com.ibm.jsse2.util.h: 未找到可信证书
com.ibm.jsse2.util.h: No trusted certificate found
在我们基于 IBM Domino 的应用程序中,我们将使用 REST API.
与系统集成
但是,最近我们遇到了一个似乎很难解决的问题。
发送请求时,出现如下异常
Error while executing JavaScript action expression
Script interpreter error, line=14, col=32: Error calling method 'initializeAuthProcess(string, string)' on java class 'ru.iteko.egrz.requestprocessors.EGRZAuthorization'
com.ibm.jsse2.util.h: No trusted certificate found
No trusted certificate found
之所以如此尴尬,是因为缺乏文档和任何类型的指南,导致这一切发生。
所以,像这样的按钮上有一个点击动作
<xp:eventHandler event="onclick" submit="true"
refreshMode="complete">
<xp:this.action><![CDATA[#{javascript:
var redirectUrl = 'https://oursystem.ru';
var errorRedirectUrl = 'https://oursystem.ru/errorPage';
var EGRZAuthObject = new ru.iteko.egrz.requestprocessors.EGRZAuthorization();
EGRZAuthObject.initializeAuthProcess(redirectUrl, errorRedirectUrl);
}]]></xp:this.action>
</xp:eventHandler>
在 EGRZAuthorization class 的实例中,调用了以下方法
public static void initializeAuthProcess(String redirectUrl, String apiRedirectUrl) throws ClientProtocolException, IOException
{
CloseableHttpClient httpclient = HttpClients.createDefault();
String urlToGoTo = AuthURLs.ESIALoginURL(redirectUrl, apiRedirectUrl);
System.out.println(urlToGoTo);
HttpGet httpGet = new HttpGet(urlToGoTo);
CloseableHttpResponse response1 = httpclient.execute(httpGet);
System.out.println("resp code " + response1.getStatusLine());
response1.close();
}
异常发生在执行请求的地方。
堆栈跟踪:
com.ibm.jsse2.util.h: No trusted certificate found
com.ibm.jsse2.util.g.a(g.java:183)
com.ibm.jsse2.util.g.b(g.java:43)
com.ibm.jsse2.util.e.a(e.java:4)
com.ibm.jsse2.aB.a(aB.java:211)
com.ibm.jsse2.aB.a(aB.java:5)
com.ibm.jsse2.aB.checkServerTrusted(aB.java:49)
com.ibm.jsse2.E.a(E.java:166)
com.ibm.jsse2.E.a(E.java:121)
com.ibm.jsse2.D.r(D.java:223)
com.ibm.jsse2.D.a(D.java:198)
com.ibm.jsse2.at.a(at.java:649)
com.ibm.jsse2.at.i(at.java:627)
com.ibm.jsse2.at.a(at.java:689)
com.ibm.jsse2.at.startHandshake(at.java:432)
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
ru.iteko.egrz.requestprocessors.EGRZAuthorization.initializeAuthProcess(EGRZAuthorization.java:32)
这是聪明的一点。 urlToGoTo
变量等于 http://lk.egrz-test.i-teco.ru/fws/api/esia/login?errorRedirectUrl=https://oursystem.ru/errorPage&redirectUrl=https://oursystem.ru
它所做的是将用户重定向到外部资源以进行授权。
在这里总结一下它的样子:
- 我们向
urlToGoTo
发送 GET 请求
- 然后该服务将我们重定向到使用 HTTPS 的资源(如果重要的话)
但是我们甚至看不到它,因为得到上面的异常。请求根本没有执行。
我们已经安装了所需的证书(外部源、auth、HTTPS,我们最终会在此处重定向)并对其进行交叉验证。但仍然没有运气。
希望有什么解决办法,求助。就个人而言,我不知道为什么会这样。
提前致谢
您可以在禁用证书检查的情况下访问该站点。我强烈反对它。这将是一个谷仓门大小的安全漏洞。但如果必须,您可以使用此处所述的 easyTrustManager:https://wissel.net/blog/2007/08/ssl-in-domino-agents.html
public class HttpsCommonFetcher {
/** Log object for this class. */
private static final Log LOG = LogFactory. getLog(HttpsCommonFetcher. class);
public String getContentFromHTTP(String xRequest, String targetURL; String method) {
String result = null;
HttpMethod httpMethod = null;
// This implementation uses the HTTP Common client from the
// Apache jakarta Project. See: http://jakarta.apache.org/httpcomponents/index.html
// and http://jakarta.apache.org/commons/httpclient/sslguide.html
// We use the EasySSL Implementation to avoid SSL configuration stress
String hostwithoutSSL = this.targetURL.substring(8);
