Code
2023-05-19 07:00:09

“PKIX路径构建失败”和“无法找到请求目标的有效认证路径”

我试图使用twitter4j库为我的java项目获得推文,它在封面下使用java.net.HttpURLConnection(可以在堆栈跟踪中看到)。在我第一次运行时,我得到了一个关于证书sun.security.validator.ValidatorException和sun.security.provider.certpath.SunCertPathBuilderException的错误。然后我添加了twitter证书:

C:\Program Files\Java\jdk1.7.0_45\jre\lib\security>keytool -importcert -trustcacerts -file PathToCert -alias ca_alias -keystore "C:\Program Files\Java\jdk1.7.0_45\jre\lib\security\cacerts"

但是没有成功。以下是获取推文的流程:

public static void main(String[] args) throws TwitterException {
    ConfigurationBuilder cb = new ConfigurationBuilder();
    cb.setDebugEnabled(true)
        .setOAuthConsumerKey("myConsumerKey")
        .setOAuthConsumerSecret("myConsumerSecret")
        .setOAuthAccessToken("myAccessToken")
        .setOAuthAccessTokenSecret("myAccessTokenSecret");
    
    TwitterFactory tf = new TwitterFactory(cb.build());
    Twitter twitter = tf.getInstance();
    
    try {
        Query query = new Query("iphone");
        QueryResult result;
        result = twitter.search(query);
        System.out.println("Total amount of tweets: " + result.getTweets().size());
        List<Status> tweets = result.getTweets();
        
        for (Status tweet : tweets) {
            System.out.println("@" + tweet.getUser().getScreenName() + " : " + tweet.getText());
        }
    } catch (TwitterException te) {
        te.printStackTrace();
        System.out.println("Failed to search tweets: " + te.getMessage());
    }

这里是错误:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Relevant discussions can be found on the Internet at:
    http://www.google.co.jp/search?q=d35baff5 or
    http://www.google.co.jp/search?q=1446302e
TwitterException{exceptionCode=[d35baff5-1446302e 43208640-747fd158 43208640-747fd158 43208640-747fd158], statusCode=-1, message=null, code=-1, retryAfter=-1, rateLimitStatus=null, version=3.0.5}
    at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:177)
    at twitter4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:61)
    at twitter4j.internal.http.HttpClientWrapper.get(HttpClientWrapper.java:81)
    at twitter4j.TwitterImpl.get(TwitterImpl.java:1929)
    at twitter4j.TwitterImpl.search(TwitterImpl.java:306)
    at jku.cc.servlets.TweetsAnalyzer.main(TweetsAnalyzer.java:38)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at java.net.HttpURLConnection.getResponseCode(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
    at twitter4j.internal.http.HttpResponseImpl.<init>(HttpResponseImpl.java:34)
    at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:141)
    ... 5 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 26 more
Failed to search tweets: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

当前回答

错误

A problem occurred configuring root project 'uy-android-pagos'.
> Could not resolve all artifacts for configuration ':classpath'.
   > Could not resolve com.goo  gle.firebase:firebase-crashlytics-gradle:2.1.0.
     Required by:
         project :
      > Could not resolve com.goo  gle.firebase:firebase-crashlytics-gradle:2.1.0.
         > Could not get resource 'https://depdes.artifactory.prod.cloud.ihf/artifactory/itau-oq6-frameworks-maven/com/goo%20%20gle/firebase/firebase-crashlytics-gradle/2.1.0/firebase-crashlytics-gradle-2.1.0.pom'.
            > Could not GET 'https://depdes.artifactory.prod.cloud.ihf/artifactory/itau-oq6-frameworks-maven/com/goo%20%20gle/firebase/firebase-crashlytics-gradle/2.1.0/firebase-crashlytics-gradle-2.1.0.pom'.
               > PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

解决方案

请记住,有许多可能的原因产生这个错误,在我的情况下,我用以下方式修复了它:

用Gradle文件同步项目 检查错误无法解决com。咕gle.firebase: firebase-crashlytics-gradle:魅惑。 结构变化。Gradle (:project) from comGoo gle.firebase:firebase-crashlytic -gradle:2.1.0 to com.google.firebase:firebase-crashlytic -gradle:2.1.0(注意空格)

