Java 信任所有SSL证书(解决PKIX path building failed问题)

最新推荐文章于 2024-06-28 11:21:17 发布

Harry小哥哥

最新推荐文章于 2024-06-28 11:21:17 发布

阅读量1.8k

点赞数 2

分类专栏：错误记录文章标签： java ssl html5

本文链接：https://blog.csdn.net/wutian842929/article/details/120821284

版权

错误记录专栏收录该内容

4 篇文章 0 订阅

订阅专栏

这篇博客介绍了如何处理Java中遇到的`SSLHandshakeException`，主要是由于证书验证失败导致的问题。作者提供了两种解决方案：一是将证书导入本地证书库，二是通过自定义`TrustManager`信任所有SSL证书。文中给出了详细的代码示例，演示了如何在请求HTTPS连接前忽略证书验证，以简化开发过程。

摘要由CSDN通过智能技术生成

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
   at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
   at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
   at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
   at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
   at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
   at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)
   at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
   at SslTest.getRequest(SslTest.java:16)
   at SslTest.main(SslTest.java:40)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
   at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:230)
   at sun.security.validator.Validator.validate(Validator.java:260)
   at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
   at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
   at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
   ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
   at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
   at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
   ... 19 more
在网上找了好多办法，都未曾解决

其中的解决办法：

1、导入证书到本地证书库

2、信任所有SSL证书

最好的解决办法或许是信任所有SSL证书，因为某些时候不能每次都手动的导入证书非常麻烦。现在封装了个方法，在连接openConnection的时候忽略掉证书就行了。

下面我贴出代码以供大家参考

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.*;

/**
 * @ClassName SslUtils
 * @Description TODO
 * @Author harry
 * @Date 2021/10/18 10:16
 * @Version 1.0.0
 */
public class SslUtils {

    /**
     * 忽略HTTPS请求的SSL证书，必须在openConnection之前调用
     * @throws Exception
     */
    public static void ignoreSsl() throws Exception{
        HostnameVerifier hv = new HostnameVerifier() {
            @Override
            public boolean verify(String urlHostName, SSLSession session) {
                System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
                return true;
            }
        };
        trustAllHttpsCertificates();
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
    }

    private static void trustAllHttpsCertificates() throws Exception {
        TrustManager[] trustAllCerts = new TrustManager[1];
        TrustManager tm = new miTM();
        trustAllCerts[0] = tm;
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    }

    static class miTM implements TrustManager,X509TrustManager {
        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public boolean isServerTrusted(X509Certificate[] certs) {
            return true;
        }
        public boolean isClientTrusted(X509Certificate[] certs) {
            return true;
        }
        @Override
        public void checkServerTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }
        @Override
        public void checkClientTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }
    }
}

            //忽略SSL认证
            SslUtils.ignoreSsl();

在你请求https前进行调用，完美解决。

记得给我点赞哟！

Harry小哥哥

关注

2
点赞
踩
8

收藏

觉得还不错? 一键收藏
0
评论
Java 信任所有SSL证书(解决PKIX path building failed问题)

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert...
复制链接

扫一扫

专栏目录