如何忽略PKIXpath构build失败:sun.security.provider.certpath.SunCertPathBuilderException?
尝试发送请求到http服务器时出现以下exception:
这是我使用的代码
URL url = new URL( "https://www.abc.com"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("GET"); conn.setDoOutput(true); DataOutputStream wr = new DataOutputStream(conn.getOutputStream()); // wr.writeBytes(params); wr.flush(); wr.close(); BufferedReader br = new BufferedReader(new InputStreamReader( conn.getInputStream())); String line = null; while ((line = br.readLine()) != null) { System.out.println(line); } 这是一个例外:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) at com.amazon.mzang.tools.httpchecker.CategoryYank.getPV(CategoryYank.java:32) at com.amazon.mzang.tools.httpchecker.CategoryYank.main(CategoryYank.java:18) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185) ... 13 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ... 19 more
服务器不属于我。 有没有办法忽略这个exception?
如果你想一起忽略这个证书,那么看看这里的答案: 忽略使用Jersey Client的自签名SSL证书
尽pipe这会使您的应用容易受到中间人攻击。
或者,尝试添加证书到您的Java商店作为一个可信的证书。 这个网站可能会有所帮助。 http://blog.icodejava.com/tag/get-public-key-of-ssl-certificate-in-java/
这是另一个线程,显示如何将证书添加到您的商店。 Java SSL连接,以编程方式将服务器证书添加到密钥库
关键是:
KeyStore.Entry newEntry = new KeyStore.TrustedCertificateEntry(someCert); ks.setEntry("someAlias", newEntry, null);
我已经使用下面的代码覆盖我的项目中的SSL检查,它为我工作。
package com.beingjavaguys.testftp; import java.io.InputStreamReader; import java.io.Reader; import java.net.URL; import java.net.URLConnection; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; /** * Fix for Exception in thread "main" javax.net.ssl.SSLHandshakeException: * sun.security.validator.ValidatorException: PKIX path building failed: * sun.security.provider.certpath.SunCertPathBuilderException: unable to find * valid certification path to requested target */ public class ConnectToHttpsUrl { public static void main(String[] args) throws Exception { /* Start of Fix */ TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); /* End of the fix*/ URL url = new URL("https://nameofthesecuredurl.com"); URLConnection con = url.openConnection(); Reader reader = new InputStreamReader(con.getInputStream()); while (true) { int ch = reader.read(); if (ch == -1) break; System.out.print((char) ch); } } }
将JSoup命令的validateTLSCertificates属性设置为false 。
Jsoup.connect("https://google.com/").validateTLSCertificates(false).get();
FWIW,在Ubuntu 10.04.2上LTS安装ca-certificates-java和ca-certificates包为我解决了这个问题。
执行下面的spring-boot + RestAssured简单testing时,我得到了同样的错误。
import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import static com.jayway.restassured.RestAssured.when; import static org.apache.http.HttpStatus.SC_OK; @RunWith(SpringJUnit4ClassRunner.class) public class GeneratorTest { @Test public void generatorEndPoint() { when().get("https://bal-bla-bla-bla.com/generators") .then().statusCode(SC_OK); } }
在我的情况下简单的修复是添加'useRelaxedHTTPSValidations()'
RestAssured.useRelaxedHTTPSValidation();
然后testing看起来像
import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import static com.jayway.restassured.RestAssured.when; import static org.apache.http.HttpStatus.SC_OK; @RunWith(SpringJUnit4ClassRunner.class) public class GeneratorTest { @Before public void setUp() { RestAssured.useRelaxedHTTPSValidation(); } @Test public void generatorEndPoint() { when().get("https://bal-bla-bla-bla.com/generators") .then().statusCode(SC_OK); } }
