost.setEntity(new StringEntity(params, "UTF-8"));

            // Execute request
            try (CloseableHttpResponse response = httpClient.execute(httpPost)) {
                HttpEntity entity = response.getEntity();
                results = EntityUtils.toString(entity, "UTF-8");
                EntityUtils.consume(entity);
            }
        }

        return results;
    }

LB_bei
关注
  • 8
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Apache HttpClient 超时时间区别与验证
菜鸟日常
08-06 2202
概述 HttpClient 有 3 个超时时间设置,通过配置 RequestConfig 即可配置请求的超时时间,各个参数的作用如下: connectTimeout:请求连接超时时间,超时会抛出 org.apache.http.conn.ConnectTimeoutException: Connect to 127.0.0.1:8083 [/127.0.0.1] failed: connect timed out异常。例如请求本地不存在的一个服务:http://127.0.0.1:8083 soc
main方法运行httpclient巨多日志
JackHarbor的博客
03-13 2385
如果本地使用httpclient调用一些接口,会产生巨多的日志 public static void main(String[] args) throws Exception { HttpUtil.doGet("https://www.baidu.com"); } [main] DEBUG org.apache.http.client.protocol.RequestAdd...
使用HttpClient请求超时- I/O exception (java.net.SocketException) caught when processing request: 连接超时
weixin_43831997的博客
11-05 1万+
这里写自定义目录标题背景问题排查项目场景:问题描述:原因分析:解决方案:功能快捷键合理的创建标题,有助于目录的生成如何改变文本的样式插入链接与图片如何插入一段漂亮的代码片生成一个适合你的列表创建一个表格设定内容居中、居左、居右SmartyPants创建一个自定义列表如何创建一个注脚注释也是必不可少的KaTeX数学公式新的甘特图功能,丰富你的文章UML 图表FLowchart流程图导出与导入导出导入 背景 问题排查 首先排查这个报错是建立链接报错,不是被调用方等待超时或者被调用方服务扛不住。 看日志发现首次发
22 使用httpClient发送get请求
weixin_39563769的博客
07-09 3808
httpclient
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.setValidateAfterInactivity(I)V 错误的解决办法
Spring Boot-Common On With You
08-21 1万+
问题概述 根据要求对Solr进行升级,各个配置升级改操到位后,启动项目时,单元测试模块不通过,导致项目一直无法启动,错误信息:“org.apache.http.impl.conn.PoolingHttpClientConnectionManager.setValidateAfterInactivity(I)V ” 升级的服务版本如下图所示: 部分截图如下: ...
Apache httpCient 连接池使用情况查看
ywtech的博客
10-11 862
在springboot项目中使用 resetemplate 集成HttpClient 连接池使用状态。如何知道目前连接池是否满负荷。springboot。
RestTemplate请求失败自动重试机制.docx
06-26
"RestTemplate请求失败自动重试机制"就是一个解决这个问题的策略。在上一节中,我们学习了如何自定义RestTemplate的异常处理,但那并不适用于自动重试。本节我们将探讨如何利用Spring Retry库来实现RestTemplate的...
解决vue请求接口第一次成功,第二次失败问题
10-14
其次,Vue中使用axios发送请求时,对于非简单请求(比如POST、PUT等),浏览器会先发送一个OPTIONS预请求来询问服务器是否接受跨域。如果你的后端不处理OPTIONS请求,或者返回了错误的状态码,那么可能导致第二次...
关于python的bottle框架跨域请求报错问题的处理方法
09-21
然而,问题在于,即使添加了这个钩子,浏览器可能仍然无法看到添加的头部,导致跨域请求失败。这可能是因为Bottle框架的内部处理机制导致头部未正确添加到HTTP响应中。 作者在描述中提到,通过调试和查看Bottle源码...
