KeychainStore 不向 Mac OS X 上的 Java 提供证书
[英]KeychainStore doesn't provide certificates to Java on Mac OS X
问题描述
While researching a problem related to Jib , I found that java -Djavax.net.ssl.trustStoreType=KeychainStore doesn't provide certificates to my Java process on Mac OS X and it can't validate TLS/SSL for any public website (and my private website with a self-signed certificate too). 
While researching a problem related to Jib , I found that java -Djavax.net.ssl.trustStoreType=KeychainStore doesn't provide certificates to my Java process on Mac OS X and it can't validate TLS/SSL for any public website (and我的私人网站也有自签名证书)。
Here's the example how I tested it:这是我如何测试它的示例:
$ cat <<EOF > A.java
public class A {
public static void main(String[] args) throws Exception {
new java.net.URL("https://google.com/").openStream().close();
}
}
EOF
And here's the result:结果如下:
$ java -Djavax.net.ssl.trustStoreType=KeychainStore A.java
Exception in thread "main" javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1144)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1055)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1587)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1515)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
at java.base/java.net.URL.openStream(URL.java:1140)
at A.main(A.java:3)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1144)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1055)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1587)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1515)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
at java.base/java.net.URL.openStream(URL.java:1140)
at A.main(A.java:3)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at jdk.compiler/com.sun.tools.javac.launcher.Main.execute(Main.java:404)
at jdk.compiler/com.sun.tools.javac.launcher.Main.run(Main.java:179)
at jdk.compiler/com.sun.tools.javac.launcher.Main.main(Main.java:119)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 30 more
Any clue why this doesn't work?任何线索为什么这不起作用? Did I miss something?我错过了什么?
PS. PS。 Some information about my environment (I've tried also Java 11):关于我的环境的一些信息(我也试过 Java 11):
$ echo $JAVA_HOME
/Library/Java/JavaVirtualMachines/adoptopenjdk-14.0.1.jdk/Contents/Home
$ java -version
openjdk version "14.0.1" 2020-04-14
OpenJDK Runtime Environment AdoptOpenJDK (build 14.0.1+7)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 14.0.1+7, mixed mode, sharing)
1 个解决方案
解决方案1
0 2021-10-14 03:30:56
I tested it, in your case, the following command should work: java -Djavax.net.ssl.trustStore=/Library/Java/JavaVirtualMachines/adoptopenjdk-14.0.1.jdk/Contents/Home/lib/security/cacerts A.java我对其进行了测试,在您的情况下,以下命令应该可以工作: java -Djavax.net.ssl.trustStore=/Library/Java/JavaVirtualMachines/adoptopenjdk-14.0.1.jdk/Contents/Home/lib/security/cacerts A.java
And you can edit cacerts files based on your needs.您可以根据需要编辑 cacerts 文件。
For more information, you may check:有关更多信息,您可以查看:
How to set up Java VM to use the root certificates (truststore) handled by Mac OS X 如何设置 Java VM 以使用 Mac OS X 处理的根证书(信任库)
How to use ssl certificates in Java on a Mac 如何在 Mac 上使用 Java 中的 ssl 证书
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
drawLine JAVA不会停留在MAC OS X上 - drawLine JAVA doesn't stay on MAC OS X
Mac OS X Java最初并未绘制 - Mac OS X Java doesn't draw initially
Java应用程序不知道正在打开的文件的名称 - Mac OS X. - Java application doesn't know name of file being opened - Mac OS X
Java mac os x dock应用程序名称设置不起作用? - Java mac os x dock application name setting doesn't work?
Java .jar应用无法在Mac Os X Snow Leopard上启动 - Java .jar app doesn't start on Mac Os X Snow Leopard
(Java) 在 Mac OS X 上的“系统根目录”下以编程方式访问 SSL 证书 - (Java) Programmatically access SSL certificates under “System Roots” on Mac OS X
如何设置 Java VM 以使用由 Mac OS X 处理的根证书(信任库) - How to set up Java VM to use the root certificates (truststore) handled by Mac OS X
JmDNS在Mac OS X上似乎根本不起作用 - JmDNS doesn't seem to work at all on Mac OS X
SWT 在 Mac OS X 上不显示菜单 - Menu doesn't show up with SWT on Mac OS X
在 Java 中创建文件时,如何在 Mac OS X 中提供文件路径? - How do I provide a file path in Mac OS X while creating a file in Java?
相关标签