依赖类路径中的任何错误都会生成这种类型的异常。检查生成问题的提交的gradle。

GL

2022-02-18 20:15:56

其他回答

将JDK版本从旧的jdk1.8.0_90版本更改为最新版本jdk1.8.0_239 如上所述,回答将证书导入keystore 向gradle添加密钥库属性。属性文件在java/react原生android基于项目

systemProp.javax.net.ssl.trustStore=C://Program Files//AdoptOpenJDK//jdk-8.0.282.8-hotspot//jre//lib//security//cacerts systemProp.javax.net.ssl.trustStorePassword=changeit

2022-10-23 18:20:49

解决这个异常的简单步骤,(我在java 11上做的),

First you need to Download the public SSL certificate file of the target domain that you are trying to call,for that Open the target domain website in the chrome (Example: https://amazonservice.domain.com) Click on the small lock icon before the URL in the browser Click View certificates Now Click on Certificate is valid as shown below Now a new Popup will open as shown below, Open the details tab Select the RootCert at the top Click Export and save the .cer file to your system in a directory

现在您有了目标域的公共密钥存储库,您正在尝试在java应用程序中调用该密钥存储库,现在我们需要将该密钥存储库导入您的jre,为此转到$JAVA_HOME/bin目录并运行以下命令

./keytool -importcert -alias someAliasName -keystore {JAVA_HOME}/lib/security/cacerts -file {PathToDownloads}/certificateFileName.cer

它会要求您输入密码,如果您知道,请输入密码,证书的默认密码是changeit

参考文献

https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html

2022-11-28 18:36:17

我偶然发现了这个问题,花了很多时间研究来解决,特别是自动生成的证书,与官方证书不同,它非常棘手,Java不太喜欢它们。

请检查以下链接:用Java解决证书问题

基本上,您必须将服务器上的证书添加到Java Home certs中。

Generate or Get your certificate and configure Tomcat to use it in Servers.xml Download the Java source code of the class InstallCert and execute it while the server is running, providing the following arguments server[:port]. No password is needed, as the original password works for the Java certs ("changeit"). The Program will connect to the server and Java will throw an exception, it will analyze the certificate provided by the server and allow you to create a jssecerts file inside the directory where you executed the Program (If executed from Eclipse then make sure you configure the Work directory in Run -> Configurations). Manually copy that file to $JAVA_HOME/jre/lib/security

遵循这些步骤之后,与证书的连接将不再在Java中生成异常。

下面的源代码很重要,它从(Sun) Oracle博客中消失了,我发现它的唯一页面是在提供的链接上,因此我将它附加在答案中以供参考。

/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
/**
 * Originally from:
 * http://blogs.sun.com/andreas/resource/InstallCert.java
 * Use:
 * java InstallCert hostname
 * Example:
 *% java InstallCert ecc.fedora.redhat.com
 */

import javax.net.ssl.*;
import java.io.*;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * Class used to add the server's certificate to the KeyStore
 * with your trusted certificates.
 */
public class InstallCert {

    public static void main(String[] args) throws Exception {
        String host;
        int port;
        char[] passphrase;
        if ((args.length == 1) || (args.length == 2)) {
            String[] c = args[0].split(":");
            host = c[0];
            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
            String p = (args.length == 1) ? "changeit" : args[1];
            passphrase = p.toCharArray();
        } else {
            System.out.println("Usage: java InstallCert [:port] [passphrase]");
            return;
        }

        File file = new File("jssecacerts");
        if (file.isFile() == false) {
            char SEP = File.separatorChar;
            File dir = new File(System.getProperty("java.home") + SEP
                    + "lib" + SEP + "security");
            file = new File(dir, "jssecacerts");
            if (file.isFile() == false) {
                file = new File(dir, "cacerts");
            }
        }
        System.out.println("Loading KeyStore " + file + "...");
        InputStream in = new FileInputStream(file);
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(in, passphrase);
        in.close();

        SSLContext context = SSLContext.getInstance("TLS");
        TrustManagerFactory tmf =
                TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);
        X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
        context.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory factory = context.getSocketFactory();

        System.out.println("Opening connection to " + host + ":" + port + "...");
        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
        socket.setSoTimeout(10000);
        try {
            System.out.println("Starting SSL handshake...");
            socket.startHandshake();
            socket.close();
            System.out.println();
            System.out.println("No errors, certificate is already trusted");
        } catch (SSLException e) {
            System.out.println();
            e.printStackTrace(System.out);
        }

        X509Certificate[] chain = tm.chain;
        if (chain == null) {
            System.out.println("Could not obtain server certificate chain");
            return;
        }

        BufferedReader reader =
                new BufferedReader(new InputStreamReader(System.in));