解决vue2中使用axios http请求出现的问题
11-30
遵循这些步骤,通常可以解决大部分POST请求失败或数据传递异常的问题。在进行前后端通信时,了解和正确设置HTTP请求头以及数据格式是非常关键的,它直接影响到数据交换的顺利进行。在实际开发中,还需要考虑其他因素...
一次SocketException:Connection reset 异常排查
weixin_30662539的博客
03-29 3060
问题描述 上一期的需求上线之后,线上多了一个异常:Connection reset。如下: [2017-03-22 00:45:00 ERROR] [creativeAuditTaskScheduler_Worker-9] (cn.com.ServiceImpl:169) - getAuditResult exception, call adx api failed. msg:I/O error ...
Tomcat 7 HTTP 连接器(一)
yydcj的专栏
01-12 2905
0摘要 本文尝试翻译Tomcat官方文档Apache Tomcat 7连接器相关信息。 1 介绍 HTTP 连接器元素代表了支持HTTP/1.1协议的连接器组件,使Catalina成为一个能够执行servlet和JSP页面的独立的Web服务器。一个HTTP 连接器组件的实例监听服务器上一个特定的TCP端口号上的连接。一个或多个这样的连接器可以配置成一个单一Service的一部分,每个转发到相
HTTP长连接、短连接使用及测试
zhaohongyan6的博客
04-27 3704
使用设置 这里的设置,我们都以HTTP1.1协议为例子。 设置HTTP短连接 在首部字段中设置Connection:close,则在一次请求/响应之后,就会关闭连接。 设置HTTP长连接,有过期时间 在首部字段中设置Connection:keep-alive 和Keep-Alive: timeout=60,表明连接建立之后,空闲时间超过60秒之后,就会失效。如果在
一场HttpClient调用未关闭流引发的问题
热门推荐
石臻臻的杂货铺(szzdzhp001)
10-18 1万+
最近生产环境出现了一个问题,就是Job服务日志好端端的不打印日志了,服务也没有挂, 现在将此次问题解决过程记录下来~ 问题描述 生产环境有一台Job服务器,是专门用来跑所有定时任务的,然后有一天发现定时任务好像没有执行,所以上Job服务器查看日志,结果发现的情况是: 最后打印的是昨天晚上九点半的,到我看的时候就一直没有日志,没有日志就没有执行Job;当时为了快速解决问题就重启了服务器,Job...
java调用第三方短信接口 本地能发送短信,服务器却发不了,直到超时
王冬冬
01-14 4285
先看看错误日志 2019-01-11 09:21:32,242 INFO [pool-3-thread-1] com.ejavashop.core.sms.xfbsms.utils.LoggerUtil.info(45) -- Fri Jan 11 09:21:32 CST 2019 sendTemplateSMS url = https://sandboxapp.cloopen.com:8883...
Http请求连接池 - HttpClient 的 PoolingHttpClientConnectionManager
weixin_33701294的博客
12-18 1692
两个主机建立连接的过程是很复杂的一个过程,涉及到多个数据包的交换,并且也很耗时间。Http连接需要的三次握手开销很大,这一开销对于比较小的http消息来说更大。但是如果我们直接使用已经建立好的http连接,这样花费就比较小,吞吐率更大。 传统的HttpURLConnection并不支持连接池,如果要实现连接池的机制,还需要自己来管理连...
python发送request请求证书报错
最新发布
03-31
如果在使用 Python 发送 request 请求时出现证书错误,可以尝试以下解决方法: 1. 禁用证书验证 在发送请求时,可以设置 verify 参数为 False,来禁用证书验证: ``` import requests response = requests.get(url, verify=False) ``` 但是这种方法会降低安全性,不建议在正式环境中使用。 2. 添加证书路径 将证书文件添加到 Python 环境中,然后在发送请求时指定证书路径: ``` import requests response = requests.get(url, cert=('path/to/cert.pem', 'path/to/key.pem')) ``` 其中,cert 参数需要传入证书文件路径和密钥文件路径。 3. 更新证书文件 如果证书文件已经过期或不再受信任,可以更新证书文件。可以从证书颁发机构或网站管理员处获取新证书文件并替换旧文件。 4. 更新 OpenSSL 版本 如果 OpenSSL 版本过低,也可能导致证书验证失败。可以尝试升级 OpenSSL 版本,或者使用其他 SSL 库,如 pyOpenSSL。 以上是一些常见的解决方法,如果问题仍然存在,可以查看具体的错误信息,或者联系证书颁发机构或网站管理员寻求帮助。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值