调用webservice https接口报:PKIX path building failed 解决方案

最新推荐文章于 2024-06-12 11:54:10 发布
最新推荐文章于 2024-06-12 11:54:10 发布
阅读量1.5k 收藏 2
点赞数
文章标签: java 开发工具 数据库
原文链接:https://my.oschina.net/90888/blog/1591735
版权

为什么80%的码农都做不了架构师?>>>   hot3.png

一套很老的axis2调用webservice的https接口报,如下错误:
分析:这是由于客户端证书校验失败的提示,那么如何避免证书的校验呢,这里我们采用了信任所有证书来避免校验,进而正常调用webservice的https接口。

org.apache.axis2.AxisFault: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at org.apache.axis2.AxisFault.makeFault(AxisFault.java:417)
	at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:72)
	at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84)
	at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:495)
	at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
	at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
	at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:520)
	at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:191)
	at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77)
	at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:327)
	at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:206)
	at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:396)
	at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:374)
	at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
	at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)

解决方案:

public UMessageTransporterDAOImpl(UserToken user, String serviceUrl) throws UMessageTransportException {
		this.user = user;
		try {
			
			stub = new ExchangeTransportServiceStub(serviceUrl); 
			stub2 = new ExchangeTransportServiceStub2(serviceUrl); 
			
			//zjw 2017-12-16
			//********************免证书验证**********************//
			URL url = null;
			try {
				url = new URL(serviceUrl);
				if(url!=null){
					if(url.getProtocol().equalsIgnoreCase("https")){
						MySSLTrustManager.trustAllCertsBySSL(stub);
						MySSLTrustManager.trustAllCertsBySSL(stub2);
					}
				}
			} catch (MalformedURLException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			}
			//**************************************************//
		} catch (AxisFault e) {
			throw new UMessageTransportException("Create client error.", e);
		}

	}
import java.io.IOException;  
import java.net.InetAddress;  
import java.net.InetSocketAddress;  
import java.net.Socket;  
import java.net.SocketAddress;  
import java.net.UnknownHostException;  
import java.security.KeyManagementException;  
import java.security.NoSuchAlgorithmException;  
import java.security.cert.CertificateException;  
import java.security.cert.X509Certificate;  
  
import javax.net.SocketFactory;  
import javax.net.ssl.SSLContext;  
import javax.net.ssl.TrustManager;  
import javax.net.ssl.X509TrustManager;  
  
import org.apache.commons.httpclient.ConnectTimeoutException;  
import org.apache.commons.httpclient.params.HttpConnectionParams;  
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;  
  
  
  
/** 
 * @author zjw 
 * @describes 
 * @date 2017-12-16
 */  
public class MySSLProtocolSocketFactory implements ProtocolSocketFactory {  
  
  private SSLContext sslcontext = null;   
   
  private SSLContext createSSLContext() {   
      SSLContext sslcontext=null;   
      try {   
          sslcontext = SSLContext.getInstance("SSL");   
          sslcontext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new java.security.SecureRandom());   
      } catch (NoSuchAlgorithmException e) {   
          e.printStackTrace();   
      } catch (KeyManagementException e) {   
          e.printStackTrace();   
      }   
      return sslcontext;   
  }   
   
  private SSLContext getSSLContext() {   
      if (this.sslcontext == null) {   
          this.sslcontext = createSSLContext();   
      }   
      return this.sslcontext;   
  }   
   
  public Socket createSocket(Socket socket, String host, int port, boolean autoClose)   
          throws IOException, UnknownHostException {   
      return getSSLContext().getSocketFactory().createSocket(   
              socket,   
              host,   
              port,   
              autoClose   
          );   
  }   
  
  public Socket createSocket(String host, int port) throws IOException,   
          UnknownHostException {   
      return getSSLContext().getSocketFactory().createSocket(   
              host,   
              port   
          );   
  }   
   
