devbox
weixin_40725706
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

解决远程调用三方接口:javax.net.ssl.SSLHandshakeException报错

作者:weixin_40725706 | 2024-04-17 14:17:09

javax.net.ssl.sslhandshakeexception

一、前言

最近在对接腾讯会议API接口,在鉴权完成后开始调用对方的接口,在此过程中出现调用报错:javax.net.ssl.SSLHandshakeException。

二、出现原因

当你在进行https请求时,JDK中不存在三方服务的信任证书,导致出现错误javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败。

三、解决方法

1、获取根证书安装证书到你的JRE的Java cacerts中(安装证书到PATHTOYOURJDK/JRE/lib目录/ cacerts中)。

2、忽略SSL证书的校验。

这里因为很多情况没有证书,所以采用第二种方案,在你的代码中进行忽略SSL证书校验。

四、代码

这里要区分你使用的是那种方式调用三方服务(RestTemplate 、OkHttpClient)。

1、RestTemplate

  1. package com.hikvision.meeting.config;
  2.  
  3. import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
  4. import org.apache.http.conn.ssl.TrustStrategy;
  5. import org.apache.http.impl.client.CloseableHttpClient;
  6. import org.apache.http.impl.client.HttpClients;
  7. import org.springframework.context.annotation.Bean;
  8. import org.springframework.context.annotation.Configuration;
  9. import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
  10. import org.springframework.web.client.RestTemplate;
  11.  
  12. import javax.net.ssl.*;
  13. import java.security.cert.CertificateException;
  14. import java.security.cert.X509Certificate;
  15.  
  16.  
  17. /**
  18.  * @author dongliang7
  19.  * @projectName 
  20.  * @ClassName Config2RestTemplate.java
  21.  * @description: 跳过证书效验
  22.  * @createTime 2021年11月23日 09:59:00
  23.  */
  24. @Configuration
  25. public class Config2RestTemplate {
  26.  
  27.     @Bean
  28.     public RestTemplate restTemplate() throws Exception {
  29.         TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
  30.  
  31.         SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
  32.                 .loadTrustMaterial(null, acceptingTrustStrategy)
  33.                 .build();
  34.  
  35. //        SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
  36.         SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(createIgnoreVerifySSL(),
  37.                 // 指定TLS版本
  38.                 null,
  39.                 // 指定算法
  40.                 null,
  41.                 // 取消域名验证
  42.                 new HostnameVerifier() {
  43.                     @Override
  44.                     public boolean verify(String string, SSLSession ssls) {
  45.                         return true;
  46.                     }
  47.                 });
  48.  
  49.         CloseableHttpClient httpClient = HttpClients.custom()
  50.                 .setSSLSocketFactory(csf)
  51.                 .build();
  52.  
  53.         HttpComponentsClientHttpRequestFactory requestFactory =
  54.                 new HttpComponentsClientHttpRequestFactory();
  55.  
  56.         requestFactory.setHttpClient(httpClient);
  57.         requestFactory.setReadTimeout(60 * 1000);// ms
  58.         requestFactory.setConnectTimeout(60 * 1000);// ms
  59.         // 该代码的意思是请求工厂类是否应用缓冲请求正文内部,默认值为true,当post或者put大文件的时候会造成内存溢出情况,设置为false将数据直接流入底层HttpURLConnection
  60.         requestFactory.setBufferRequestBody(false);
  61.         RestTemplate restTemplate = new RestTemplate(requestFactory);
  62.         return restTemplate;
  63.     }
  64.  
  65.     /**
  66.      * 跳过证书效验的sslcontext
  67.      *
  68.      * @return
  69.      * @throws Exception
  70.      */
  71.     private static SSLContext createIgnoreVerifySSL() throws Exception {
  72.         SSLContext sc = SSLContext.getInstance("TLS");
  73.  
  74.         // 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
  75.         X509TrustManager trustManager = new X509TrustManager() {
  76.             @Override
  77.             public void checkClientTrusted(X509Certificate[] paramArrayOfX509Certificate,
  78.                                            String paramString) throws CertificateException {
  79.             }
  80.  
  81.             @Override
  82.             public void checkServerTrusted(X509Certificate[] paramArrayOfX509Certificate,
  83.                                            String paramString) throws CertificateException {
  84.             }
  85.  
  86.             @Override
  87.             public X509Certificate[] getAcceptedIssuers() {
  88.                 return null;
  89.             }
  90.         };
  91.         sc.init(null, new TrustManager[] { trustManager }, null);
  92.         return sc;
  93.     }
  94. }

