PKIX：unabletofindvalidcertificationpathtorequestedtarget的问题

转   

https://blog.csdn.net/faye0412/article/details/6883879

问题的根本是&＃xff1a;

缺少安全证书时出现的异常。

解决问题方法&＃xff1a;

将你要访问的webservice/url....的安全认证证书导入到客户端即可。

类   

InstallCert

package io.renren;import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;public class InstallCert {public static void main(String[] args) throws Exception {String host;int port;char[] passphrase;if ((args.length &＃61;&＃61; 1) || (args.length &＃61;&＃61; 2)) {String[] c &＃61; args[0].split(":");host &＃61; c[0];port &＃61; (c.length &＃61;&＃61; 1) ? 443 : