求问问题出在哪啊
Caused by: java.lang.IllegalStateException: SSL is enabled but no trust material is configured
求问问题出在哪啊
Caused by: java.lang.IllegalStateException: SSL is enabled but no trust material is configured
下午好🌅🌅🌅
本答案参考ChatGPT-3.5
问题描述:
在使用 SSL 进行网络通信时,出现了 "SSL已启用但未配置信任材料" 的异常信息。
问题原因:
该异常是由于启用了 SSL 但没有配置信任材料(即证书)导致的。
解决方案:
可以采用以下方式之一为 SSLContext 设置信任材料:
// 创建 SSLContext
SSLContext sslContext = SSLContext.getInstance("TLS");
// 初始化 SSLContext
sslContext.init(null, null, null);
// 设置 HttpsURLConnection 的默认 SSL socket factory
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
// 设置 HttpsURLConnection 的默认 HostnameVerifier
HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);
注:默认情况下,Java 会使用一个默认的信任管理器,该管理器会信任所有的 HTTPS 证书。
如果需要指定信任的证书或者不信任某个证书,可以自定义一个 X509TrustManager:
public class MyX509TrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
// 检查客户端证书是否可信
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {
// 检查服务器证书是否可信
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
然后在 SSLContext 初始化时,将自定义的 X509TrustManager 添加到 TrustManager[] 数组中:
// 创建 X509TrustManager
X509TrustManager myX509TrustManager = new MyX509TrustManager();
// 创建 TrustManager 数组
TrustManager[] trustManagers = { myX509TrustManager };
// 创建 SSLContext
SSLContext sslContext = SSLContext.getInstance("TLS");
// 初始化 SSLContext
sslContext.init(null, trustManagers, null);
// 设置 HttpsURLConnection 的默认 SSL socket factory
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
// 设置 HttpsURLConnection 的默认 HostnameVerifier
HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);
可以采用以下方式之一将证书添加到默认的信任材料中:
在 JDK 的安装目录下找到 cacerts 文件,使用以下命令将证书添加到 cacerts 文件中:
keytool -import -alias some-alias -file /path/to/your/cert -keystore /path/to/cacerts
默认的 keystore 密码是 changeit。
// 读取证书 file
InputStream is = new FileInputStream("file");
// 创建 X509CertificateFactory
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
// 从 InputStream 中读取证书
X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(is);
// 创建 TrustManager
TrustManager[] trustManagers = { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
// 检查客户端证书是否可信
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {
// 检查服务器证书是否可信
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[] { certificate };
}
}};
// 创建 SSLContext
SSLContext sslContext = SSLContext.getInstance("TLS");
// 初始化 SSLContext
sslContext.init(null, trustManagers, new SecureRandom());
// 设置 HttpsURLConnection 的默认 SSL socket factory
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
// 设置 HttpsURLConnection 的默认 HostnameVerifier
HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);