最近又回頭寫Java的程式,遇到的問題是要去呼叫https secure url,結果一直有Exception產生。
Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
網路上的解法不少。但是我試了好幾個還是覺得這篇作者的解法最容易,也較容易理解。
另外這篇也不錯。
给有可能遇到跟我一樣問題的人參考囉!順便我自己也可以把這樣的問題記錄起來,方便自己以後找問題。
我把作者個code整理如下:
package com.xxx.xxx.util;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import com.sun.net.ssl.HostnameVerifier;
import com.sun.net.ssl.HttpsURLConnection;
public class SSlTrustManagerTool {
private SSlTrustManagerTool() {
}
private static org.apache.log4j.Category logger = org.apache.log4j.Category.getInstance(SSlTrustManagerTool.class);
public static void trustHttpsCertificates() throws NoSuchAlgorithmException, KeyManagementException {
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// Create a trust manager that does not validate certificate chains:
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
logger.info("getAcceptedIssuers");
return null;
}
public void checkServerTrusted(X509Certificate[] certs,String authType) throws CertificateException {
logger.info("checkServerTrusted");
return;
}
public void checkClientTrusted(X509Certificate[] certs,String authType) throws CertificateException {
logger.info("checkClientTrusted");
return;
}
} // X509TrustManager
};// TrustManager[]
// Install the all-trusting trust manager:
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, String session) {
logger.info(hostname + " " + session + " is accepted!");
return true; }
}
);
}
}
另外使用的方式如下:
URL url=new
URL(https://www.xxx.xxx);
com.xxx.xxx.util.SSlTrustManagerTool.trustHttpsCertificates();
//parse output data
String res=new String();
StringBuffer StrBuffer = new StringBuffer();
BufferedReader oIn = new BufferedReader(new InputStreamReader(url.openStream()));
這樣就可以達成Connect to https by Java 囉!!
目前分類:Java (2)
- Oct 12 Thu 2006 20:52
Connect to https by Java
- Sep 28 Thu 2006 01:35
Tomcat效能調校
很久之前將Tomcat當作Web Server時,遇到的效能問題、及處理方式。在這個園地提供給需要的人參考囉!!
Linux系統要自動在開機時將Tomcat啟動的方式
vi /etc/rc.d/rc.local 加入
/opt/Jakarta-tomcat-4.1.29/bin/startup.sh
效能調校
修改tomcat/conf/server.xml
放大connection 數目至 500
port=”80” minProcessors=”5” maxProcessors=”500”
enableLookups=”true” redirectPort=”443”
acceptCount=”100” debug=”0” connectionTimeout=”20000”
useURIValidationHack=”false” disableUploadTimeout=”true” />
建議放大Java的可用記憶體配置
在 /opt/Jakarta-tomcat-4.1.29/bin/startup.sh 加入以下命令將可用記憶體配置放大至768MB(1G的記憶體)
export JAVA_OPTS=-Xmx768m
重新啟動tomcat
