WebService系列之Axis Https(SSL)证书校验错误处理方法
WebService系列之Axis Https(SSL)证书校验错误处理方法
SmileNicky
发布于 2020-12-21 10:26:39
发布于 2020-12-21 10:26:39
WebService系列之Axis Https(SSL)证书校验错误处理方法
最近在用Axis调用https的接口,抛出异常:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
异常原因是ssl证书校验失败,因为自己网站是http的,对方公司是https的接口,所以证书校验失败,处理方法是在网上找的一个不错的方法,思路是重写一个不验证证书的SocketFactory,Axis默认SocketFactory,会对server端的证书进行验证,导致验证异常
package com.common.utils.web;
import org.apache.axis.components.net.BooleanHolder;
import org.apache.axis.components.net.JSSESocketFactory;
import org.apache.axis.components.net.SecureSocketFactory;
import javax.net.ssl.*;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.util.Hashtable;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* <pre>
* Axis自定义JSSESocketFactory
* </pre>
*
* <pre>
* @author mazq
* 修改记录
* 修改后版本: 修改人: 修改日期: 2020/12/12 14:44 修改内容:
* </pre>
*/
public class WSTLSSocketSecureFactory extends JSSESocketFactory implements SecureSocketFactory {
public WSTLSSocketSecureFactory(Hashtable attributes) {
super(attributes);
}
@Override
public Socket create(String host, int port, StringBuffer otherHeaders, BooleanHolder useFullURL)
throws Exception{
Socket s = super.create(host, port, otherHeaders, useFullURL);
((SSLSocket)s).setEnabledProtocols(new String[] {"SSLv2Hello", "SSLv3", "TLSv1"});
return s;
}
@Override
protected void initFactory() throws IOException {
SSLContext context = null;
try {
context = getContext();
} catch (Exception e) {
e.printStackTrace();
}
this.sslFactory = context.getSocketFactory();
}
protected SSLContext getContext() throws Exception {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
// Trust always
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
// Trust always
}
}
};
// Install the all-trusting trust manager
SSLContext sslContext = SSLContext.getInstance("SSL");
// Create empty HostnameVerifier
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
};
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
return sslContext;
}
}客户端调用时设置setProperty:
// 支持Https Webservice接口调用
AxisProperties.setProperty("axis.socketSecureFactory", WSTLSSocketSecureFactory.class.getName());注意点,不同版本jdk对TLS验证是有差别的:oracle官网博客Diagnosing TLS, SSL, and HTTPS列出了差别
在这里插入图片描述
在这里插入图片描述
补充知识点:
- SSL:SSL 是“Secure Sockets Layer”的缩写,是在上世纪90年代中期,由网景公司设计的
- TLS:IETF 就在那年把 SSL 标准化。标准化之后的名称改为 TLS(是“Transport Layer Security”的缩写),中文叫做“传输层安全协议”
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2020-12-17 ,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
相关产品与服务