javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:没有可用的X509TrustManager实现 [英] javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available
问题描述
我的应用程序中的代码尝试使用带有指定证书的HTTPS连接到外部主机。
我的代码如下所示:
//加载两个密钥库
KeyStore keystore = KeyStore.getInstance(pkcs12,SunJSSE);
InputStream keystoreInput = new FileInputStream(cerPath);
keystore.load(keystoreInput,passwd.toCharArray());
System.out.println(Keystore has+ keystore.size()+keys);
//加载信任库,将其保留为null以依赖于随JVM分发的cacerts
KeyStore truststore = KeyStore.getInstance(pkcs12,SunJSSE);
InputStream truststoreInput = new FileInputStream(cerPath);
truststore.load(truststoreInput,passwd.toCharArray());
System.out.println(Truststore has+ truststore.size()+keys);
// ssl context
SSLContext sslcontext = SSLContext.getInstance(TLS);
sslcontext.init(null,null,null);
SSLSocketFactory sf = new SSLSocketFactory(keystore,passwd);
计划https =新计划(https,443,sf);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(https);
...
client = new DefaultHttpClient(new PoolingClientConnectionManager(schemeRegistry));
...
HttpResponse httpResponse = client.execute(targetHost,httpMethod);
变量cerPath包含用于建立连接的证书(xxxx.pfx)的路径。 / p>
在一个独立的应用程序中,这很好用,但在我的spring-boot应用程序中,相同的代码抛出了这个异常:
javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:没有可用的X509TrustManager实现
我在普通的Spring应用程序中测试了这段代码,它也可以运行。
正常的SSL属性()don也没办法。
最后我们发现了这个问题。
我们在指向框架wiremock的pom.xml中有一个依赖项:
< dependency>
< groupId> com.github.tomakehurst< / groupId>
< artifactId> wiremock< / artifactId>
< version> 1.43< / version>
< exclusions>
< exclusion>
< groupId> org.mortbay.jetty< / groupId>
< artifactId> servlet-api< / artifactId>
< / exclusion>
< / exclusions>
< / dependency>
此框架在jar中包含产生此问题的/ keystore文件。当我们从pom中删除这种依赖时,一切正常。
I have code in my application that try to connect to an external host using HTTPS with a specified certificate.
My code looks like this:
//Load Two Keystores
KeyStore keystore = KeyStore.getInstance("pkcs12", "SunJSSE");
InputStream keystoreInput = new FileInputStream(cerPath);
keystore.load(keystoreInput, passwd.toCharArray());
System.out.println("Keystore has " + keystore.size() + " keys");
// load the truststore, leave it null to rely on cacerts distributed with the JVM
KeyStore truststore = KeyStore.getInstance("pkcs12", "SunJSSE");
InputStream truststoreInput = new FileInputStream(cerPath);
truststore.load(truststoreInput, passwd.toCharArray());
System.out.println("Truststore has " + truststore.size() + " keys");
//ssl context
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(null, null, null);
SSLSocketFactory sf = new SSLSocketFactory(keystore, passwd);
Scheme https = new Scheme("https", 443, sf);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(https);
...
client = new DefaultHttpClient(new PoolingClientConnectionManager(schemeRegistry));
...
HttpResponse httpResponse = client.execute( targetHost, httpMethod);
The variable cerPath contains the path to the certificate (xxxx.pfx) used to establish the connection.
In a standalone application, this works perfectly, but in my spring-boot application, the same code throws this exception:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available
I've tested this code inside a normal Spring application, and it works too.
The normal SSL properties () don't work either.
At the end we've discovered the problem.
We have a dependency in our pom.xml pointing at the framework wiremock:
<dependency>
<groupId>com.github.tomakehurst</groupId>
<artifactId>wiremock</artifactId>
<version>1.43</version>
<exclusions>
<exclusion>
<groupId>org.mortbay.jetty</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
This framework contains a /keystore file inside the jar that produce this problem. When we remove this dependency from the pom, all works fine.
这篇关于javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:没有可用的X509TrustManager实现的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
