socket编程:握手错误pkix路径构建失败:找不到请求目标的有效证书路径

5uzkadbs  于 2021-06-29  发布在  Java
关注(0)|答案(0)|浏览(238)

我正在尝试用安全连接编写套接字编程。
我已经创建了keystore.jks,还向custom keystore.jks添加了google证书。

SSLContext ctx;
            KeyManagerFactory kmf;
            KeyStore ks;
            char[] passphrase = "password".toCharArray();

            ctx = SSLContext.getInstance("TLS");
            kmf = KeyManagerFactory.getInstance(KeyManagerFactory
                    .getDefaultAlgorithm());
            ks = KeyStore.getInstance("JKS");

            File certificate = new File("./path/to/keystore.jks");
            ks.load(new FileInputStream(certificate), passphrase);

            kmf.init(ks, passphrase);

            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(ks);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

            ctx.init(kmf.getKeyManagers(), trustManagers, null);

我有nodejs https服务器,我已经将该证书导入keystore.jks,它可以正常工作。但当我尝试将google证书添加到keystore.jks时,仍然会出现错误“pkix路径构建失败”。
当我添加到${java\u home}/jdk/jre/lib/security/cacerts并将trustmanager设为null时,它可以正常工作,但我希望避免java\u home/jre/lib/security中cacerts的依赖关系。
总结

-> importing google certificate in cacerts file in JAVA_HOME folder works fine. 
-> custom certificate with imported in keystore.jks works fine. 
-> google certificate imported in keystore.jks causes a problem.

堆栈跟踪:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1640)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
    at application.client.Client.sendAndReceiveData(Client.java:46)
    at application.server.ServerRunnable.run(ServerRunnable.java:46)
    at java.lang.Thread.run(Thread.java:748)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
    at sun.security.validator.Validator.validate(Validator.java:262)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1622)
    ... 10 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
    ... 16 more

如果有人帮我解决这个问题,那对我来说太棒了。

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题