我有一个SSL安全的休息时间。
在我的Java客户端中,我已将证书添加到cacerts存储中,但是仅当我在javax.net.ssl.trustStore参数中显式设置cacerts文件路径以及在javax.net.ssl.trustStorePassword中设置密码时,该证书才起作用。
java home设置为:
java.home:C:\ ide \ jdk1.7.0_45 \ jre
并且两个参数设置为:
Properties pp = System.getProperties();
Set<Object> s = pp.keySet();
for (Object object : s) {
System.out.println(object + " : " + pp.get(object));
}
System.setProperty("javax.net.ssl.trustStore", "C:\\ide\\jdk1.7.0_45\\jre\\bin\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "secret");
结果:
java.runtime.name : Java(TM) SE Runtime Environment
sun.boot.library.path : C:\ide\jdk1.7.0_45\jre\bin
.....
java.home : C:\ide\jdk1.7.0_45\jre
.... other java parameters value
WS called with success
执行与异常:
Properties pp = System.getProperties();
Set<Object> s = pp.keySet();
for (Object object : s) {
System.out.println(object + " : " + pp.get(object));
}
//System.setProperty("javax.net.ssl.trustStore", "C:\\ide\\jdk1.7.0_45\\jre\\bin\\cacerts");
//System.setProperty("javax.net.ssl.trustStorePassword", "secret");
结果:
java.runtime.name : Java(TM) SE Runtime Environment
sun.boot.library.path : C:\ide\jdk1.7.0_45\jre\bin
.....
java.home : C:\ide\jdk1.7.0_45\jre
.... other java parameters value
Exception in thread "main"
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:182)
at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39)
at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40)
at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45)
at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443)
at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677)
at org.jboss.resteasy.client.ClientRequest.post(ClientRequest.java:566)
... 2 more
最佳答案
我认为问题是我使用了错误的cacerts文件路径。
java中的默认cacerts文件是:
\ jre \ lib \ security \ cacerts