sun.security.validator.ValidatorException:PKIXは、パスの構築に失敗しました:sun.security.provider.certpath.SunCertPathBuilderException:要求されたターゲットへの有効な証明書パス見つけることができません
错误代码如上を。
ソリューション
を実行し、以下のカテゴリー
public class InstallCert {
public static void main(String[] args) throws Exception {
String host;
int port;
char[] passphrase;
//写微信支付接口
String[] h={"api.mch.weixin.qq.com"};
if ((h.length == 1) || (h.length == 2)) {
String[] c = h[0].split(":");
host = c[0];
port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
String p = (h.length == 1) ? "changeit" : h[1];
passphrase = p.toCharArray();
} else {
System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
return;
}
File file = new File("jssecacerts");
if (file.isFile() == false) {
char SEP = File.separatorChar;
File dir = new File(System.getProperty("java.home") + SEP
+ "lib" + SEP + "security");
file = new File(dir, "jssecacerts");
if (file.isFile() == false) {
file = new File(dir, "cacerts");
}
}
System.out.println("Loading KeyStore " + file + "...");
InputStream in = new FileInputStream(file);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
in.close();
SSLContext context = SSLContext.getInstance("TLS");
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] {tm}, null);
SSLSocketFactory factory = context.getSocketFactory();
System.out.println("Opening connection to " + host + ":" + port + "...");
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
socket.setSoTimeout(10000);
try {
System.out.println("Starting SSL handshake...");
socket.startHandshake();
socket.close();
System.out.println();
System.out.println("No errors, certificate is already trusted");
} catch (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
}
X509Certificate[] chain = tm.chain;
if (chain == null) {
System.out.println("Could not obtain server certificate chain");
return;
}
BufferedReader reader =
new BufferedReader(new InputStreamReader(System.in));
System.out.println();
System.out.println("Server sent " + chain.length + " certificate(s):");
System.out.println();
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
MessageDigest md5 = MessageDigest.getInstance("MD5");
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
System.out.println
(" " + (i + 1) + " Subject " + cert.getSubjectDN());
System.out.println(" Issuer " + cert.getIssuerDN());
sha1.update(cert.getEncoded());
System.out.println(" sha1 " + toHexString(sha1.digest()));
md5.update(cert.getEncoded());
System.out.println(" md5 " + toHexString(md5.digest()));
System.out.println();
}
System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
String line = reader.readLine().trim();
int k;
try {
k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
} catch (NumberFormatException e) {
System.out.println("KeyStore not changed");
return;
}
X509Certificate cert = chain[k];
String alias = host + "-" + (k + 1);
ks.setCertificateEntry(alias, cert);
OutputStream out = new FileOutputStream("jssecacerts");
ks.store(out, passphrase);
out.close();
System.out.println();
System.out.println(cert);
System.out.println();
System.out.println
("Added certificate to keystore 'jssecacerts' using alias '"
+ alias + "'");
}
private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
private static String toHexString(byte[] bytes) {
StringBuilder sb = new StringBuilder(bytes.length * 3);
for (int b : bytes) {
b &= 0xff;
sb.append(HEXDIGITS[b >> 4]);
sb.append(HEXDIGITS[b & 15]);
sb.append(' ');
}
return sb.toString();
}
private static class SavingTrustManager implements X509TrustManager {
private final X509TrustManager tm;
private X509Certificate[] chain;
SavingTrustManager(X509TrustManager tm) {
this.tm = tm;
}
public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException();
}
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
