我正在尝试运行一个本地groovy-scipt进行测试,它在prod服务器上运行良好,但在本地服务器上我收到SSL错误,如下所示:
Caught: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java_net_URLConnection$getOutputStream$1.call(Unknown Source)
at url.processRequest(url.groovy:8)
at url$processRequest.callCurrent(Unknown Source)
at url.run(url.groovy:17)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
... 7 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
... 7 more
我可以做什么解决方法来删除本地groovy脚本中的SSL验证?出现错误的行:
def post = new URL("https://abc.deg.com").openConnection();
您可以将连接强制转换为HttpsUrlConnection,并注入一个不安全的信任管理器,该管理器不会验证任何内容。这样,您将删除所有SSL验证。我不建议这样做,因为这是不安全的,但这里是你可以使用的片段:
UnsafeTrustManager
import javax.net.ssl.HttpsURLConnection
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLEngine
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.TrustManager
import javax.net.ssl.X509ExtendedTrustManager
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
class UnsafeTrustManager extends X509ExtendedTrustManager {
@Override
void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {}
@Override
void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {}
@Override
void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {}
@Override
void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {}
@Override
void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {}
@Override
void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {}
@Override
X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0]
}
}
用法
def sslContext = SSLContext.getInstance("TLS")
sslContext.init(null, new TrustManager[]{new UnsafeTrustManager()}, null)
def sslSocketFactory = sslContext.getSocketFactory()
def post = (HttpsURLConnection) new URL("https://abc.deg.com").openConnection()
post.setSSLSocketFactory(sslSocketFactory)