PKIX 路径构建失败:SunCertPathBuilderException:无法找到请求的有效证书路径
[英]PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested
问题描述
I'm using eclipse and while trying to execute this function I'm getting below error.
我正在使用 eclipse 并在尝试执行此 function 时遇到错误。
I want to send a GET request along with certificate and key.我想连同证书和密钥一起发送一个 GET 请求。 I can download certificate in any format so that's not an issue.我可以下载任何格式的证书,所以这不是问题。 I know I need to add this to java keystone but after trying various suggestion I'm still not able to fix this.我知道我需要将此添加到 java 基石,但在尝试了各种建议后我仍然无法解决这个问题。
public String sendGET(String GET_URL, String authStringEnc) throws IOException {
try {
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream("src/com/resources/ece-cyberark-cert.jks");
ks.load(fis, "5<@7wBj[Ht()~GRf".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "5<@7wBj[Ht()~GRf".toCharArray());
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), null, null);
URL obj = new URL(GET_URL);
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
if (con instanceof HttpsURLConnection) {
((HttpsURLConnection)con)
.setSSLSocketFactory(sc.getSocketFactory());
}
con.setRequestMethod("GET");
con.setRequestProperty("User-Agent", USER_AGENT);
con.setRequestProperty("Authorization", "Basic " + authStringEnc);
con.setRequestProperty("Content-Type", "application/json");
int responseCode = con.getResponseCode();
System.out.println("GET Response Code :: " + responseCode + " :: " + GET_URL);
if (responseCode == HttpURLConnection.HTTP_OK) { // success
BufferedReader in = new BufferedReader(new InputStreamReader(
con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
con.disconnect();
// print result
return response.toString();
} else {
// return failed requests response code
return "GET request not worked :: GET Response Code :: " + responseCode + " :: + GET_URL";
}
} catch (Exception e) {
e.printStackTrace();
return "Exceptionn";
}
}
Below is the error -以下是错误 -
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
1 个解决方案
解决方案1
0 2021-04-16 22:14:54
Key managers are used to authenticate you, the HTTP client, to the HTTP server.密钥管理器用于向 HTTP 客户端向 HTTP 服务器验证您的身份。 But first, the trust managers are used to authenticate the server.但首先,信任管理器用于对服务器进行身份验证。 If the server's certificate isn't trusted under the runtime's default "trust anchors", you'll need to provide the correct root certificate explicitly.如果服务器的证书在运行时的默认“信任锚”下不受信任,则需要明确提供正确的根证书。
KeyStore trusted = ...; /* Initialize a trust store containing the non-standard CA. */
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(trusted);
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
...
If you don't intend to use TLS client authentication, you should remove all of the KeyManager related initialization.如果您不打算使用 TLS 客户端身份验证,则应删除所有与KeyManager相关的初始化。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.