访问https域名显示证书异常问题和验证
<h3>1、现象</h3><p>调用https接口报如下错误:</p>
<p>sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</p>
<h3>2、原因</h3>
<p> 这是缺少安全证书时出现的异常,解决方案就是将你要访问的 请求地址 的安全认证证书导入到客户端即可。</p>
<h3>3、解决方式</h3>
<p>(1)复制下方代码,保存成InstallCert.java文件</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)">/*</span><span style="color: rgba(0, 128, 0, 1)">
* Copyright 2006 Sun Microsystems, Inc.All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of Sun Microsystems nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED.IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
</span><span style="color: rgba(0, 128, 0, 1)">*/</span>
<span style="color: rgba(0, 0, 255, 1)">import</span> java.io.*<span style="color: rgba(0, 0, 0, 1)">;
</span><span style="color: rgba(0, 0, 255, 1)">import</span><span style="color: rgba(0, 0, 0, 1)"> java.net.URL;
</span><span style="color: rgba(0, 0, 255, 1)">import</span> java.security.*<span style="color: rgba(0, 0, 0, 1)">;
</span><span style="color: rgba(0, 0, 255, 1)">import</span> java.security.cert.*<span style="color: rgba(0, 0, 0, 1)">;
</span><span style="color: rgba(0, 0, 255, 1)">import</span> javax.net.ssl.*<span style="color: rgba(0, 0, 0, 1)">;
</span><span style="color: rgba(0, 0, 255, 1)">public</span> <span style="color: rgba(0, 0, 255, 1)">class</span><span style="color: rgba(0, 0, 0, 1)"> InstallCert {
</span><span style="color: rgba(0, 0, 255, 1)">public</span> <span style="color: rgba(0, 0, 255, 1)">static</span> <span style="color: rgba(0, 0, 255, 1)">void</span> main(String[] args) <span style="color: rgba(0, 0, 255, 1)">throws</span><span style="color: rgba(0, 0, 0, 1)"> Exception {
String host;
</span><span style="color: rgba(0, 0, 255, 1)">int</span><span style="color: rgba(0, 0, 0, 1)"> port;
</span><span style="color: rgba(0, 0, 255, 1)">char</span><span style="color: rgba(0, 0, 0, 1)">[] passphrase;
</span><span style="color: rgba(0, 0, 255, 1)">if</span> ((args.length == 1) || (args.length == 2<span style="color: rgba(0, 0, 0, 1)">)) {
String[] c </span>= args.split(":"<span style="color: rgba(0, 0, 0, 1)">);
host </span>= c;
port </span>= (c.length == 1) ? 443 : Integer.parseInt(c);
String p </span>= (args.length == 1) ? "changeit" : args;
passphrase </span>=<span style="color: rgba(0, 0, 0, 1)"> p.toCharArray();
} </span><span style="color: rgba(0, 0, 255, 1)">else</span><span style="color: rgba(0, 0, 0, 1)"> {
System.out.println(</span>"Usage: java InstallCert <host>[:port] "<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 0, 255, 1)">return</span><span style="color: rgba(0, 0, 0, 1)">;
}
File file </span>= <span style="color: rgba(0, 0, 255, 1)">new</span> File("jssecacerts"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 0, 255, 1)">if</span> (file.isFile() == <span style="color: rgba(0, 0, 255, 1)">false</span><span style="color: rgba(0, 0, 0, 1)">) {
</span><span style="color: rgba(0, 0, 255, 1)">char</span> SEP =<span style="color: rgba(0, 0, 0, 1)"> File.separatorChar;
File dir </span>= <span style="color: rgba(0, 0, 255, 1)">new</span> File(System.getProperty("java.home") +<span style="color: rgba(0, 0, 0, 1)"> SEP
</span>+ "lib" + SEP + "security"<span style="color: rgba(0, 0, 0, 1)">);
file </span>= <span style="color: rgba(0, 0, 255, 1)">new</span> File(dir, "jssecacerts"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 0, 255, 1)">if</span> (file.isFile() == <span style="color: rgba(0, 0, 255, 1)">false</span><span style="color: rgba(0, 0, 0, 1)">) {
file </span>= <span style="color: rgba(0, 0, 255, 1)">new</span> File(dir, "cacerts"<span style="color: rgba(0, 0, 0, 1)">);
