如何解决Spring Boot HTTPS调用引发SunCertPathBuilderException
我有一个旧的应用程序,需要通过提供凭据从HTTPS URL下载文件,并且在完成请求后会引发以下错误:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) ~[na:1.8.0_252]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967) ~[na:1.8.0_252]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:331) ~[na:1.8.0_252]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325) ~[na:1.8.0_252]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688) ~[na:1.8.0_252]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226) ~[na:1.8.0_252]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082) ~[na:1.8.0_252]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:1010) ~[na:1.8.0_252]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079) ~[na:1.8.0_252]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388) ~[na:1.8.0_252]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416) ~[na:1.8.0_252]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1400) ~[na:1.8.0_252]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.5.jar:4.5.5]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.5.jar:4.5.5]
这是配置客户端的方式:
final CredentialsProvider provider = new BasicCredentialsProvider();
final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(artifact.getDownloadSource().getHttpUsername(),artifact.getDownloadSource().getHttpPassword());
provider.setCredentials(AuthScope.ANY,credentials);
// use the TrustSelfSignedStrategy to allow Self Signed Certificates
SSLContext sslContext = SSLContextBuilder
.create()
.loadTrustMaterial(new TrustSelfSignedStrategy())
.build();
// create an SSL Socket Factory to use the SSLContext with the trust self signed certificate strategy
SSLConnectionSocketFactory connectionFactory = new SSLConnectionSocketFactory(sslContext);
return HttpClientBuilder.create()
.setDefaultCredentialsProvider(provider)
.setSSLSocketFactory(connectionFactory)
.build();
这是Spring Boot的配置:
server:
port: 8443
http.port: 8080
ssl:
key-store: src/main/resources/ssl/keystore.p12
key-store-password: mykeystorepassword
keyStoreType: PKCS12
keyAlias: mykeyalias
注意:密钥库的证书已在2年前过期。
直到今天早上,应用程序一直没有出现问题。当执行CURL请求并从docker容器内的命令行提供凭据时,我能够下载文件而不会出现问题,因此问题出在spring boot应用程序中。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。