我正在尝试用安全连接编写套接字编程。
我已经创建了keystore.jks,还向custom keystore.jks添加了google证书。
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
char[] passphrase = "password".toCharArray();
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance(KeyManagerFactory
.getDefaultAlgorithm());
ks = KeyStore.getInstance("JKS");
File certificate = new File("./path/to/keystore.jks");
ks.load(new FileInputStream(certificate), passphrase);
kmf.init(ks, passphrase);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(ks);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
ctx.init(kmf.getKeyManagers(), trustManagers, null);我有nodejs https服务器,我已经将该证书导入keystore.jks,它可以正常工作。但当我尝试将google证书添加到keystore.jks时,仍然会出现错误“pkix路径构建失败”。
当我添加到${java\u home}/jdk/jre/lib/security/cacerts并将trustmanager设为null时,它可以正常工作,但我希望避免java\u home/jre/lib/security中cacerts的依赖关系。
总结
-> importing google certificate in cacerts file in JAVA_HOME folder works fine.
-> custom certificate with imported in keystore.jks works fine.
-> google certificate imported in keystore.jks causes a problem.堆栈跟踪:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1640)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at application.client.Client.sendAndReceiveData(Client.java:46)
at application.server.ServerRunnable.run(ServerRunnable.java:46)
at java.lang.Thread.run(Thread.java:748)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1622)
... 10 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 16 more如果有人帮我解决这个问题,那对我来说太棒了。
暂无答案!
目前还没有任何答案,快来回答吧!