【发布时间】:2015-04-12 18:33:21
【问题描述】:
我有一个 REST API,比如 https://testing.com/ap//v1/test/23123。 这是我的 Java 代码:
URL restServiceURL = new URL(targetURL);
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("100.3.4.54", 9128));
HttpURLConnection httpConnection = (HttpURLConnection) restServiceURL.openConnection(proxy);
httpConnection.setRequestMethod("GET");
httpConnection.setRequestProperty("Accept", "application/json");
if (httpConnection.getResponseCode() != 200) {
throw new RuntimeException("HTTP GET Request Failed with Error code : "
+ httpConnection.getResponseCode());
}
BufferedReader responseBuffer = new BufferedReader(new InputStreamReader(
(httpConnection.getInputStream())));
这会引发 java 异常:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: CA key usage check failed: keyCertSign bit is not set
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
有没有办法绕过这个 https 验证?解决此问题的最佳方法是什么?
【问题讨论】:
-
服务器证书可能无效。请参阅this thread 了解可能的解决方法。
-
"有没有办法绕过这个 https 验证?" :如果您只是想摆脱它提供的保护,为什么还要使用 https?您不应该忽视安全问题,而是要修复它。
标签: java rest ssl httpurlconnection