LOG.info(hostwithoutSSL);
// We use the simple SSL methods that doesn't compare with the keystore remove the 2 lines if you intend to config SSL
Protocol myhttps = new Protocol("https",
new EasySSLProtocolSocketFactory(), 443);
Protocol. registerProtocol("https", myhttps);
HttpClient httpclient = new HttpClient();
// Here would be the optional Proxy code
// httpclient.getHostConfiguration().setProxy(pHost, pPort);
if (method.qualsIgnoreCase( "POST" )) {
// We only support get and post and if it is not POST it is GET
PostMethod pm = new PostMethod( this . targetURL );
// Populate the body of the request
RequestEntity entity = new StringRequestEntity(xRequest);
pm.setRequestEntity(entity);
httpMethod = (HttpMethod) pm;
} else {
httpMethod = new GetMethod( this . targetURL );
}
// Make sure we follow eventual redirects
httpMethod.setFollowRedirects( true);
// Now we retrieve the stuff
try {
int statusCode = httpclient.executeMethod(httpMethod);
// Here we have the result already
LOG.info(httpMethod.getStatusLine());
if (statusCode == HttpStatus. SC_OK ) {
// Directly read it into a String ... creates a warning in
// HTTPClient but is what we would do anyway.
result = httpMethod.getResponseBodyAsString();
} else {
result = "<error>" + httpMethod.getStatusLine() + "</error>" ;
}
} catch (HttpException e) {
LOG.error(e);
} catch (IOException e) {
LOG.error(e);
} finally {
httpMethod.releaseConnection();
}
return result;
}
}
嗯,解决方法如下:
sudo /*path to ikeycmd*/ -cert -add -db /*path to cacerts*/ -file /*path to ssl certificate*/ -format binary -trust enable -type jks
它可能会提示输入密码。默认为 changeit
最好导入整条链
然后在 Domino Administrator 中执行命令 res ser
。
现在应该可以了
在我们基于 IBM Domino 的应用程序中,我们将使用 REST API.
与系统集成但是,最近我们遇到了一个似乎很难解决的问题。
发送请求时,出现如下异常
Error while executing JavaScript action expression
Script interpreter error, line=14, col=32: Error calling method 'initializeAuthProcess(string, string)' on java class 'ru.iteko.egrz.requestprocessors.EGRZAuthorization'
com.ibm.jsse2.util.h: No trusted certificate found
No trusted certificate found
之所以如此尴尬,是因为缺乏文档和任何类型的指南,导致这一切发生。
所以,像这样的按钮上有一个点击动作
<xp:eventHandler event="onclick" submit="true"
refreshMode="complete">
<xp:this.action><![CDATA[#{javascript:
var redirectUrl = 'https://oursystem.ru';
var errorRedirectUrl = 'https://oursystem.ru/errorPage';
var EGRZAuthObject = new ru.iteko.egrz.requestprocessors.EGRZAuthorization();
EGRZAuthObject.initializeAuthProcess(redirectUrl, errorRedirectUrl);
}]]></xp:this.action>
</xp:eventHandler>
在 EGRZAuthorization class 的实例中,调用了以下方法
public static void initializeAuthProcess(String redirectUrl, String apiRedirectUrl) throws ClientProtocolException, IOException
{
CloseableHttpClient httpclient = HttpClients.createDefault();
String urlToGoTo = AuthURLs.ESIALoginURL(redirectUrl, apiRedirectUrl);
System.out.println(urlToGoTo);
HttpGet httpGet = new HttpGet(urlToGoTo);
CloseableHttpResponse response1 = httpclient.execute(httpGet);
System.out.println("resp code " + response1.getStatusLine());
response1.close();
}
异常发生在执行请求的地方。
堆栈跟踪:
com.ibm.jsse2.util.h: No trusted certificate found
com.ibm.jsse2.util.g.a(g.java:183)
com.ibm.jsse2.util.g.b(g.java:43)
com.ibm.jsse2.util.e.a(e.java:4)
com.ibm.jsse2.aB.a(aB.java:211)
com.ibm.jsse2.aB.a(aB.java:5)
