一、出现原因
使用HttpClient通过代理服务器发送https请求时发生
- 异常信息:
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90)
at sun.security.validator.Validator.getInstance(Validator.java:179)
at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:969)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:904)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
... 86 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)
... 98 more
-
原因
证书缺失
二、解决办法
-
在使用HttpClient进行https请求时绕过SSL认证
在构建代理服务器httpClient实例时绕过SSL证书认证
private CloseableHttpClient setProxy(HttpRequestBase http, String proxyIp, int proxyPort) { //绕过ssl认证 SSLContext sslContext = null; try { sslContext = SSLContextBuilder.create().loadTrustMaterial(null, new TrustStrategy() { @Override public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { return true; } }).build(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } // 创建httpClient实例 CloseableHttpClient httpClient =HttpClientBuilder.create().setSSLContext(sslContext). setSSLHostnameVerifier(new NoopHostnameVerifier()).build();; //设置代理IP、端口 HttpHost proxy = new HttpHost(proxyIp, proxyPort, "http"); //也可以设置超时时间 RequestConfig requestConfig = RequestConfig.custom().setProxy(proxy).setConnectTimeout(3000).setSocketTimeout(3000).setConnectionRequestTimeout(3000).build(); RequestConfig requestConfig = RequestConfig.custom().setProxy(proxy).build(); http.setConfig(requestConfig); return httpClient; }
以Get方法为例
public JSONObject doGet(String url, Map<String, String> params) throws IOException { // 创建httpget实例 HttpGet httpGet = new HttpGet(getUrl(url, params)); CloseableHttpClient client = setProxy(httpGet, this.proxyIp, this.proxyPort); //设置请求头消息 httpGet.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"); // 执行http get请求 也可以使用psot CloseableHttpResponse response = null; response = client.execute(httpGet); // 获取返回实体 JSONObject resultJson = new JSONObject(); if (response != null) { HttpEntity entity = response.getEntity(); if (entity != null) { resultJson = JSONObject.parseObject(EntityUtils.toString(entity, "utf-8")); } } //关闭response response.close(); client.close(); //关闭httpClient return resultJson; }
-
其他解决办法
https://blog.csdn.net/qq_33382113/article/details/78643373