81,122
社区成员
发帖
与我相关
我的任务
分享System.setProperty("javax.net.ssl.keyStore 多个之间冲突
我的项目中要向不同的httpswebservice发送数据,
但是
System.setProperty("javax.net.ssl.keyStore 多个之间会有冲突,请问这个该怎么处理
但是
System.setProperty("javax.net.ssl.keyStore 多个之间会有冲突,请问这个该怎么处理
...全文
请发表友善的回复…
发表回复
TGuiGuXiaoBao 2015-03-13
- 打赏
- 举报
楼主,您好! 我在请求https 双向认证服务器后报错,错误如下!
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at org.zrsf.test.Test.main(Test.java:25)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at org.zrsf.test.MyTrustManager$ClientTrustManager.checkServerTrusted(MyTrustManager.java:61)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1027)
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 18 more
也用了你们说的方法去服务器下载证书库,但是下载不了额,求帮助! QQ邮箱:1097189495@qq.com 感谢,感谢
zhouyusunquan 2012-07-16
- 打赏
- 举报
[Quote=引用 6 楼 的回复:]
实际上上面那些在你之前的帖子中已经回复过你了!
重新发一帖竟然还是没学会怎么提问!
提问的智慧
http://community.csdn.net/IndexPage/SmartQuestion.aspx
各种提问方式比较:
愚蠢:
救命啊!我的笔记本视频工作不正常!
明智:
XFree86 4.1扭曲鼠标光标,某显卡MV1005型号的芯片组……
[/Quote]
你说的这种方式我早已存在
public String wrap2Client(String url,String kpath,String kpassword,String trustpath,String tpassword,String datafile, Map<String, String> data) throws Exception {
HttpClient httpclient = new DefaultHttpClient();
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream keystoreInstream = new FileInputStream(new File(kpath));
FileInputStream trustStoreInstream = new FileInputStream(new File(trustpath));
try {
keystore.load(keystoreInstream, kpassword.toCharArray());
trustStore.load(trustStoreInstream, tpassword.toCharArray());
} finally {
keystoreInstream.close();
trustStoreInstream.close();
}
SSLSocketFactory socketFactory = new SSLSocketFactory(SSLSocketFactory.SSL, keystore, kpassword,
trustStore, null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
}, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme sch = new Scheme("https", 4433, socketFactory);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
HttpPost post = new HttpPost(url);
if(data!=null){
for(String key : data.keySet()) {
post.setHeader(key, data.get(key));
}
}
String BK_SERIAL = String.valueOf(System.currentTimeMillis());
StringEntity entity = new StringEntity(datafile, "text/html", "GBK");
post.setEntity(entity);
HttpResponse res = httpclient.execute(post);
String msg="";
HttpEntity resEntity = res.getEntity();
if (resEntity != null) {
msg=EntityUtils.toString(resEntity,"gbk");
}
httpclient.getConnectionManager().shutdown();
return msg;
}
实际上上面那些在你之前的帖子中已经回复过你了!
重新发一帖竟然还是没学会怎么提问!
提问的智慧
http://community.csdn.net/IndexPage/SmartQuestion.aspx
各种提问方式比较:
愚蠢:
救命啊!我的笔记本视频工作不正常!
明智:
XFree86 4.1扭曲鼠标光标,某显卡MV1005型号的芯片组……
[/Quote]
你说的这种方式我早已存在
public String wrap2Client(String url,String kpath,String kpassword,String trustpath,String tpassword,String datafile, Map<String, String> data) throws Exception {
HttpClient httpclient = new DefaultHttpClient();
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream keystoreInstream = new FileInputStream(new File(kpath));
FileInputStream trustStoreInstream = new FileInputStream(new File(trustpath));
try {
keystore.load(keystoreInstream, kpassword.toCharArray());
trustStore.load(trustStoreInstream, tpassword.toCharArray());
} finally {
keystoreInstream.close();
trustStoreInstream.close();
}
SSLSocketFactory socketFactory = new SSLSocketFactory(SSLSocketFactory.SSL, keystore, kpassword,
trustStore, null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
}, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme sch = new Scheme("https", 4433, socketFactory);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
HttpPost post = new HttpPost(url);
if(data!=null){
for(String key : data.keySet()) {
post.setHeader(key, data.get(key));
}
}
String BK_SERIAL = String.valueOf(System.currentTimeMillis());
StringEntity entity = new StringEntity(datafile, "text/html", "GBK");
post.setEntity(entity);
HttpResponse res = httpclient.execute(post);
String msg="";
HttpEntity resEntity = res.getEntity();
if (resEntity != null) {
msg=EntityUtils.toString(resEntity,"gbk");
}
httpclient.getConnectionManager().shutdown();
return msg;
}
zhouyusunquan 2012-07-16
- 打赏
- 举报
[Quote=引用 6 楼 的回复:]
实际上上面那些在你之前的帖子中已经回复过你了!
