使用HttpClient中有关SSL的问题(一)2008-09-02 11:12
最近写的代码涉及到用HttpClient通过SSL读取XML文件,我的编程环境是Windows XP,IDE是Eclipse,JDK1.5,当我完成这个项目,打包成jar包发布时,我用一个批处理文件启动jar包中的一个主程序,并且正确设置了classpath(引用其他jar包),却发现出现了异常,
11:20:13,075 INFO HttpMethodDirector:439 - I/O exception (javax.net.ssl.SSLKeyException) caught when processing request: RSA premaster secret error
11:20:13,075 INFO HttpMethodDirector:445 - Retrying request
11:20:13,200 INFO HttpMethodDirector:439 - I/O exception (javax.net.ssl.SSLKeyException) caught when processing request: RSA premaster secret error
11:20:13,200 INFO HttpMethodDirector:445 - Retrying request
11:20:13,310 INFO HttpMethodDirector:439 - I/O exception (javax.net.ssl.SSLKeyException) caught when processing request: RSA premaster secret error
11:20:13,310 INFO HttpMethodDirector:445 - Retrying request
javax.net.ssl.SSLKeyException: RSA premaster secret error
at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:86)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:515)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:618)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
......
......
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding
at javax.crypto.Cipher.getInstance(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(JsseJce.java:90)
at com.sun.net.ssl.internal.ssl.RSACipher.<init>(RSACipher.java:35)
at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(RSACipher.java:69)
at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:82)
... 23 more
我可以保证我在Eclipse中添加的类库全在classpath下,但是我在Eclipse下开发时它能正常工作,而脱离了Eclipse就无法运行,之前我寻找了各种
方法都不奏效,原因只在于Eclipse:在用Eclipse创建一个新的Java应用程序时,Eclipse会在build path添加$JAVA_HOME/jre/lib/ext目录下的四个jar:dnsns.jar,localedata.jar,sunjce_provider.jar,sunpkcs11.jar。如果你也遇到同样的问题,现在你该明白怎么做了:将这四个包放在classpath下。
使用HttpClient中有关SSL的问题(二)2008-09-02 11:39
上次是在Windows环境下测试,这次要正式部署到Solaris平台,现在问题又出现,同样Java给出异常(我都习惯了):
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
[java] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
[java] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
[java] at sun.security.validator.Validator.validate(Validator.java:218)
[java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
[java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
[java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
[java] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
[java] ... 10 more
[java] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
[java] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
[java] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
[java] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
[java] ... 16 more
解决方法:在浏览器下通过浏览器导出该站点的证书文件,后缀名一般是.cer,用java keytool工具将该证书导入到$JAVA_HOME/jre/lib/security/jssecacerts,它是一个keystore,命令行:keytool -import -alias "my server cert" -file server.cer -keystore $JAVA_HOME/jre/lib/security/jssecacerts,这样就OK了。
最近写的代码涉及到用HttpClient通过SSL读取XML文件,我的编程环境是Windows XP,IDE是Eclipse,JDK1.5,当我完成这个项目,打包成jar包发布时,我用一个批处理文件启动jar包中的一个主程序,并且正确设置了classpath(引用其他jar包),却发现出现了异常,
11:20:13,075 INFO HttpMethodDirector:439 - I/O exception (javax.net.ssl.SSLKeyException) caught when processing request: RSA premaster secret error
11:20:13,075 INFO HttpMethodDirector:445 - Retrying request
11:20:13,200 INFO HttpMethodDirector:439 - I/O exception (javax.net.ssl.SSLKeyException) caught when processing request: RSA premaster secret error
11:20:13,200 INFO HttpMethodDirector:445 - Retrying request
11:20:13,310 INFO HttpMethodDirector:439 - I/O exception (javax.net.ssl.SSLKeyException) caught when processing request: RSA premaster secret error
11:20:13,310 INFO HttpMethodDirector:445 - Retrying request
javax.net.ssl.SSLKeyException: RSA premaster secret error
at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:86)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:515)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:618)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
......
......
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding
at javax.crypto.Cipher.getInstance(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(JsseJce.java:90)
at com.sun.net.ssl.internal.ssl.RSACipher.<init>(RSACipher.java:35)
at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(RSACipher.java:69)
at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:82)
... 23 more
我可以保证我在Eclipse中添加的类库全在classpath下,但是我在Eclipse下开发时它能正常工作,而脱离了Eclipse就无法运行,之前我寻找了各种
方法都不奏效,原因只在于Eclipse:在用Eclipse创建一个新的Java应用程序时,Eclipse会在build path添加$JAVA_HOME/jre/lib/ext目录下的四个jar:dnsns.jar,localedata.jar,sunjce_provider.jar,sunpkcs11.jar。如果你也遇到同样的问题,现在你该明白怎么做了:将这四个包放在classpath下。
使用HttpClient中有关SSL的问题(二)2008-09-02 11:39
上次是在Windows环境下测试,这次要正式部署到Solaris平台,现在问题又出现,同样Java给出异常(我都习惯了):
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
[java] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
[java] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
[java] at sun.security.validator.Validator.validate(Validator.java:218)
[java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
[java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
[java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
[java] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
[java] ... 10 more
[java] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
[java] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
[java] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
[java] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
[java] ... 16 more
解决方法:在浏览器下通过浏览器导出该站点的证书文件,后缀名一般是.cer,用java keytool工具将该证书导入到$JAVA_HOME/jre/lib/security/jssecacerts,它是一个keystore,命令行:keytool -import -alias "my server cert" -file server.cer -keystore $JAVA_HOME/jre/lib/security/jssecacerts,这样就OK了。