}
}
System.out.println(</span>"Loading KeyStore " + file + "..."<span style="color: rgba(0, 0, 0, 1)">);
InputStream in </span>= <span style="color: rgba(0, 0, 255, 1)">new</span><span style="color: rgba(0, 0, 0, 1)"> FileInputStream(file);
KeyStore ks </span>=<span style="color: rgba(0, 0, 0, 1)"> KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
in.close();
SSLContext context </span>= SSLContext.getInstance("TLS"<span style="color: rgba(0, 0, 0, 1)">);
TrustManagerFactory tmf </span>=<span style="color: rgba(0, 0, 0, 1)">
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager </span>= (X509TrustManager)tmf.getTrustManagers();
SavingTrustManager tm </span>= <span style="color: rgba(0, 0, 255, 1)">new</span><span style="color: rgba(0, 0, 0, 1)"> SavingTrustManager(defaultTrustManager);
context.init(</span><span style="color: rgba(0, 0, 255, 1)">null</span>, <span style="color: rgba(0, 0, 255, 1)">new</span> TrustManager[] {tm}, <span style="color: rgba(0, 0, 255, 1)">null</span><span style="color: rgba(0, 0, 0, 1)">);
SSLSocketFactory factory </span>=<span style="color: rgba(0, 0, 0, 1)"> context.getSocketFactory();
System.out.println(</span>"Opening connection to " + host + ":" + port + "..."<span style="color: rgba(0, 0, 0, 1)">);
SSLSocket socket </span>=<span style="color: rgba(0, 0, 0, 1)"> (SSLSocket)factory.createSocket(host, port);
socket.setSoTimeout(</span>10000<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 0, 255, 1)">try</span><span style="color: rgba(0, 0, 0, 1)"> {
System.out.println(</span>"Starting SSL handshake..."<span style="color: rgba(0, 0, 0, 1)">);
socket.startHandshake();
socket.close();
System.out.println();
System.out.println(</span>"No errors, certificate is already trusted"<span style="color: rgba(0, 0, 0, 1)">);
} </span><span style="color: rgba(0, 0, 255, 1)">catch</span><span style="color: rgba(0, 0, 0, 1)"> (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
}
X509Certificate[] chain </span>=<span style="color: rgba(0, 0, 0, 1)"> tm.chain;
</span><span style="color: rgba(0, 0, 255, 1)">if</span> (chain == <span style="color: rgba(0, 0, 255, 1)">null</span><span style="color: rgba(0, 0, 0, 1)">) {
System.out.println(</span>"Could not obtain server certificate chain"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 0, 255, 1)">return</span><span style="color: rgba(0, 0, 0, 1)">;
}
BufferedReader reader </span>=
<span style="color: rgba(0, 0, 255, 1)">new</span> BufferedReader(<span style="color: rgba(0, 0, 255, 1)">new</span><span style="color: rgba(0, 0, 0, 1)"> InputStreamReader(System.in));
System.out.println();
System.out.println(</span>"Server sent " + chain.length + " certificate(s):"<span style="color: rgba(0, 0, 0, 1)">);
System.out.println();
MessageDigest sha1 </span>= MessageDigest.getInstance("SHA1"<span style="color: rgba(0, 0, 0, 1)">);
MessageDigest md5 </span>= MessageDigest.getInstance("MD5"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 0, 255, 1)">for</span> (<span style="color: rgba(0, 0, 255, 1)">int</span> i = 0; i < chain.length; i++<span style="color: rgba(0, 0, 0, 1)">) {
X509Certificate cert </span>=<span style="color: rgba(0, 0, 0, 1)"> chain;
System.out.println
(</span>" " + (i + 1) + " Subject " +<span style="color: rgba(0, 0, 0, 1)"> cert.getSubjectDN());
System.out.println(</span>" Issuer" +<span style="color: rgba(0, 0, 0, 1)"> cert.getIssuerDN());
sha1.update(cert.getEncoded());
System.out.println(</span>" sha1 " +<span style="color: rgba(0, 0, 0, 1)"> toHexString(sha1.digest()));
md5.update(cert.getEncoded());
