解决Springboot发起https请求报错:sun.sec urity.validator.ValidatorException: PKIX path building failed
问题描述
最近开发项目中在springboot接口中调用第三方https接口,后台日志报错:
sun.sec urity.validator.ValidatorException: PKIX path building failed
意思就是非安全的调用,java不认识这个接口证书。
报错原因
java security仓库中没有这个第三方站点的SSL证书,调用失败。
解决方案
方案一: 手动导入网站证书到java security库
弊端:换了一个SSL证书有需要导入一次,很麻烦。不推荐。
可参考我另一篇文章:
https://blog.csdn.net/IndexMan/article/details/128658805
方案二:彻底解决,一劳永逸
新增工具类
import javax.net.ssl.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* java security信任SSL证书工具类
*/
public class SslUtils {
private static void trustAllHttpsCertificates() throws Exception {
TrustManager[] trustAllCerts = new TrustManager[1];
TrustManager tm = new miTM();
trustAllCerts[0] = tm;
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
static class miTM implements TrustManager,X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isServerTrusted(X509Certificate[] certs) {
return true;
}
public boolean isClientTrusted(X509Certificate[] certs) {
return true;
}
public void checkServerTrusted(X509Certificate[] certs, String authType)
throws CertificateException {
return;
}
public void checkClientTrusted(X509Certificate[] certs, String authType)
throws CertificateException {
return;
}
}
/**
* 忽略HTTPS请求的SSL证书
*/
public static void ignoreSsl() throws Exception{
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
System.out.println("已忽略HTTPS请求的SSL证书!");
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
}
在启动类中调用工具类
@SpringBootApplication
public class WebApplication {
public static void main(String[] args) {
SpringApplication.run(WebApplication .class, args);
}
// 调用工具类中的方法
@PostConstruct
public void run() throws Exception{
SslUtils.ignoreSsl();
}
}
