[Java] javax.net.ssl.SSLHandshakeException

네이버 API를 호출 시 집에서는 아무런 이상없이 호출되던 녀석이 회사에서는 인증서 문제로 API 접근이 실패하였다.

 

에러 메세지

java.lang.RuntimeException: API 요청과 응답 실패
	at search.NaverSearch.search(NaverSearch.java:44)
	at search.Main.main(Main.java:35)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alert.createSSLException(Unknown Source)
	at sun.security.ssl.TransportContext.fatal(Unknown Source)
	at sun.security.ssl.TransportContext.fatal(Unknown Source)
	at sun.security.ssl.TransportContext.fatal(Unknown Source)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
	at sun.security.ssl.SSLHandshake.consume(Unknown Source)
	at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
	at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
	at sun.security.ssl.TransportContext.dispatch(Unknown Source)
	at sun.security.ssl.SSLTransport.decode(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
	at java.net.HttpURLConnection.getResponseCode(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
	at search.NaverSearch.search(NaverSearch.java:35)
	... 1 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
	at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
	at sun.security.validator.Validator.validate(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
	... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
	at java.security.cert.CertPathBuilder.build(Unknown Source)
	... 26 more

 

원인은 HTTPS를 호출할 때 SSL을 사용하는데 인증서 문제로 보이지만, 인증서를 갱신해도 위와 같은 에러는 계속 발생하였다.

 

SSL 회피

public void sslTrustAllCerts(){ 
	TrustManager[] trustAllCerts = new TrustManager[] { 
		new X509TrustManager() { 
			public X509Certificate[] getAcceptedIssuers() { 
				return null; 
			} 
			public void checkClientTrusted(X509Certificate[] certs, String authType) { } 
			public void checkServerTrusted(X509Certificate[] certs, String authType) { }
		} 
	}; 

	SSLContext sc;

	try { 
		sc = SSLContext.getInstance("SSL"); 
		sc.init(null, trustAllCerts, new SecureRandom()); 
		HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); 
	} catch(Exception e) {
		e.printStackTrace();
	}
}

 

위와 같이 회피코드를 넣고, Naver API를 호출하기 직전에 해당 메소드를 호출하니 정상적으로 작동하였다. import를 어떤 것을 해야 할지 헷갈려 하는 분들은 아래 import를 참고하면 된다.

 

import java.security.SecureRandom;
import java.security.cert.X509Certificate;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;