System.out.println(</span>" md5 " +<span style="color: rgba(0, 0, 0, 1)"> toHexString(md5.digest()));
System.out.println();
}
System.out.println(</span>"Enter certificate to add to trusted keystore or 'q' to quit: "<span style="color: rgba(0, 0, 0, 1)">);
String line </span>=<span style="color: rgba(0, 0, 0, 1)"> reader.readLine().trim();
</span><span style="color: rgba(0, 0, 255, 1)">int</span><span style="color: rgba(0, 0, 0, 1)"> k;
</span><span style="color: rgba(0, 0, 255, 1)">try</span><span style="color: rgba(0, 0, 0, 1)"> {
k </span>= (line.length() == 0) ? 0 : Integer.parseInt(line) - 1<span style="color: rgba(0, 0, 0, 1)">;
} </span><span style="color: rgba(0, 0, 255, 1)">catch</span><span style="color: rgba(0, 0, 0, 1)"> (NumberFormatException e) {
System.out.println(</span>"KeyStore not changed"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 0, 255, 1)">return</span><span style="color: rgba(0, 0, 0, 1)">;
}
X509Certificate cert </span>=<span style="color: rgba(0, 0, 0, 1)"> chain;
String alias </span>= host + "-" + (k + 1<span style="color: rgba(0, 0, 0, 1)">);
ks.setCertificateEntry(alias, cert);
OutputStream out </span>= <span style="color: rgba(0, 0, 255, 1)">new</span> FileOutputStream("jssecacerts"<span style="color: rgba(0, 0, 0, 1)">);
ks.store(out, passphrase);
out.close();
System.out.println();
System.out.println(cert);
System.out.println();
System.out.println
(</span>"Added certificate to keystore 'jssecacerts' using alias '"
+ alias + "'"<span style="color: rgba(0, 0, 0, 1)">);
}
</span><span style="color: rgba(0, 0, 255, 1)">private</span> <span style="color: rgba(0, 0, 255, 1)">static</span> <span style="color: rgba(0, 0, 255, 1)">final</span> <span style="color: rgba(0, 0, 255, 1)">char</span>[] HEXDIGITS = "0123456789abcdef"<span style="color: rgba(0, 0, 0, 1)">.toCharArray();
</span><span style="color: rgba(0, 0, 255, 1)">private</span> <span style="color: rgba(0, 0, 255, 1)">static</span> String toHexString(<span style="color: rgba(0, 0, 255, 1)">byte</span><span style="color: rgba(0, 0, 0, 1)">[] bytes) {
StringBuilder sb </span>= <span style="color: rgba(0, 0, 255, 1)">new</span> StringBuilder(bytes.length * 3<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 0, 255, 1)">for</span> (<span style="color: rgba(0, 0, 255, 1)">int</span><span style="color: rgba(0, 0, 0, 1)"> b : bytes) {
b </span>&= 0xff<span style="color: rgba(0, 0, 0, 1)">;
sb.append(HEXDIGITS);
sb.append(HEXDIGITS);
sb.append(</span>' '<span style="color: rgba(0, 0, 0, 1)">);
}
</span><span style="color: rgba(0, 0, 255, 1)">return</span><span style="color: rgba(0, 0, 0, 1)"> sb.toString();
}
</span><span style="color: rgba(0, 0, 255, 1)">private</span> <span style="color: rgba(0, 0, 255, 1)">static</span> <span style="color: rgba(0, 0, 255, 1)">class</span> SavingTrustManager <span style="color: rgba(0, 0, 255, 1)">implements</span><span style="color: rgba(0, 0, 0, 1)"> X509TrustManager {
</span><span style="color: rgba(0, 0, 255, 1)">private</span> <span style="color: rgba(0, 0, 255, 1)">final</span><span style="color: rgba(0, 0, 0, 1)"> X509TrustManager tm;
</span><span style="color: rgba(0, 0, 255, 1)">private</span><span style="color: rgba(0, 0, 0, 1)"> X509Certificate[] chain;
SavingTrustManager(X509TrustManager tm) {
</span><span style="color: rgba(0, 0, 255, 1)">this</span>.tm =<span style="color: rgba(0, 0, 0, 1)"> tm;
}
</span><span style="color: rgba(0, 0, 255, 1)">public</span><span style="color: rgba(0, 0, 0, 1)"> X509Certificate[] getAcceptedIssuers() {
</span><span style="color: rgba(0, 0, 255, 1)">throw</span> <span style="color: rgba(0, 0, 255, 1)">new</span><span style="color: rgba(0, 0, 0, 1)"> UnsupportedOperationException();
}
</span><span style="color: rgba(0, 0, 255, 1)">public</span> <span style="color: rgba(0, 0, 255, 1)">void</span><span style="color: rgba(0, 0, 0, 1)"> checkClientTrusted(X509Certificate[] chain, String authType)
</span><span style="color: rgba(0, 0, 255, 1)">throws</span><span style="color: rgba(0, 0, 0, 1)"> CertificateException {
</span><span style="color: rgba(0, 0, 255, 1)">throw</span> <span style="color: rgba(0, 0, 255, 1)">new</span><span style="color: rgba(0, 0, 0, 1)"> UnsupportedOperationException();
}
</span><span style="color: rgba(0, 0, 255, 1)">public</span> <span style="color: rgba(0, 0, 255, 1)">void</span><span style="color: rgba(0, 0, 0, 1)"> checkServerTrusted(X509Certificate[] chain, String authType)
</span><span style="color: rgba(0, 0, 255, 1)">throws</span><span style="color: rgba(0, 0, 0, 1)"> CertificateException {
</span><span style="color: rgba(0, 0, 255, 1)">this</span>.chain =<span style="color: rgba(0, 0, 0, 1)"> chain;
tm.checkServerTrusted(chain, authType);
}
}
}</span></pre>
</div>
<p>(2)编译:javac InstallCert.java</p>
<p>(3)执行:java InstallCert 你的https域名,比如:java InstallCert 123.com</p>
<p><img src="https://img2020.cnblogs.com/blog/497947/202105/497947-20210526112651673-1005371879.png"></p>
<p>输入1,然后直接回车,会在相应的目录下产生一个名为‘jssecacerts’的证书。</p>
<p>(4)将证书copy到$JAVA_HOME/jre/lib/security目录下</p>
<h3><span style="font-size: 1.17em">4. 验证证书是否有效</span></h3>
<p>经过多方查阅从这篇文章中找到了可以诊断 Java 环境中是否包含了相应的信任证书。此方式可诊断 HTTPS, IMAPS, LDAPS 等,</p>
<p>下面是链接地址:验证证书是否有效</p>
<p>Ⅰ.点击下载 SSLPoke.class文件。</p>
<p>Ⅱ. 用Java执行.class文件,诊断是否是可信任网站。</p>
<div class="cnblogs_code">
<pre>java SSLPoke xxx(域名) xxx(端口)</pre>
</div>
<p>如果连接成功则会出现如下结果:</p>
<div class="cnblogs_code">
<pre>E:\安装包><span style="color: rgba(0, 0, 0, 1)">java SSLPoke xxx(域名) xxx(端口)
Successfully connected</span></pre>
</div>
<p>而连接失败则会出现如下异常:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:</span>397<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:</span>302<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.validator.Validator.validate(Validator.java:</span>260<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:</span>324<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:</span>229<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:</span>124<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:</span>1596<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:</span>216<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:</span>1052<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:</span>987<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:</span>1072<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:</span>1385<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:</span>757<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:</span>123<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:</span>138<span style="color: rgba(0, 0, 0, 1)">)
at SSLPoke.main(SSLPoke.java:</span>31<span style="color: rgba(0, 0, 0, 1)">)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:</span>141<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:</span>126<span style="color: rgba(0, 0, 0, 1)">)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:</span>280<span style="color: rgba(0, 0, 0, 1)">)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:</span>392<span style="color: rgba(0, 0, 0, 1)">)
... </span>15 more</pre>
</div>
<p> </p>
<pre class="prettyprint"></pre>
<pre class="prettyprint"></pre>
<p> </p><br><br>
来源:https://www.cnblogs.com/hobby0524/p/14812744.html
頁:
[1]