        System.out.println();
        System.out.println("Server sent " + chain.length + " certificate(s):");
        System.out.println();
        MessageDigest sha1 = MessageDigest.getInstance("SHA1");
        MessageDigest md5 = MessageDigest.getInstance("MD5");
        for (int i = 0; i < chain.length; i++) {
            X509Certificate cert = chain[i];
            System.out.println
                    (" " + (i + 1) + " Subject " + cert.getSubjectDN());
            System.out.println("   Issuer  " + cert.getIssuerDN());
            sha1.update(cert.getEncoded());
            System.out.println("   sha1    " + toHexString(sha1.digest()));
            md5.update(cert.getEncoded());
            System.out.println("   md5     " + toHexString(md5.digest()));
            System.out.println();
        }

        System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
        String line = reader.readLine().trim();
        int k;
        try {
            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
        } catch (NumberFormatException e) {
            System.out.println("KeyStore not changed");
            return;
        }

        X509Certificate cert = chain[k];
        String alias = host + "-" + (k + 1);
        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");
        ks.store(out, passphrase);
        out.close();

        System.out.println();
        System.out.println(cert);
        System.out.println();
        System.out.println
                ("Added certificate to keystore 'jssecacerts' using alias '"
                        + alias + "'");
    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {
        StringBuilder sb = new StringBuilder(bytes.length * 3);
        for (int b : bytes) {
            b &= 0xff;
            sb.append(HEXDIGITS[b >> 4]);
            sb.append(HEXDIGITS[b & 15]);
            sb.append(' ');
        }
        return sb.toString();
    }

    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager tm) {
            this.tm = tm;
        }

        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }

        public void checkClientTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            throw new UnsupportedOperationException();
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            this.chain = chain;
            tm.checkServerTrusted(chain, authType);
        }
    }
}
2015-05-29 14:52:23

我想为smtp.gmail.com导入证书。对我来说唯一有效的办法就是

输入命令查看该证书 D:\openssl\bin\openssl.exe s_client连接smtp.gmail.com:465 将-----BEGIN CERTIFICATE-----和-----END CERTIFICATE-----之间的行复制并保存到一个文件gmail.cer中 运行 keytool -import -alias smtp.gmail.com -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -file C:\Users\Admin\Desktop\gmail.cer 输入密码:changeit 单击“是”,导入证书 重新启动Java

现在运行命令,就可以开始了。

2017-01-23 04:53:04

我们得到上述错误的原因是,JDK与许多受信任的证书颁发机构(CA)证书捆绑在一个名为“cacerts”的文件中,但该文件没有我们自签名证书的任何提示。换句话说,cacerts文件没有导入我们的自签名证书,因此没有将其视为受信任的实体,因此给出了上述错误。

如何修复上述错误

要修复上述错误,只需将自签名证书导入cacerts文件。

首先,找到cacerts文件。我们需要找到JDK的位置。如果您正在通过Eclipse或IntelliJ Idea等IDE运行应用程序,请进入项目设置并找出JDK的位置。 例如,在Mac操作系统上,cacerts文件的典型位置是这个位置/Library/Java/JavaVirtualMachines/ {{JDK_version}}/Contents/Home/jre/lib/security 在windows的机器上,它将在{{Installation_directory}}/{{JDK_version}}/jre/lib/security下

找到cacerts文件后,现在我们需要将自签名证书导入到这个cacerts文件中。如果您不知道如何正确生成自签名证书,请查看上一篇文章。

如果你没有一个证书文件(.crt),只有一个.jks文件,你可以使用下面的命令生成一个.crt文件。如果你已经有了。crt/。Pem文件,那么你可以忽略下面的命令

##从密钥库生成证书。JKS文件)####

keytool -export -keystore keystore.jks -alias selfsigned -file selfsigned.crt

以上步骤将生成一个名为selfsigned.crt的文件。现在将证书导入cacerts

Now add the certificate to JRE/lib/security/cacerts (trustore) 
keytool -importcert -file selfsigned.crt -alias selfsigned -keystore {{cacerts path}}

对如

keytool -importcert -file selfsigned.nextgen.crt -alias selfsigned.nextgen -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/security/cacerts

这就是全部,重新启动应用程序,它应该可以正常工作。如果它仍然不工作,并获得SSL握手异常。这可能意味着您正在使用不同的域名,然后在证书中注册。

链接有详细的解释和一步一步的解决方案在这里。

2018-10-04 09:44:36

推荐文章

aliyun

最新文章

标签

2025 code 京ICP备15047053号-1