   
  public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort)   
          throws IOException, UnknownHostException {   
      return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);   
  }   
  
  public Socket createSocket(String host, int port, InetAddress localAddress,   
          int localPort, HttpConnectionParams params) throws IOException,   
          UnknownHostException, ConnectTimeoutException {   
      if (params == null) {   
          throw new IllegalArgumentException("Parameters may not be null");   
      }   
      int timeout = params.getConnectionTimeout();   
      SocketFactory socketfactory = getSSLContext().getSocketFactory();   
      if (timeout == 0) {   
          return socketfactory.createSocket(host, port, localAddress, localPort);   
      } else {   
          Socket socket = socketfactory.createSocket();   
          SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);   
          SocketAddress remoteaddr = new InetSocketAddress(host, port);   
          socket.bind(localaddr);   
          socket.connect(remoteaddr, timeout);   
          return socket;   
      }   
  }   
   
  //自定义私有类   
  private static class TrustAnyTrustManager implements X509TrustManager {   
      
      public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {   
      }   
  
      public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {   
      }   
  
      public X509Certificate[] getAcceptedIssuers() {   
          return new X509Certificate[]{};   
      }   
  } 
  
  
} 
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;

import com.wondersgroup.cuteinfo.client.exchangeserver.exchangetransport.stub.ExchangeTransportServiceStub;
import com.wondersgroup.cuteinfo.client.exchangeserver.exchangetransport.stub2.ExchangeTransportServiceStub2;
import com.wondersgroup.cuteinfo.client.exchangeserver.transport.stub.MessageTransportServiceStub;

public class MySSLTrustManager {

	/**
	 * @author zjw 
	 * @descibes https 免证书验证
	 * @date 2017-12-16
	 */
	public static void trustAllCertsBySSL(MessageTransportServiceStub stu) {
		TrustManager[] trustAllCerts = new TrustManager[1];  
	    TrustManager tm = new MyTM();  
	    trustAllCerts[0] = tm;  
	    SSLContext sslctx;
		try {
			sslctx = SSLContext.getInstance("SSL");
			sslctx.init(null, trustAllCerts, null);  
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (KeyManagementException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}  
		stu._getServiceClient().getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
			    new Protocol("https",(ProtocolSocketFactory)new MySSLProtocolSocketFactory(),443));
	}
	
	/**
	 * @author zjw 2017-12-16
	 * @descibers https 免证书验证
	 */
	public static void trustAllCertsBySSL(ExchangeTransportServiceStub stu) {
		TrustManager[] trustAllCerts = new TrustManager[1];  
		TrustManager tm = new MyTM();  
		trustAllCerts[0] = tm;  
		SSLContext sslctx;
		try {
			sslctx = SSLContext.getInstance("SSL");
			sslctx.init(null, trustAllCerts, null);  
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (KeyManagementException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}  
		stu._getServiceClient().getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
				new Protocol("https",(ProtocolSocketFactory)new MySSLProtocolSocketFactory(),443));
	}
	
	/**
	 * @author zjw 2017-12-16
	 * @descibers https 免证书验证
	 */
	public static void trustAllCertsBySSL(ExchangeTransportServiceStub2 stu) {
		TrustManager[] trustAllCerts = new TrustManager[1];  
		TrustManager tm = new MyTM();  
		trustAllCerts[0] = tm;  
		SSLContext sslctx;
		try {
			sslctx = SSLContext.getInstance("SSL");
			sslctx.init(null, trustAllCerts, null);  
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (KeyManagementException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}  
		stu._getServiceClient().getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
				new Protocol("https",(ProtocolSocketFactory)new MySSLProtocolSocketFactory(),443));
	}
	
	static class MyTM implements TrustManager,X509TrustManager {  
	    public X509Certificate[] getAcceptedIssuers() {  
	        return null;  
	    }  
	  
	    public boolean isServerTrusted(X509Certificate[] certs) {  
	        return true;  
	    }  
	  
	    public boolean isClientTrusted(X509Certificate[] certs) {  
	        return true;  
	    }  
	  
	    public void checkServerTrusted(X509Certificate[] certs, String authType)  
	            throws CertificateException {  
	        return;  
	    }  
	  
	    public void checkClientTrusted(X509Certificate[] certs, String authType)  
	            throws CertificateException {  
	        return;  
	    }  
	}

