1

我收到了一个 .p12 证书,我需要使用 Web 服务。如果我在浏览器中导入证书,我可以访问该服务,但如果我尝试执行 POST 请求,我会收到以下错误:

Caused by: java.security.cert.CertPathValidatorException: critical policy qualifiers present in certificate
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)
... 24 more

这是我的代码:

KeyStore clientStore = KeyStore.getInstance("PKCS12");
    clientStore.load(new FileInputStream("client.p12"), "password".toCharArray());

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(clientStore, "password".toCharArray());
    KeyManager[] kms = kmf.getKeyManagers();

    KeyStore trustStore = KeyStore.getInstance("JKS");
    trustStore.load(new FileInputStream("client.keystore"), "password".toCharArray());

    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(trustStore);
    TrustManager[] tms = tmf.getTrustManagers();

    SSLContext sslContext = null;
    sslContext = SSLContext.getInstance("TLS");
    sslContext.init(kms, tms, new SecureRandom());

    HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
    URL url = new URL("https://cistest.apis-it.hr:8446/g2bservis");

    HttpsURLConnection con = (HttpsURLConnection) url.openConnection();

    String query = "<SendDocument></SendDocument>";
    con.setRequestMethod("POST");

    con.setRequestProperty("Content-Type","text");
    con.setDoOutput(true);
    con.setDoInput(true);

    DataOutputStream output = new DataOutputStream(con.getOutputStream());

    output.writeBytes(query);

    output.close();

    DataInputStream input = new DataInputStream( con.getInputStream() );

    for( int c = input.read(); c != -1; c = input.read() )
        System.out.print( (char)c );
    input.close();

    System.out.println("Resp Code:"+con .getResponseCode());
    System.out.println("Resp Message:"+ con .getResponseMessage());

异常发生在con.getOutputStream()

4

1 回答 1

0

我通过从 chrome 导出服务器的证书并使用它而不是我为页面拥有的默认根证书解决了这个问题。我注意到证书可能是问题所在,当我能够在 chrome 中打开页面但不能在 Firefox 中打开页面时。

于 2013-06-06T09:06:56.550 回答