重新发一帖竟然还是没学会怎么提问!
提问的智慧
http://community.csdn.net/IndexPage/SmartQuestion.aspx
各种提问方式比较:
愚蠢:
救命啊!我的笔记本视频工作不正常!
明智:
XFree86 4.1扭曲鼠标光标,某显卡MV1005型号的芯片组……
[/Quote]
pojo.create.callback.Tinsxmldata tdata=null;
String result="";
System.setProperty("javax.net.ssl.keyStore", keypath);
System.setProperty("javax.net.ssl.keyStorePassword", password);
System.setProperty("javax.net.ssl.trustStore", turspath);
System.setProperty("javax.net.ssl.trustStorePassword", password);
String endpoint = cfg.getKeyurl();
Service service = new Service();
Call call;
try {
call = (Call) service.createCall();
call.setTargetEndpointAddress(new java.net.URL(endpoint));
call.getMessageContext().setUsername(ursername);
call.getMessageContext().setPassword(password);
QName qn = new QName("BatchInfo:BatchInfo", "BatchInfo");
QName qn1 = new QName("GrpContInt:GrpContInt", "GrpContInt");
call.registerTypeMapping(BatchInfo.class, qn, new BeanSerializerFactory(BatchInfo.class, qn),
new BeanDeserializerFactory(BatchInfo.class, qn));
call.registerTypeMapping(GrpContInt.class, qn1, new BeanSerializerFactory(GrpContInt.class, qn1),
new BeanDeserializerFactory(GrpContInt.class, qn1));
call.setOperationName(new QName("https://group.taikanglife.com:8442/hangyxtest-pass/services/HYXInterface", "SignCont"));
BatchInfo batchInfo = (BatchInfo) call.invoke(new Object[]{info});
如下代码如何转换,
实际上上面那些在你之前的帖子中已经回复过你了!
重新发一帖竟然还是没学会怎么提问!
提问的智慧
http://community.csdn.net/IndexPage/SmartQuestion.aspx
各种提问方式比较:
愚蠢:
救命啊!我的笔记本视频工作不正常!
明智:
XFree86 4.1扭曲鼠标光标,某显卡MV1005型号的芯片组……
[/Quote]
pojo.create.callback.Tinsxmldata tdata=null;
String result="";
System.setProperty("javax.net.ssl.keyStore", keypath);
System.setProperty("javax.net.ssl.keyStorePassword", password);
System.setProperty("javax.net.ssl.trustStore", turspath);
System.setProperty("javax.net.ssl.trustStorePassword", password);
String endpoint = cfg.getKeyurl();
Service service = new Service();
Call call;
try {
call = (Call) service.createCall();
call.setTargetEndpointAddress(new java.net.URL(endpoint));
call.getMessageContext().setUsername(ursername);
call.getMessageContext().setPassword(password);
QName qn = new QName("BatchInfo:BatchInfo", "BatchInfo");
QName qn1 = new QName("GrpContInt:GrpContInt", "GrpContInt");
call.registerTypeMapping(BatchInfo.class, qn, new BeanSerializerFactory(BatchInfo.class, qn),
new BeanDeserializerFactory(BatchInfo.class, qn));
call.registerTypeMapping(GrpContInt.class, qn1, new BeanSerializerFactory(GrpContInt.class, qn1),
new BeanDeserializerFactory(GrpContInt.class, qn1));
call.setOperationName(new QName("https://group.taikanglife.com:8442/hangyxtest-pass/services/HYXInterface", "SignCont"));
BatchInfo batchInfo = (BatchInfo) call.invoke(new Object[]{info});
如下代码如何转换,
zhouyusunquan 2012-07-14
- 打赏
- 举报
[Quote=引用 6 楼 的回复:]
实际上上面那些在你之前的帖子中已经回复过你了!
重新发一帖竟然还是没学会怎么提问!
