weblogic SSL证书错误 FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificat

 最近项目需求需要获取Cyberark密码需要通过https协议获取,将代码写完之后,weblogic提示如下错误: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificat.

随后在网上查阅相关资料,修改Weblogic配置文件setDomainEnv.cmd,增加一段代码: -DUseSunHttpHandler=true。本地环境正常启动,部署到测试环境,启动报错,同一个错误。原因是部署环境的setDomainEnv.cmd没有设置UseSunHttpHandler为true。联系部署同事,告知不能随意修改部署环境上Weblogic文件。

继续百度。,尝试之,修改代码解决之。需要将调用的httpUrlConnction信任所有证书。代码如下: 

	private static String getPasswordByHttps(String object) {
		if (object == null) {
			logger.info("object is required...");
			return null;
		}

		try {
			Map param = new HashMap();
			param.put(SecurityConstants.APP_ID, PptPropsUtils
					.getValueFromProperties(SecurityConstants.APPID));
			param.put(SecurityConstants.SAFE, PptPropsUtils
					.getValueFromProperties(SecurityConstants.SAFE));
			param.put(SecurityConstants.FOLDER, PptPropsUtils
					.getValueFromProperties(SecurityConstants.FOLDER));
			param.put(SecurityConstants.OBJECT, object);
			param.put(SecurityConstants.REASON,
					"get password"); // Reason可随意
		
			java.net.URL postURL = new java.net.URL(
					null,
					PptPropsUtils
							.getValueFromProperties(SecurityConstants.PIDMS_CCP_URL),
					new sun.net.www.protocol.https.Handler());

			HttpURLConnection connection = (HttpURLConnection) postURL
					.openConnection();

			trustAllCertificates(connection); // 信任所有证书

			connection.setDoOutput(true);
			connection.setDoInput(true);
			connection.setRequestMethod("POST");
			connection.setUseCaches(false);
			connection.setRequestProperty("Content-Type", "application/json");
			connection.connect();
			DataOutputStream out = new DataOutputStream(
					connection.getOutputStream());
			out.writeBytes(JSONObject.toJSONString(param));
			out.flush();
			out.close();
			BufferedReader reader = new BufferedReader(new InputStreamReader(
					connection.getInputStream(), "utf-8"));
			StringBuilder sb2 = new StringBuilder();
			for (String line = reader.readLine(); line != null; line = reader
					.readLine()) {
				sb2.append(line);
			}
			Map result = (Map) JSONObject
					.parse(sb2.toString());
			
			// 成功获取密码
			if (result != null && "200".equals(result.get("code"))) {
				String password = SecurityUtil
						.decrypt(
								(String) result.get(SecurityConstants.PASSWORD),'1111')
								
				
				return password;
			} else
				return null;
		} catch (Exception e) {
			logger.error("异常为: " + e);
			return null;
		}
	}

	// 信任所有证书
	private static void trustAllCertificates(HttpURLConnection con)
			throws NoSuchAlgorithmException, KeyManagementException {

		((HttpsURLConnection) con).setHostnameVerifier(new HostnameVerifier() {
			public boolean verify(String hostname, SSLSession session) {
				return true;
			}
		});
		// Ignore Certification
		TrustManager ignoreCertificationTrustManger = new X509TrustManager() {

			public void checkClientTrusted(X509Certificate certificates[],
					String authType) throws CertificateException {

			}

			public void checkServerTrusted(X509Certificate[] ax509certificate,
					String s) throws CertificateException {

			}

			public X509Certificate[] getAcceptedIssuers() {
				return null;
			}

		};
		// Prepare SSL Context
		TrustManager[] tm = { ignoreCertificationTrustManger };
		SSLContext sslContext = SSLContext.getInstance("SSL");
		sslContext.init(null, tm, new java.security.SecureRandom());

		// 从上述SSLContext对象中得到SSLSocketFactory对象
		SSLSocketFactory ssf = sslContext.getSocketFactory();
		((HttpsURLConnection) con).setSSLSocketFactory(ssf);

	}




你可能感兴趣的:(JAVA)