java的肥皂通过HTTPS连接

Question

我试图连接到HTTPS URL - https://rtpubcommission.api.cj.com/wsdl/version2/realtimeCommissionServiceV2.wsdl

但得到的错误（只列出了错误的链条，没有完整的堆栈跟踪）：

com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed 
Caused by: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed 
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: algorithm check failed: MD2withRSA is disabled 
Caused by: java.security.cert.CertPathValidatorException: algorithm check failed: MD2withRSA is disabled 

这里是我的代码：

private void processCommonRequest(String url, HashMap<String, String> params) throws Exception { 
    URL endpoint = new URL(url); 

    //MessageDigest md = MessageDigest.getInstance("MD5"); 

    //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); 
    //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); 

    // Create SOAP connection 
    SOAPConnectionFactory scf = SOAPConnectionFactory.newInstance(); 
    SOAPConnection connection = scf.createConnection(); 

    // Create a message from the message factory. 
    MessageFactory mf = MessageFactory.newInstance(); 
    SOAPMessage msg = mf.createMessage(); 

    // Get the SOAP Part from the message 
    SOAPPart soapPart = msg.getSOAPPart(); 

    // Get the SOAP Envelope from the SOAP Part 
    SOAPEnvelope envelope = soapPart.getEnvelope(); 
    envelope.addNamespaceDeclaration("SOAP-ENC", "http://schemas.xmlsoap.org/soap/encoding/"); 
    envelope.addNamespaceDeclaration("xsd", "http://www.w3.org/1999/XMLSchema"); 
    envelope.addNamespaceDeclaration("xsi", "http://www.w3.org/1999/XMLSchema-instance-instance"); 
    envelope.addNamespaceDeclaration("tns", "http://api.cj.com"); 
    envelope.setEncodingStyle("http://schemas.xmlsoap.org/soap/encoding/"); 
    // Remove empty header from the Envelope 
    envelope.getHeader().detachNode(); 

    // Create a soap body from the Envelope. 
    SOAPBody body = envelope.getBody(); 
    body.addNamespaceDeclaration("soap-env", "http://schemas.xmlsoap.org/soap/encoding/"); 

    // SOAPBodyElement item = body.addBodyElement(envelope.createName("GeScore")); 
    SOAPBodyElement item = body.addBodyElement(envelope.createName(
      "GeScore", "soap-env", "http://schemas.xmlsoap.org/soap/encoding/")); 

    for (String keyMap : params.keySet()) { 
     addItem(envelope, keyMap, params.get(keyMap), item); 
    } 

    System.out.println("\nContent of the message: \n"); // FIXME 
    msg.writeTo(System.out); 

    // Send the SOAP message and get reply 
    System.err.println("\nSending message to URL: " + endpoint); // XXX 
    SOAPMessage reply = connection.call(msg, endpoint); 

    // ... nevermind what later ... .call function throws error .... 

    connection.close(); 
} 

Answer 1

MD2不再安全，所以Sun禁止将其用于证书路径验证。在安全更新6u17,http://java.sun.com/javase/6/webnotes/6u17.html的发行说明中，声称解决了该漏洞，“6861062：在证书链验证中禁用MD2”。

你可以在旧版本的JRE上运行你的代码（在6u17之前）或者尝试使用最新版本，因为有些报告说它可能工作（https://forums.oracle.com/forums/thread.jspa ？线程ID = 1237743）。

或者，您可以尝试使用自定义TrustManager，但如果安全性对您很重要，则不推荐使用它。