}

 

关于自签名SSL证书

所谓自签名证书,就是自己颁发给自己的证书 ,所以颁证的主体是不可信任的 
自签证书是不会被浏览器信任的证书的,用户在访问自签证书时,浏览器会警告用户此证书不受信任,需要人工确认是否信任此证书。

既然自签证书是不可信任的,那为何还有人包括12306也在用自签证书呢? 
主要原因是: 
1)自签证书是免费的 
2)自签证书相对申请CA证书,流程更简单 
3)自签证书同样可以对数据进行加密 
4)自签证书的有效期可以设置很长,免去续签的麻烦 
5)自签证书更方便测试,比如说你想生成多少个不同服务器ip的都可以 
所以对于一些个人开发者来说使用自签证书可能会更方便,只要你能接受别人浏览你网站时弹出的提醒:不安全
 

自签名SSL证书的生成

自签证书虽然提示:不安全。但还是有很多上面已提到的好处,所以下面先说说自签证书的生成,主要使用Java JDK下的:keytool.exe 
1:先下载安装Java JDK:http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html 
2:安装完后,根据实际的路径找到keytool.exe,如我的在此路径:C:\Program Files (x86)\Java\jdk1.8.0_101\bin\keytool.exe

3:生成keystore。打开命令行(cmd),去到keytool所在的路径,运行:

keytool -genkey -alias tomcat  -storetype PKCS12 -keyalg RSA -keysize 2048  -keystore d:\mykeystore\keystore.p12 -validity 3650  -ext san=ip:192.168.100.132 -dname "CN=garyyan, OU=mycompany, O=mycompany, L=gd, ST=gd, C=china"

此命令中间只需要输入密码,就能生成keystore,假设密码是:123456 
其中: 
1)keystore可理解为一个数据库,可以存很多个组数据。 
每组数据主要包含下面两种数据: 
a:密钥实体(Key entity)——密钥(secret key)又或者是私钥和配对公钥(采用非对称加密) 
b:可信任的证书实体(trusted certificate entries)——只包含公钥 
2)-keystore d:\mykeystore\keystore.p12,指定在d:\mykeystore(先要手动创建此文件夹),生成keystore:keystore.p12 
3)-alias tomcat,为其指明在keystore中的唯一的别名:tomcat ,因为keystore中可能还存有其它的别名,如:tomcat 2 
4)-storetype PKCS12指明密钥仓库类型是PKCS12 
5)-keyalg RSA,指定加密算法,本例中的采用通用的RAS加密算法 
6)-keysize 2048指定密钥的长度为2048 
7)-validity 3650 指定证书的有效期为3650天 
8)-ext san=ip:192.168.100.132请根据你的服务器的IP地址设置,如果不进行设置,客户端在访问的时候可能会报错 
9)-dname “CN=garyyan, OU=mycompany,O=mycompany,L=gd, ST=gd, C=china” 
其中:”CN=(名字与姓氏), OU=(组织单位名称), O=(组织名称), L=(城市或区域名称), ST=(州或省份名称), C=(单位的两字母国家代码)”,我在测试的过程中发现随便填就行

4:导出公钥证书(主要用于客户端): 
运行命令:

keytool -export -keystore d:\mykeystore\keystore.p12 -alias tomcat -file mycer.cer -storepass 123456

其中: 
1)-keystore d:\mykeystore\keystore.p12 是指上面的keystore文件 
2)-alias tomcat是指定别名为tomcat的那一组 
3)-file mycer.cer指定在当前目录生成名为mycer.cer的证书 
4)-storepass 123456是上面生成keystore 所用的密码
 