提问的智慧
http://community.csdn.net/IndexPage/SmartQuestion.aspx
各种提问方式比较:
愚蠢:
救命啊!我的笔记本视频工作不正常!
明智:
XFree86 4.1扭曲鼠标光标,某显卡MV1005型号的芯片组……
[/Quote]
主要不是这样,对方是axis的webservice,而且传送的是对象,你这种方式我有,但是怎么样才能跟axis中的webservice对应起来,如何请求,这个不慎明白,如果有联系方式,请附上联系方式,谢谢
实际上上面那些在你之前的帖子中已经回复过你了!
重新发一帖竟然还是没学会怎么提问!
提问的智慧
http://community.csdn.net/IndexPage/SmartQuestion.aspx
各种提问方式比较:
愚蠢:
救命啊!我的笔记本视频工作不正常!
明智:
XFree86 4.1扭曲鼠标光标,某显卡MV1005型号的芯片组……
[/Quote]
主要不是这样,对方是axis的webservice,而且传送的是对象,你这种方式我有,但是怎么样才能跟axis中的webservice对应起来,如何请求,这个不慎明白,如果有联系方式,请附上联系方式,谢谢
火龙果被占用了 2012-07-13
- 打赏
- 举报
实际上上面那些在你之前的帖子中已经回复过你了!
重新发一帖竟然还是没学会怎么提问!
提问的智慧
http://community.csdn.net/IndexPage/SmartQuestion.aspx
各种提问方式比较:
愚蠢:
救命啊!我的笔记本视频工作不正常!
明智:
XFree86 4.1扭曲鼠标光标,某显卡MV1005型号的芯片组
更明智:
使用某显卡MV1005型号芯片组的XFree86 4.1的鼠标光标被扭曲
重新发一帖竟然还是没学会怎么提问!
提问的智慧
http://community.csdn.net/IndexPage/SmartQuestion.aspx
各种提问方式比较:
愚蠢:
救命啊!我的笔记本视频工作不正常!
明智:
XFree86 4.1扭曲鼠标光标,某显卡MV1005型号的芯片组
更明智:
使用某显卡MV1005型号芯片组的XFree86 4.1的鼠标光标被扭曲
火龙果被占用了 2012-07-13
- 打赏
- 举报
哦,还是你啊,呵呵,当我没说吧!
火龙果被占用了 2012-07-13
- 打赏
- 举报
使用 KeyStoreManager 和 TrustManager 就可以了,参考代码:
实际上就是通过 KeyStoreManager, TrustManager 创建 SSLContext 对象,再通过 SSLContext 对象创建 SSLSocketFactory 对象,并将 SSLSocketFactory 对象赋给 HttpsURLConnection 对象。
KeyStoreManager 管理着双向认证中的客户端证书库
TrustManager 管理着双向认证中服务端证书信任库,相当于浏览器中我知道该证书非 CA 签发,但我需要继续操作。
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
public class Test {
public static void main(String[] args) throws Exception {
// System.setProperty("javax.net.debug", "all");
URL url = new URL("https://www.xxxx.com");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(getSSLSocketFactory());
InputStream in = connection.getInputStream();
byte[] bys = new byte[8192];
ByteArrayOutputStream baos = new ByteArrayOutputStream();
for (int p = 0; (p = in.read(bys)) != -1;) {
baos.write(bys, 0, p);
}
String str = new String(baos.toByteArray());
System.out.println(str);
}
private static SSLSocketFactory getSSLSocketFactory() {
MyKeyManager keyManager = new MyKeyManager(KeyStoreType.PKCS12, "d:/key.p12", "123456".toCharArray());
MyTrustManager trustManager = new MyTrustManager("d:/trust.keystore", "123456".toCharArray());
MySSLContext context = new MySSLContext("TLS", keyManager, trustManager);
return context.getSSLContext().getSocketFactory();
}
}import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
public class MySSLContext {
private String protocol;
private MyKeyManager keyManager;
private MyTrustManager trustManager;
public MySSLContext(String protocol, MyKeyManager keyManager, MyTrustManager trustManager) {
this.protocol = protocol;
this.keyManager = keyManager;
this.trustManager = trustManager;
}
public MySSLContext(String protocol, MyTrustManager trustManager) {
this(protocol, null, trustManager);
}
public MySSLContext(String protocol, MyKeyManager keyManager) {
this(protocol, keyManager, null);
}
public SSLContext getSSLContext() {
try {
SSLContext context = SSLContext.getInstance(protocol);
context.init(getKeyManagers(), getTrustManagers(), null);
return context;
} catch (Exception e) {
throw new IllegalStateException("error, protocol: " + protocol, e);
}
}
private KeyManager[] getKeyManagers() {
if (keyManager == null) {
return null;
}
return keyManager.getKeyManagers();
}
private TrustManager[] getTrustManagers() {
if (trustManager == null) {
return null;
}
return trustManager.getTrustManagers();
}
}import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
public class MyKeyManager {
private KeyStore ks;
