weblogic SSL證書錯誤 FATAL Alert:BAD_CERTIFICATE
阿新 • • 發佈:2019-01-02
最近專案需求需要獲取Cyberark密碼需要通過https協議獲取,將程式碼寫完之後,weblogic提示如下錯誤: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificat.
隨後在網上查閱相關資料,修改Weblogic配置檔案setDomainEnv.cmd,增加一段程式碼: -DUseSunHttpHandler=true。本地環境正常啟動,部署到測試環境,啟動報錯,同一個錯誤。原因是部署環境的setDomainEnv.cmd沒有設定UseSunHttpHandler為true。聯絡部署同事,告知不能隨意修改部署環境上Weblogic檔案。
繼續百度。,嘗試之,修改程式碼解決之。需要將呼叫的httpUrlConnction信任所有證書。程式碼如下:
private static String getPasswordByHttps(String object) { if (object == null) { logger.info("object is required..."); return null; } try { Map<String, Object> param = new HashMap<String, Object>(); param.put(SecurityConstants.APP_ID, PptPropsUtils .getValueFromProperties(SecurityConstants.APPID)); param.put(SecurityConstants.SAFE, PptPropsUtils .getValueFromProperties(SecurityConstants.SAFE)); param.put(SecurityConstants.FOLDER, PptPropsUtils .getValueFromProperties(SecurityConstants.FOLDER)); param.put(SecurityConstants.OBJECT, object); param.put(SecurityConstants.REASON, "get password"); // Reason可隨意 java.net.URL postURL = new java.net.URL( null, PptPropsUtils .getValueFromProperties(SecurityConstants.PIDMS_CCP_URL), new sun.net.www.protocol.https.Handler()); HttpURLConnection connection = (HttpURLConnection) postURL .openConnection(); trustAllCertificates(connection); // 信任所有證書 connection.setDoOutput(true); connection.setDoInput(true); connection.setRequestMethod("POST"); connection.setUseCaches(false); connection.setRequestProperty("Content-Type", "application/json"); connection.connect(); DataOutputStream out = new DataOutputStream( connection.getOutputStream()); out.writeBytes(JSONObject.toJSONString(param)); out.flush(); out.close(); BufferedReader reader = new BufferedReader(new InputStreamReader( connection.getInputStream(), "utf-8")); StringBuilder sb2 = new StringBuilder(); for (String line = reader.readLine(); line != null; line = reader .readLine()) { sb2.append(line); } Map<String, Object> result = (Map<String, Object>) JSONObject .parse(sb2.toString()); // 成功獲取密碼 if (result != null && "200".equals(result.get("code"))) { String password = SecurityUtil .decrypt( (String) result.get(SecurityConstants.PASSWORD),'1111') return password; } else return null; } catch (Exception e) { logger.error("異常為: " + e); return null; } } // 信任所有證書 private static void trustAllCertificates(HttpURLConnection con) throws NoSuchAlgorithmException, KeyManagementException { ((HttpsURLConnection) con).setHostnameVerifier(new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }); // Ignore Certification TrustManager ignoreCertificationTrustManger = new X509TrustManager() { public void checkClientTrusted(X509Certificate certificates[], String authType) throws CertificateException { } public void checkServerTrusted(X509Certificate[] ax509certificate, String s) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return null; } }; // Prepare SSL Context TrustManager[] tm = { ignoreCertificationTrustManger }; SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, tm, new java.security.SecureRandom()); // 從上述SSLContext物件中得到SSLSocketFactory物件 SSLSocketFactory ssf = sslContext.getSocketFactory(); ((HttpsURLConnection) con).setSSLSocketFactory(ssf); }