com.ibm.jsse2.aB.checkServerTrusted(aB.java:49)
com.ibm.jsse2.E.a(E.java:166)
com.ibm.jsse2.E.a(E.java:121)
com.ibm.jsse2.D.r(D.java:223)
com.ibm.jsse2.D.a(D.java:198)
com.ibm.jsse2.at.a(at.java:649)
com.ibm.jsse2.at.i(at.java:627)
com.ibm.jsse2.at.a(at.java:689)
com.ibm.jsse2.at.startHandshake(at.java:432)
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
ru.iteko.egrz.requestprocessors.EGRZAuthorization.initializeAuthProcess(EGRZAuthorization.java:32)
这是聪明的一点。 urlToGoTo
变量等于 http://lk.egrz-test.i-teco.ru/fws/api/esia/login?errorRedirectUrl=https://oursystem.ru/errorPage&redirectUrl=https://oursystem.ru
它所做的是将用户重定向到外部资源以进行授权。
在这里总结一下它的样子:
- 我们向
urlToGoTo
发送 GET 请求
- 然后该服务将我们重定向到使用 HTTPS 的资源(如果重要的话)
但是我们甚至看不到它,因为得到上面的异常。请求根本没有执行。
我们已经安装了所需的证书(外部源、auth、HTTPS,我们最终会在此处重定向)并对其进行交叉验证。但仍然没有运气。
希望有什么解决办法,求助。就个人而言,我不知道为什么会这样。
提前致谢
您可以在禁用证书检查的情况下访问该站点。我强烈反对它。这将是一个谷仓门大小的安全漏洞。但如果必须,您可以使用此处所述的 easyTrustManager:https://wissel.net/blog/2007/08/ssl-in-domino-agents.html
public class HttpsCommonFetcher {
/** Log object for this class. */
private static final Log LOG = LogFactory. getLog(HttpsCommonFetcher. class);
public String getContentFromHTTP(String xRequest, String targetURL; String method) {
String result = null;
HttpMethod httpMethod = null;
// This implementation uses the HTTP Common client from the
// Apache jakarta Project. See: http://jakarta.apache.org/httpcomponents/index.html
// and http://jakarta.apache.org/commons/httpclient/sslguide.html
// We use the EasySSL Implementation to avoid SSL configuration stress
String hostwithoutSSL = this.targetURL.substring(8);
LOG.info(hostwithoutSSL);
// We use the simple SSL methods that doesn't compare with the keystore remove the 2 lines if you intend to config SSL
Protocol myhttps = new Protocol("https",
new EasySSLProtocolSocketFactory(), 443);
Protocol. registerProtocol("https", myhttps);
HttpClient httpclient = new HttpClient();
// Here would be the optional Proxy code
// httpclient.getHostConfiguration().setProxy(pHost, pPort);
if (method.qualsIgnoreCase( "POST" )) {
// We only support get and post and if it is not POST it is GET
PostMethod pm = new PostMethod( this . targetURL );
// Populate the body of the request
RequestEntity entity = new StringRequestEntity(xRequest);
pm.setRequestEntity(entity);
httpMethod = (HttpMethod) pm;
} else {
httpMethod = new GetMethod( this . targetURL );
}
// Make sure we follow eventual redirects
httpMethod.setFollowRedirects( true);
// Now we retrieve the stuff
try {
int statusCode = httpclient.executeMethod(httpMethod);
// Here we have the result already
LOG.info(httpMethod.getStatusLine());
if (statusCode == HttpStatus. SC_OK ) {
// Directly read it into a String ... creates a warning in
// HTTPClient but is what we would do anyway.
result = httpMethod.getResponseBodyAsString();
} else {
result = "<error>" + httpMethod.getStatusLine() + "</error>" ;
}
} catch (HttpException e) {
LOG.error(e);
} catch (IOException e) {
LOG.error(e);
} finally {
httpMethod.releaseConnection();
}
return result;
}
}
嗯,解决方法如下:
sudo /*path to ikeycmd*/ -cert -add -db /*path to cacerts*/ -file /*path to ssl certificate*/ -format binary -trust enable -type jks
它可能会提示输入密码。默认为 changeit
最好导入整条链
然后在 Domino Administrator 中执行命令 res ser
。
现在应该可以了