--END--

转载于:https://my.oschina.net/90888/blog/1591735

weixin_34221775
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
java 调用axis2 ssl,axis2调用webservice https接口PKIX path building failed 解决方案
weixin_28997879的博客
03-11 727
一套很老的axis2调用webservicehttps接口,如下错误:分析:这是由于客户端证书校验失败的提示,那么如何避免证书的校验呢,这里我们采用了信任所有证书来避免校验,进而正常调用webservicehttps接口。org.apache.axis2.AxisFault: sun.security.validator.ValidatorException: PKIX path build...
错sun.security.validator.ValidatorException: PKIX path building failed
sinat_19917631的博客
03-31 1069
在执行webservice的过程中,出现如下异常: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unabl...
关于调用第三方https接口的错误
汪汪汪汪吁的博客
06-24 2006
问题背景:在一个卫健局的app上有一个告单查询,要求新增一个返显用户姓名以及手机号(不需要用户手动输入了,旨在方便用户)。根据app传过来的token,调用他们的接口,获取用户信息并返显(一个简单到不能再简单的功能)。做完了之后并上线了,直到昨天,发现线上功能了500. 错信息如下: [23:14:09:981] [ERROR] - cn.ucmed.common.core.exception.RRExceptionHandler.handleException(RRExceptionHandle
如何完美解决 sun.security.validator.ValidatorException: PKIX path building failed
最新发布
猫头虎:授渔优于赠鱼,兴趣引领智慧,探索之乐尤显珍贵。商务合作:Libin9iOak,共赴知识与乐趣的探索之旅!
06-12 1万+
在Java开发中,遇到错误时,可能会让许多开发者感到困惑。本文将详细介绍如何解决此问题,包括背景介绍、解决方案和代码示例。关键词:PKIX path building failed, ValidatorException, SSLHandshakeException, Java证书验证问题, SunCertPathBuilderException。解决此问题的关键在于确保Java程序能够找到并信任目标服务器的SSL证书。导入目标服务器的证书到Java的信任库(truststore)。
PKIX path building failed 的问题
iteye_18106的博客
11-03 1237
在执行webservice的过程中,出现如下异常: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: un...
解决调用第三方APIsun.security.validator.ValidatorException: PKIX path building failed: sun.security.provid
weixin_39643007的博客
06-20 1万+
1.最近在调用第三方API遇到证书验证问题 postman调用和用RestTemplate分别错如下: 2.经过查询资料 是https,需要安装证书,但是自定义的证书貌似得不到信任,所以PKIX path building failed 解决办法分别如下:postman解决方法如下: 3.再次用postman调用 就可以了 : 4.用RestTemplate调用 忽略SSL证书验证即可 代码如下: public sta...
分析解决 PKIX path building failed 的问题
dream317
10-28 6027
1、现象 调用https接口如下错误: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 2、原因 这是缺少安全证书时出现的异常,解决方案就是将你要访问的 请求地...
C#调用webservice接口的最新方法教程
08-28
在C#中调用Web Service接口是常见的任务,特别是在构建分布式系统或跨平台应用程序时。Web Service允许不同系统间的数据交换,实现不同编程语言和操作系统之间的互操作性。本教程将详细讲解C#调用Web Service接口的...
c# 三种方法调用WebService接口
08-18
主要介绍了c# 三种方法调用WebService接口的相关资料,文中示例代码非常详细,帮助大家更好的理解和学习,感兴趣的朋友可以了解下
python调用webservice接口的实现
09-19
Python调用WebService接口是一种常见的数据交互方式,尤其在分布式系统和跨平台通信中。WebService接口通常基于SOAP(Simple Object Access Protocol)协议,提供了一种标准化的方式来交换结构化信息。在Python中,...
https接口调用错sun.security.validator.ValidatorException: PKIX path building failed
qq_41875147的博客
08-22 531
