javax.net.ssl.SSLHandshakeException 尝试编译应用程序时
javax.net.ssl.SSLHandshakeException when trying to compile application
我的 java 应用程序一直运行良好,直到我再次尝试编译它并收到此错误:
build.xml:246: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1914)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1477)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:213)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:897)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1033)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.apache.tools.ant.taskdefs.Get$GetThread.openConnection(Get.java:690)
at org.apache.tools.ant.taskdefs.Get$GetThread.openConnection(Get.java:715)
at org.apache.tools.ant.taskdefs.Get$GetThread.get(Get.java:606)
at org.apache.tools.ant.taskdefs.Get$GetThread.run(Get.java:596)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1459)
... 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 20 more
我正在重新编译它,因为我进行了更改,但是一旦出现此错误,我就取消了更改,但仍然如此。
有谁知道可能是什么原因造成的,或者我的服务器上可能突然发生了什么变化?
build.xml:246: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
这意味着在构建期间代码连接到 SSL 服务器,但客户端不信任服务器的证书。这是我们从异常中获得的所有信息。
它没有说任何原因。
通常服务器的证书(或其 CA)不受信任(不在配置的或默认的信任库中)或者服务器的主机名与证书 CN 不对应(我相信你会得到另一个例外,所以我敢打赌信任库)。
调用 Https 时尝试以下绕过认证的解决方案 api
1) 写入HttpsTrustManager.javaclass
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class HttpsTrustManager implements X509TrustManager {
private static TrustManager[] trustManagers;
private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] x509Certificates, String s)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] x509Certificates, String s)
throws java.security.cert.CertificateException {
}
public boolean isClientTrusted(X509Certificate[] chain) {
return true;
}
public boolean isServerTrusted(X509Certificate[] chain) {
return true;
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return _AcceptedIssuers;
}
public static void allowAllSSL() {
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
});
SSLContext context = null;
if (trustManagers == null) {
trustManagers = new TrustManager[]{new HttpsTrustManager()};
}
try {
context = SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
} catch (NoSuchAlgorithmException e) {
//e.printStackTrace();
} catch (KeyManagementException e) {
//e.printStackTrace();
}
HttpsURLConnection.setDefaultSSLSocketFactory(context
.getSocketFactory());
}
}
2) 现在在调用 api 之前调用下面的函数,比如 bwlow
public static void getServerData(final Context cntx) {
myNotificationDb = new Notification_Db(cntx);
RequestQueue queue = Volley.newRequestQueue(cntx);
HttpsTrustManager.allowAllSSL();
JsonObjectRequest jsObjRequest = new JsonObjectRequest(
Request.Method.GET, "Url", null,
new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
// Your response
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
// TODO Auto-generated method stub
}
}) {
@Override
public Map<String, String> getHeaders() throws AuthFailureError {
// Your header parameter if you have otherwise this is optional
return headers;
}
};
queue.add(jsObjRequest);
}
我的 java 应用程序一直运行良好,直到我再次尝试编译它并收到此错误:
build.xml:246: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1914)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1477)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:213)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:897)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1033)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.apache.tools.ant.taskdefs.Get$GetThread.openConnection(Get.java:690)
at org.apache.tools.ant.taskdefs.Get$GetThread.openConnection(Get.java:715)
at org.apache.tools.ant.taskdefs.Get$GetThread.get(Get.java:606)
at org.apache.tools.ant.taskdefs.Get$GetThread.run(Get.java:596)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1459)
... 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 20 more
我正在重新编译它,因为我进行了更改,但是一旦出现此错误,我就取消了更改,但仍然如此。
有谁知道可能是什么原因造成的,或者我的服务器上可能突然发生了什么变化?
build.xml:246: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
这意味着在构建期间代码连接到 SSL 服务器,但客户端不信任服务器的证书。这是我们从异常中获得的所有信息。
它没有说任何原因。
通常服务器的证书(或其 CA)不受信任(不在配置的或默认的信任库中)或者服务器的主机名与证书 CN 不对应(我相信你会得到另一个例外,所以我敢打赌信任库)。
调用 Https 时尝试以下绕过认证的解决方案 api
1) 写入HttpsTrustManager.javaclass
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class HttpsTrustManager implements X509TrustManager {
private static TrustManager[] trustManagers;
private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] x509Certificates, String s)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] x509Certificates, String s)
throws java.security.cert.CertificateException {
}
public boolean isClientTrusted(X509Certificate[] chain) {
return true;
}
public boolean isServerTrusted(X509Certificate[] chain) {
return true;
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return _AcceptedIssuers;
}
public static void allowAllSSL() {
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
});
SSLContext context = null;
if (trustManagers == null) {
trustManagers = new TrustManager[]{new HttpsTrustManager()};
}
try {
context = SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
} catch (NoSuchAlgorithmException e) {
//e.printStackTrace();
} catch (KeyManagementException e) {
//e.printStackTrace();
}
HttpsURLConnection.setDefaultSSLSocketFactory(context
.getSocketFactory());
}
}
2) 现在在调用 api 之前调用下面的函数,比如 bwlow
public static void getServerData(final Context cntx) {
myNotificationDb = new Notification_Db(cntx);
RequestQueue queue = Volley.newRequestQueue(cntx);
HttpsTrustManager.allowAllSSL();
JsonObjectRequest jsObjRequest = new JsonObjectRequest(
Request.Method.GET, "Url", null,
new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
// Your response
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
// TODO Auto-generated method stub
}
}) {
@Override
public Map<String, String> getHeaders() throws AuthFailureError {
// Your header parameter if you have otherwise this is optional
return headers;
}
};
queue.add(jsObjRequest);
}