2、OkHttpClient

  1. package com.tencent.wemeet.gateway.restapisdk.util;
  2.  
  3. import lombok.extern.slf4j.Slf4j;
  4. import okhttp3.OkHttpClient;
  5.  
  6. import javax.net.ssl.*;
  7. import java.security.KeyStore;
  8. import java.security.NoSuchAlgorithmException;
  9. import java.util.Arrays;
  10. import java.util.concurrent.TimeUnit;
  11.  
  12. /**
  13.  * @author dongliang7
  14.  * @projectName tenxun-meeting-api
  15.  * @ClassName SSLSocketClient.java
  16.  * @description: 创建 OkHttpClient 不进行SSL(证书)验证
  17.  * @createTime 2021年11月19日 09:50:00
  18.  */
  19. @Slf4j
  20. public class SSLSocketClient {
  21.  
  22.     public static OkHttpClient getUnsafeOkHttpClient() {
  23.         try {
  24.             // 创建不验证证书链的信任管理器
  25.             final TrustManager[] trustAllCerts = new TrustManager[]{
  26.                     new X509TrustManager() {
  27.                         @Override
  28.                         public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
  29.                         @Override
  30.                         public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
  31.                         @Override
  32.                         public java.security.cert.X509Certificate[] getAcceptedIssuers() {
  33.                             return new java.security.cert.X509Certificate[]{};
  34.                         }
  35.                     }
  36.             };
  37.             if (trustAllCerts.length != 1 || !(trustAllCerts[0] instanceof X509TrustManager)) {
  38.                 throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustAllCerts));
  39.             }
  40.             X509TrustManager x509TrustManager = (X509TrustManager) trustAllCerts[0];
  41.  
  42.             // 安装全信任信任管理器
  43.             final SSLContext sslContext = SSLContext.getInstance("SSL");
  44.             sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
  45.             // 使用我们完全信任的管理器创建 ssl 套接字工厂
  46.             final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
  47.  
  48.             OkHttpClient.Builder builder = new OkHttpClient.Builder()
  49.                     .connectTimeout(60 , TimeUnit.SECONDS).readTimeout(60 , TimeUnit.SECONDS).writeTimeout(120 , TimeUnit.SECONDS);
  50.             builder.sslSocketFactory(sslSocketFactory , x509TrustManager);
  51.             builder.hostnameVerifier(new HostnameVerifier() {
  52.                 @Override
  53.                 public boolean verify(String hostname, SSLSession session) {
  54.                     return true;
  55.                 }
  56.             });
  57.             OkHttpClient okHttpClient = builder.build();
  58.             return okHttpClient;
  59.         } catch (Exception e) {
  60.             log.error("创建OkHttpClient不进行SSL(证书)验证失败:{}", e.getMessage());
  61.             throw new RuntimeException(e);
  62.         }
  63.     }
  64. }

获取OkHttpClient :

  1. //创建 OkHttpClient 不进行SSL(证书)验证
  2.     private static final OkHttpClient okHttpClient = SSLSocketClient.getUnsafeOkHttpClient();

在minio中的运用

  1.  minioClient = MinioClient.builder()
  2.                         .endpoint(minioUrl, Integer.parseInt(minioUrl.substring(minioUrl.lastIndexOf(":")+1,minioUrl.length()-1)),true)
  3.                         .credentials(minioName, minioPass)
  4.                         .httpClient(okHttpClient)
  5.                         .build();

转载自:https://www.cnblogs.com/dongl961230/p/15594627.html

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/weixin_40725706/article/detail/440646
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号