最近项目需求需要获取Cyberark密码需要通过https协议获取,将代码写完之后,weblogic提示如下错误: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificat.
随后在网上查阅相关资料,修改Weblogic配置文件setDomainEnv.cmd,增加一段代码: -DUseSunHttpHandler=true。本地环境正常启动,部署到测试环境,启动报错,同一个错误。原因是部署环境的setDomainEnv.cmd没有设置UseSunHttpHandler为true。联系部署同事,告知不能随意修改部署环境上Weblogic文件。
继续百度。,尝试之,修改代码解决之。需要将调用的httpUrlConnction信任所有证书。代码如下:
private static String getPasswordByHttps(String object) {
if (object == null) {
logger.info("object is required...");
return null;
}
try {
Map param = new HashMap();
param.put(SecurityConstants.APP_ID, PptPropsUtils
.getValueFromProperties(SecurityConstants.APPID));
param.put(SecurityConstants.SAFE, PptPropsUtils
.getValueFromProperties(SecurityConstants.SAFE));
param.put(SecurityConstants.FOLDER, PptPropsUtils
.getValueFromProperties(SecurityConstants.FOLDER));
param.put(SecurityConstants.OBJECT, object);
param.put(SecurityConstants.REASON,
"get password"); // Reason可随意
java.net.URL postURL = new java.net.URL(
null,
PptPropsUtils
.getValueFromProperties(SecurityConstants.PIDMS_CCP_URL),
new sun.net.www.protocol.https.Handler());
HttpURLConnection connection = (HttpURLConnection) postURL
.openConnection();
trustAllCertificates(connection); // 信任所有证书
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setRequestMethod("POST");
connection.setUseCaches(false);
connection.setRequestProperty("Content-Type", "application/json");
connection.connect();
DataOutputStream out = new DataOutputStream(
connection.getOutputStream());
out.writeBytes(JSONObject.toJSONString(param));
out.flush();
out.close();
BufferedReader reader = new BufferedReader(new InputStreamReader(
connection.getInputStream(), "utf-8"));
StringBuilder sb2 = new StringBuilder();
for (String line = reader.readLine(); line != null; line = reader
.readLine()) {
sb2.append(line);
}
Map result = (Map) JSONObject
.parse(sb2.toString());
// 成功获取密码
if (result != null && "200".equals(result.get("code"))) {
String password = SecurityUtil
.decrypt(
(String) result.get(SecurityConstants.PASSWORD),'1111')
return password;
} else
return null;
} catch (Exception e) {
logger.error("异常为: " + e);
return null;
}
}
// 信任所有证书
private static void trustAllCertificates(HttpURLConnection con)
throws NoSuchAlgorithmException, KeyManagementException {
((HttpsURLConnection) con).setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
// Ignore Certification
TrustManager ignoreCertificationTrustManger = new X509TrustManager() {
public void checkClientTrusted(X509Certificate certificates[],
String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] ax509certificate,
String s) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
// Prepare SSL Context
TrustManager[] tm = { ignoreCertificationTrustManger };
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, tm, new java.security.SecureRandom());
// 从上述SSLContext对象中得到SSLSocketFactory对象
SSLSocketFactory ssf = sslContext.getSocketFactory();
((HttpsURLConnection) con).setSSLSocketFactory(ssf);
}