解决思路:
1. 调用接口前加载导入服务器证书的truststore(启动命令引入或代码里加载),这样只信任这个服务器证书(证书更新后,也不会信任,不推荐)
2. 调用接口前加载导入服务器证书根证书的truststore,这样就会信任这个根证书签发的服务器证书,服务器证书更新也会信任(推荐)
3. 调用接口前忽略证书信任,也就是相当于信任所有证书(不推荐)
4. 调用接口前,获取到服务器证书,然后信任该证书(相当于第3条,但可以在过程中对证书的信息进行自定义验证)
1.2. 思路可使用以下方式:
1. 代码方式:
System.setProperty("javax.net.ssl.keyStore", "d:/client.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStore", "d:/trust.jks"); // 将服务器证书或服务器证书的根证书添加至trust.jks
System.setProperty("javax.net.ssl.trustStorePassword", "123123");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
2. JAVA运行命令中配置:
java -Djavax.net.ssl.keyStore=clientKeys -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=clientTrust -Djavax.net.ssl.trustStorePassword=password
3 思路解决方法:
1. Axis1.x使用方式
1.1 创建类MySocketFactory.java
import org.apache.axis.components.net.JSSESocketFactory;
import javax.net.ssl.*;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
public class MySocketFactory extends JSSESocketFactory {
public MySocketFactory(Hashtable attributes) {
super(attributes);
}
protected void initFactory() throws IOException {
TrustManager[] myTrustManager = new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = null;
try {
sc = SSLContext.getInstance("SSL");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
};
try {
sc.init(null, myTrustManager, new SecureRandom());
} catch (KeyManagementException e) {
e.printStackTrace();
}
sslFactory = sc.getSocketFactory();
}
}
1.2 调用接口之前进行以下axis设置
AxisProperties.setProperty("axis.socketSecureFactory", "MySocketFactory"); //参数为类路径
2. http方式
import javax.net.ssl.*;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public class Test {
public static void main(String[] args) {
try {
URL myURL = new URL("");
TrustManager[] tm = {new MyX509TrustManager()};
SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
sslContext.init(null, tm, new java.security.SecureRandom());
//从上述SSLContext对象中得到SSLSocketFactory对象
SSLSocketFactory ssf = sslContext.getSocketFactory();
//创建HttpsURLConnection对象,并设置其SSLSocketFactory对象
HttpsURLConnection httpsConn = (HttpsURLConnection) myURL.openConnection();
httpsConn.setSSLSocketFactory(ssf);
// 调用接口
} catch (Exception e) {
e.printStackTrace();
}
}
}
class MyX509TrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
public boolean isClientTrusted(X509Certificate[] arg0) {
// TODO Auto-generated method stub
return true;
}
public boolean isServerTrusted(X509Certificate[] arg0) {
// TODO Auto-generated method stub
return true;
}
}