minioJava客户端调https接口报:xxx PKIX path building failed
开启minio的https访问后,下载访问图片用http是可以的,但是上传的时候报:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
网上有一种解决方案是将服务端的ssl证书导入到jdk的证书信任列表中,这种方式试过了,不太可行。感兴趣的同学可自行百度~
下来介绍第二种方式,那就是跟踪minio客户端连接代码的源码,看看是否有对应的方法能绕过ssl验证。
new new MinioClient(xxx);有很多的重载方法,其中有一个可以传入OkHttpClient,通过这个参数我们就可以绕过ssl的验证。具体实现如下所示:
@Bean
public MinioClient getMinioClient() throws InvalidEndpointException, InvalidPortException, KeyManagementException {
OkHttpClient okHttpClient = getUnsafeOkHttpClient();
return new MinioClient(endpoint, port, accessKey, secretKey,null, secure, okHttpClient);
}
public static OkHttpClient getUnsafeOkHttpClient() throws KeyManagementException {
try {
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
}
}
};
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new SecureRandom());
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
//注意这里,OkHttpClient再jdk1.8.0_271版本之后废弃了这个方法 clientBuilder.sslSocketFactory(SSLSocketFactory),故采用如下方式
builder.sslSocketFactory(sslSocketFactory,getX509TrustManager());
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
return builder.build();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return null;
}
public static X509TrustManager getX509TrustManager() {
X509TrustManager trustManager = null;
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
}
trustManager = (X509TrustManager) trustManagers[0];
} catch (Exception e) {
e.printStackTrace();
}
return trustManager;
}