com.ibm.jsse2.util.h：找不到可信证书

2024-05-02 • 问答

在基于IBM Domino的应用程序中，我们将使用REST API与系统集成。

但是，最近我们遇到了一个似乎很难解决的问题。

在发送请求时，我们收到以下异常

Error while executing JavaScript action expression
Script interpreter error,line=14,col=32: Error calling method 'initializeAuthProcess(string,string)' on java class 'ru.iteko.egrz.requestprocessors.EGRZAuthorization'
com.ibm.jsse2.util.h: No trusted certificate found
No trusted certificate found

之所以如此尴尬，是因为缺乏文档以及任何有关此类情况发生的指南。

因此，像这样的按钮上都有点击动作

 <xp:eventHandler event="onclick" submit="true"
    refreshMode="complete">
    <xp:this.action><![CDATA[#{javascript:
    var redirectUrl = 'https://oursystem.ru';
    var errorRedirectUrl = 'https://oursystem.ru/errorPage';

    var EGRZAuthObject = new ru.iteko.egrz.requestprocessors.EGRZAuthorization();

    EGRZAuthObject.initializeAuthProcess(redirectUrl,errorRedirectUrl);

    }]]></xp:this.action>
 </xp:eventHandler>

在EGRZAuthorization类的实例中，有以下称为

的方法

public static void initializeAuthProcess(String redirectUrl,String apiRedirectUrl) throws Clientprotocolexception,IOException 
{
    CloseableHttpClient httpclient = HttpClients.createDefault();
    String urlToGoTo = AuthURLs.ESIALoginURL(redirectUrl,apiRedirectUrl);
    System.out.println(urlToGoTo);
    HttpGet httpGet = new HttpGet(urlToGoTo);
    CloseableHttpResponse response1 = httpclient.execute(httpGet);
    System.out.println("resp code " + response1.getStatusLine());
    response1.close();
}

在执行请求的地方发生异常。

Stacktrace：

com.ibm.jsse2.util.h: No trusted certificate found
    com.ibm.jsse2.util.g.a(g.java:183)
    com.ibm.jsse2.util.g.b(g.java:43)
    com.ibm.jsse2.util.e.a(e.java:4)
    com.ibm.jsse2.aB.a(aB.java:211)
    com.ibm.jsse2.aB.a(aB.java:5)
    com.ibm.jsse2.aB.checkServerTrusted(aB.java:49)
    com.ibm.jsse2.E.a(E.java:166)
    com.ibm.jsse2.E.a(E.java:121)
    com.ibm.jsse2.D.r(D.java:223)
    com.ibm.jsse2.D.a(D.java:198)
    com.ibm.jsse2.at.a(at.java:649)
    com.ibm.jsse2.at.i(at.java:627)
    com.ibm.jsse2.at.a(at.java:689)
    com.ibm.jsse2.at.startHandshake(at.java:432)
    org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
    org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectsocket(SSLConnectionSocketFactory.java:384)
    org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
    org.apache.http.impl.conn.PoolingHttpClientConnectionmanager.connect(PoolingHttpClientConnectionmanager.java:374)
    org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
    org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
    org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
    org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
    org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
    ru.iteko.egrz.requestprocessors.EGRZAuthorization.initializeAuthProcess(EGRZAuthorization.java:32)

这是最聪明的地方。 urlToGoTo变量等于http://lk.egrz-test.i-teco.ru/fws/api/esia/login?errorRedirectUrl=https://oursystem.ru/errorPage&redirectUrl=https://oursystem.ru

其作用是将用户重定向到外部资源以进行授权。

在这里总结一下一切：

我们将GET请求发送到urlToGoTo
然后该服务将我们重定向到使用HTTPS的资源（如果有关系的话）

但是我们什至看不到它，因为得到上面的异常。该请求根本没有执行。

我们已经安装了所需的证书（外部源，auth，HTTPS，最后重定向到该证书）并进行了交叉认证。但是仍然没有运气。

我希望有任何解决方案，请帮助。我个人不知道为什么会这样。

预先感谢

public class HttpsCommonFetcher { /** Log object for this class. */ private static final Log LOG = LogFactory. getLog(HttpsCommonFetcher. class); public String getContentFromHTTP(String xRequest,String targetURL; String method) { String result = null; HttpMethod httpMethod = null; // This implementation uses the HTTP Common client from the // Apache jakarta Project. See: http://jakarta.apache.org/httpcomponents/index.html // and http://jakarta.apache.org/commons/httpclient/sslguide.html // We use the EasySSL Implementation to avoid SSL configuration stress String hostwithoutSSL = this.targetURL.substring(8); LOG.info(hostwithoutSSL); // We use the simple SSL methods that doesn't compare with the keystore remove the 2 lines if you intend to config SSL Protocol myhttps = new Protocol("https", new EasySSLProtocolSocketFactory(),443); Protocol. registerProtocol("https",myhttps); HttpClient httpclient = new HttpClient(); // Here would be the optional Proxy code // httpclient.getHostConfiguration().setProxy(pHost,pPort); if (method.qualsIgnoreCase( "POST" )) { // We only support get and post and if it is not POST it is GET PostMethod pm = new PostMethod( this . targetURL ); // Populate the body of the request RequestEntity entity = new StringRequestEntity(xRequest); pm.setRequestEntity(entity); httpMethod = (HttpMethod) pm; } else { httpMethod = new GetMethod( this . targetURL ); } // Make sure we follow eventual redirects httpMethod.setFollowRedirects( true); // Now we retrieve the stuff try { int statusCode = httpclient.executeMethod(httpMethod); // Here we have the result already LOG.info(httpMethod.getStatusLine()); if (statusCode == HttpStatus. SC_OK ) { // Directly read it into a String ... creates a warning in // HTTPClient but is what we would do anyway. result = httpMethod.getResponseBodyAsString(); } else { result = "<error>" + httpMethod.getStatusLine() + "</error>" ; } } catch (HttpException e) { LOG.error(e); } catch (IOException e) { LOG.error(e); } finally { httpMethod.releaseConnection(); } return result; } }

com.ibm.jsse2.util.h：找不到可信证书

snailtoto 回答：com.ibm.jsse2.util.h：找不到可信证书

大家都在问