我遇到了一个与我通过SSL沟通的api的问题.我认为异常即将到来,因为SSL证书已过期.问题是我不管理API框.是否可以忽略过期的证书?
例外:
[ERROR,TaacWorkshop] Problem deleting user group from CADA:
org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
at org.apache.thrift.transport.TIOStreamTransport.flush(TIOStreamTransport.java:156)
at company.oss.thrift.cada.CADABackend$Client.send_DeleteUserGroup(CADABackend.java:580)
at company.oss.thrift.cada.CADABackend$Client.DeleteUserGroup(CADABackend.java:568)
at com.cable.company.nse.cada.CadaDao.deleteUserGroup(CadaDao.java:72)
at com.cable.company.nse.taac.business.TaacWorkshop.deleteTaac(TaacWorkshop.java:127)
at com.cable.company.nse.taac.controller.RemoteVendorAccessController.processRequest(RemoteVendorAccessController.java:130)
at com.cable.company.nse.taac.controller.RemoteVendorAccessController$$FastClassByCGLIB$$63639bdf.invoke(<generated>)
at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:692)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:67)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:625)
at com.cable.company.nse.taac.controller.RemoteVendorAccessController$$EnhancerByCGLIB$$bdd8aaad.processRequest(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:592)
at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.doInvokeMethod(HandlerMethodInvoker.java:710)
at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:167)
at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:414)
at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:402)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:771)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:563)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) …我正在尝试建立与HTTPS站点的连接,我得到了这个例外:javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
我原来的代码如下:
URL url = new URL("https://example.com");
HttpsURLConnection urlConnection =
(HttpsURLConnection)url.openConnection();
in = urlConnection.getInputStream();
byte[] responsedata = CommonUtil.readInputStream(in);
Log.w(TAG, "response is "+CommonUtil.convertBytesToHexString(responsedata));
CertificateFactory cf;
try {
cf = CertificateFactory.getInstance("X.509");
InputStream in = this.mContext.getResources().openRawResource(R.raw.cert);
Certificate ca;
ca = cf.generateCertificate(in);
System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
in.close();
URL url = new URL("https://example.com");
HttpsURLConnection urlConnection =
(HttpsURLConnection)url.openConnection();
in = urlConnection.getInputStream();
byte[] responsedata = CommonUtil.readInputStream(in);
Log.w(TAG, "response is "+CommonUtil.convertBytesToHexString(responsedata));
in.close();
关于 …
URL myUrl = new URL("https://www.....");
SSL网站证书已过期.如何避免它并使URL()工作?
我想做的事情很简单 - 我想在从 iOS 和 Android 应用程序连接到服务器时获得完整的证书链。
在 iOS 中,我正在使用NSURLSession和覆盖URLSession:didReceiveChallenge:方法,在该方法中我能够获取证书链,在这种情况下,它看起来像预期的那样:
[leaf certificate] - [intermediate certificate] - [root certificate]
迷人的。
现在我正在尝试在 Android 设备上使用HttpsURLConnection. 连接到服务器后,我正在使用方法获取证书链(或者至少我希望这是它的getServerCertificates()方法)。这将返回我的Certificate[]对象,我在其中获得了如下所示的链:
[leaf certificate] - [intermediate certificate]
因此,Android 设备上没有根证书。
您知道如何从Android中的链中获取根证书吗?
先感谢您。