private char[] password;
public MyKeyManager(String keyStore, char[] password) {
this(KeyStoreType.JKS, keyStore, password);
}
public MyKeyManager(KeyStoreType type, String keyStore, char[] password) {
this.password = password;
this.ks = MyKeyStoreUtil.loadKeyStore(type, keyStore, password);
}
public KeyManager[] getKeyManagers() {
try {
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, password);
return kmf.getKeyManagers();
} catch (Exception e) {
throw new KeyStoreRuntimeException("cannot get KeyManagers", e);
}
}
}import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
public class MyTrustManager {
private KeyStore ks;
public MyTrustManager(String keyStore, char[] password) {
this(KeyStoreType.JKS, keyStore, password);
}
public MyTrustManager(KeyStoreType type, String keyStore, char[] password) {
this.ks = MyKeyStoreUtil.loadKeyStore(type, keyStore, password);
}
public TrustManager[] getTrustManagers() {
return new TrustManager[]{ new ClientTrustManager() };
}
private class ClientTrustManager implements X509TrustManager {
private X509TrustManager sunJSSEX509TrustManager;
public ClientTrustManager() {
loadTrust();
}
private void loadTrust() {
try {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
TrustManager tms[] = tmf.getTrustManagers();
for (int i = 0; i < tms.length; i++) {
if (tms[i] instanceof X509TrustManager) {
sunJSSEX509TrustManager = (X509TrustManager) tms[i];
return;
}
}
} catch (Exception e) {
throw new KeyStoreRuntimeException(e);
}
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
sunJSSEX509TrustManager.checkClientTrusted(chain, authType);
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
sunJSSEX509TrustManager.checkServerTrusted(chain, authType);
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return sunJSSEX509TrustManager.getAcceptedIssuers();
}
}
}import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
public class MyKeyStoreUtil {
private MyKeyStoreUtil() {
}
public static KeyStore loadKeyStore(KeyStoreType type, String keyStore, char[] password) {
if (type == null) {
type = KeyStoreType.JKS;
}
InputStream in = null;
try {
try {
KeyStore ks = type.getKeyStore();
in = new FileInputStream(keyStore);
ks.load(in, password);
return ks;
} finally {
if (in != null) {
in.close();
}
}
} catch (Exception e) {
throw new KeyStoreRuntimeException("type: " + type +
", keyStore: " + keyStore, e);
}
}
public static enum KeyStoreType {
JKS {
@Override
public KeyStore getKeyStore() throws KeyStoreException {
return getKeyStore("JKS");
}
},
PKCS12 {
@Override
public KeyStore getKeyStore() throws KeyStoreException {
return getKeyStore("PKCS12");
}
};
public abstract KeyStore getKeyStore() throws KeyStoreException ;
private static KeyStore getKeyStore(String type) throws KeyStoreException {
return KeyStore.getInstance(type);
}
}
public static class KeyStoreRuntimeException extends RuntimeException {
private static final long serialVersionUID = 1L;
public KeyStoreRuntimeException(String message, Throwable cause) {
super(message, cause);
}
public KeyStoreRuntimeException(Throwable cause) {
super(cause);
}
}
}实际上就是通过 KeyStoreManager, TrustManager 创建 SSLContext 对象,再通过 SSLContext 对象创建 SSLSocketFactory 对象,并将 SSLSocketFactory 对象赋给 HttpsURLConnection 对象。
KeyStoreManager 管理着双向认证中的客户端证书库
TrustManager 管理着双向认证中服务端证书信任库,相当于浏览器中我知道该证书非 CA 签发,但我需要继续操作。
zhouyusunquan 2012-07-13
- 打赏
- 举报
高手都哪里去了,都没了么
zhouyusunquan 2012-07-13
- 打赏
- 举报
高手都哪里去了,都没了么
zhouyusunquan 2012-07-13
- 打赏
- 举报
没人回,自己顶一下