今天在调用第三方接口的时候错:sun.security.validator.ValidatorException: PKIX path building failed之前http接口未出现这个问题,发现https错了,缺少安全证书.参考网上资料解决如下: 运行下面main方法,然后控制台输入1,回车,会在InstallCert.java所在项目的根目录下生成一个名为‘jssecacerts’...
spring cloud项目 用restTemplate 访问第三方https接口错:ValidatorException: PKIX path building failed:
一切皆有可能
11-22 2010
/O error on POST request for "https://gateway.xxx.com/yao/user/login": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested ta
解决远程调用三方接口:javax.net.ssl.SSLHandshakeException
qq_38031730的博客
05-08 1万+
最近在对接腾讯会议API接口,在鉴权完成后开始调用对方的接口,在此过程中出现调用错:javax.net.ssl.SSLHandshakeException。
webservice接口调用安全证书
just love code
05-22 1584
最近在在调用webservice接口,对方的协议是https、自然也就出现了安全证书的问题: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at su
Jsoup爬取缺少安全证书异常
qq_42897733的博客
05-21 795
项目场景: 抓取https网站数据失败 问题描述: 出现异常: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested t
最全解决 PKIX问题方案:sun.security.validator.ValidatorException: PKIX path building failed:
热门推荐
qq_43163943的博客
11-04 6万+
这个问题的根本原因是你安装JDK时,Java\jar 1.8.0_141\lib\ext\里面缺少了一个安全凭证jssecacerts证书文件,通过运行下面类可以生成证书,将生成的证书放在Java\jar 1.8.0_141\lib\ext\这个目录下,重启编译器就可以解决。 我只能说这个方法应该是解决大部分的问题吧,对于我电脑这种顽强的bug,需要通过两种方法的结合才可以从根本上解决这个问题,废话不多说,看我的解决步骤。 1、先检查你的jdk...
HTTPS连接时出现PKIX path building failed解决方法
lihuifen2011的博客
07-21 4883
一、HTTPS连接时出现PKIX path building failed问题 原因:网站进行HTTPS连接时网站根证书出错而的错 解决方法: 第一种方法:进行安全证书的下载及导入-----------传统办法,优点是安全性高,缺点是网站若更换证书,还得重新下载和导入,不够灵活 第二种方法:进行无信任证书连接,自己实现对网站证书的免验证通过-----------另辟蹊径,优点是灵...
使用HttpPost调用https接口出现 PKIX path building failed 问题解决
TWJ88936543的博客
07-27 992
就可以避免出现问题。
java访问https
lpping90的专栏
09-15 485
转载:https://www.jianshu.com/p/91957f08d9ec 问题如题,参考备份 1,SslUtils import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.s
调用webservice https接口调用时如何加入私钥
03-22
调用webservice https接口时,可以通过在请求头中加入私钥来进行身份验证。具体的实现方式可以根据不同的编程语言和框架来进行调整,但一般来说,可以使用类似于以下的代码来实现: ``` import requests import hashlib # 构造请求参数 params = { 'param1': 'value1', 'param2': 'value2', # ... } # 生成签名 private_key = 'your_private_key' sorted_params = sorted(params.items(), key=lambda x: x[0]) sign_str = ''.join([f'{k}={v}' for k, v in sorted_params]) + private_key sign = hashlib.md5(sign_str.encode('utf-8')).hexdigest() # 构造请求头 headers = { 'Content-Type': 'application/json', 'Authorization': f'Bearer {sign}', } # 发送请求 response = requests.post('https://your.webservice.url', json=params, headers=headers) ``` 其中,private_key是你的私钥,params是请求参数,sign_str是将请求参数按照字典序排序后拼接起来再加上私钥后进行MD5加密得到的签名,headers中的Authorization字段就是将签名加上Bearer前缀后的结果。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值