throw new UnsupportedOperationException();
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
this.chain = chain;
tm.checkServerTrusted(chain, authType);
}
}
}
D:\Develop\jdk8\bin\java.exe "-javaagent:D:\Develop\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar=51261:D:\Develop\IntelliJ IDEA 2019.1.3\bin" -Dfile.encoding=UTF-8 -classpath D:\Develop\jdk8\jre\lib\charsets.jar;D:\Develop\jdk8\jre\lib\deploy.jar;D:\Develop\jdk8\jre\lib\ext\access-bridge-64.jar;D:\Develop\jdk8\jre\lib\ext\cldrdata.jar;D:\Develop\jdk8\jre\lib\ext\dnsns.jar;D:\Develop\jdk8\jre\lib\ext\jaccess.jar;D:\Develop\jdk8\jre\lib\ext\jfxrt.jar;D:\Develop\jdk8\jre\lib\ext\localedata.jar;D:\Develop\jdk8\jre\lib\ext\nashorn.jar;D:\Develop\jdk8\jre\lib\ext\sunec.jar;D:\Develop\jdk8\jre\lib\ext\sunjce_provider.jar;D:\Develop\jdk8\jre\lib\ext\sunmscapi.jar;D:\Develop\jdk8\jre\lib\ext\sunpkcs11.jar;D:\Develop\jdk8\jre\lib\ext\zipfs.jar;D:\Develop\jdk8\jre\lib\javaws.jar;D:\Develop\jdk8\jre\lib\jce.jar;D:\Develop\jdk8\jre\lib\jfr.jar;D:\Develop\jdk8\jre\lib\jfxswt.jar;D:\Develop\jdk8\jre\lib\jsse.jar;D:\Develop\jdk8\jre\lib\management-agent.jar;D:\Develop\jdk8\jre\lib\plugin.jar;D:\Develop\jdk8\jre\lib\resources.jar;D:\Develop\jdk8\jre\lib\rt.jar;D:\IDEA_Project\leyou\ly-pojo\ly-order-pojo\target\classes;D:\Develop\webserver\maven_repository\tk\mybatis\mapper-core\1.1.5\mapper-core-1.1.5.jar;D:\Develop\webserver\maven_repository\javax\persistence\persistence-api\1.0\persistence-api-1.0.jar;D:\Develop\webserver\maven_repository\com\fasterxml\jackson\core\jackson-databind\2.9.8\jackson-databind-2.9.8.jar;D:\Develop\webserver\maven_repository\com\fasterxml\jackson\core\jackson-annotations\2.9.0\jackson-annotations-2.9.0.jar;D:\Develop\webserver\maven_repository\com\fasterxml\jackson\core\jackson-core\2.9.8\jackson-core-2.9.8.jar;D:\Develop\webserver\maven_repository\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar;D:\Develop\webserver\maven_repository\org\projectlombok\lombok\1.18.6\lombok-1.18.6.jar com.leyou.order.dto.InstallCert
Loading KeyStore D:\Develop\jdk8\jre\lib\security\cacerts...
Opening connection to api.mch.weixin.qq.com:443...
Starting SSL handshake...
javax.net.ssl.SSLException: java.lang.UnsupportedOperationException
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1903)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1886)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1402)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at com.leyou.order.dto.InstallCert.main(InstallCert.java:58)
Caused by: java.lang.UnsupportedOperationException
at com.leyou.order.dto.InstallCert$SavingTrustManager.getAcceptedIssuers(InstallCert.java:142)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1204)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1150)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1092)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
... 2 more
Server sent 3 certificate(s):
1 Subject CN=payapp.weixin.qq.com, OU=R&D, O=Shenzhen Tencent Computer Systems Company Limited, L=Shenzhen, ST=Guangdong, C=CN
Issuer CN=Secure Site CA G2, OU=www.digicert.com, O=DigiCert Inc, C=US
sha1 7e 63 97 43 73 22 6e f3 16 e9 50 87 df cb 48 82 c2 c0 01 c0
md5 60 a0 3e 96 f3 c1 cf 4a 13 f3 a0 f7 73 6d f4 f8
2 Subject CN=Secure Site CA G2, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
sha1 8d 88 8b 3c ae 20 c7 4f 4c e1 b3 0b f5 1e e3 6e ab 56 2c de
md5 60 90 14 30 38 22 99 f7 e3 72 9f 64 91 ea 3f a4
3 Subject CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
sha1 fb 20 fa 8a 6a 93 b3 75 f0 54 81 4f 9e 00 27 3e a5 1a 61 38
md5 44 aa 16 4a e8 fb 6b 59 01 d0 c6 ba 62 e5 48 27
Enter certificate to add to trusted keystore or 'q' to quit: [1]
キャリッジリターンを入力します。
他の問題は、単にインターフェイスアドレスのクラスアドレスを変更するためのインタフェースを調整します
