javax.net.ssl.SSLPeerUnverifiedException: peer 未在 netbeans 中进行身份验证
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated in netbeans
我正在使用 HttpClient-4.0.3 并且已经在服务器上添加了证书。命令如下:
keytool -import -file "C:\Users\apex\Downloads\RootCABangladesh2016.cer" -keystore "C:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts" -alias "sds certificate"
但我仍然遇到错误。
我已阅读有关添加 TrustManager (X509TrustManager) 的现有问题,但根据我的想法,这不是解决方案。
异常情况如下:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:399)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:143)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
at jsonParser.JSONParser.makeHttpRequest(JSONParser.java:54)
at powersms.SendSms.sendSms(SendSms.java:44)
at powersms.SendSms.run(SendSms.java:32)
我已通过此命令检查过期日期。
keytool -list -v -alias "sds certificate" -keystore "C:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts" -storepass "changeit" | grep "Valid from:"
但这告诉我:
Valid from: Wed Dec 21 16:43:56 BDT 2016 until: Mon Dec 21 16:43:56 BDT 2026
我添加了 jvm 参数。
-Djavax.net.debug=ssl:handshake
然后我输出这个:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:399)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:143)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
at jsonParser.JSONParser.makeHttpRequest(JSONParser.java:54)
at powersms.SendSms.sendSms(SendSms.java:44)
at powersms.SendSms.run(SendSms.java:32)
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
Thread-0, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Thread-0, WRITE: TLSv1 Alert, length = 2
Thread-0, called closeSocket()
Thread-0, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Thread-0, IOException in getSession(): javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Buffer Error Error converting result java.lang.NullPointerException
JSON ParserError parsing data org.json.JSONException: A JSONObject text must begin with '{' at character 0
Json is null
当您尝试连接到安全(即 https)URL 时,HttpClient 已经存在了一段时间的问题。不过 HttpClient 中有这个 class EasySSLProtocolSocketFactory,它允许您创建接受自签名证书的 sockets。您可以按照文档中的描述尝试使用它 - EasySSLProtocolSocketFactory
不确定它是否能解决您的问题,并且不鼓励在生产中使用它。不过你绝对可以试一试,看看效果如何!
我正在使用 HttpClient-4.0.3 并且已经在服务器上添加了证书。命令如下:
keytool -import -file "C:\Users\apex\Downloads\RootCABangladesh2016.cer" -keystore "C:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts" -alias "sds certificate"
但我仍然遇到错误。
我已阅读有关添加 TrustManager (X509TrustManager) 的现有问题,但根据我的想法,这不是解决方案。
异常情况如下:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:399)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:143)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
at jsonParser.JSONParser.makeHttpRequest(JSONParser.java:54)
at powersms.SendSms.sendSms(SendSms.java:44)
at powersms.SendSms.run(SendSms.java:32)
我已通过此命令检查过期日期。
keytool -list -v -alias "sds certificate" -keystore "C:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts" -storepass "changeit" | grep "Valid from:"
但这告诉我:
Valid from: Wed Dec 21 16:43:56 BDT 2016 until: Mon Dec 21 16:43:56 BDT 2026
我添加了 jvm 参数。
-Djavax.net.debug=ssl:handshake
然后我输出这个:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:399)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:143)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
at jsonParser.JSONParser.makeHttpRequest(JSONParser.java:54)
at powersms.SendSms.sendSms(SendSms.java:44)
at powersms.SendSms.run(SendSms.java:32)
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
Thread-0, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Thread-0, WRITE: TLSv1 Alert, length = 2
Thread-0, called closeSocket()
Thread-0, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Thread-0, IOException in getSession(): javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Buffer Error Error converting result java.lang.NullPointerException
JSON ParserError parsing data org.json.JSONException: A JSONObject text must begin with '{' at character 0
Json is null
当您尝试连接到安全(即 https)URL 时,HttpClient 已经存在了一段时间的问题。不过 HttpClient 中有这个 class EasySSLProtocolSocketFactory,它允许您创建接受自签名证书的 sockets。您可以按照文档中的描述尝试使用它 - EasySSLProtocolSocketFactory
不确定它是否能解决您的问题,并且不鼓励在生产中使用它。不过你绝对可以试一试,看看效果如何!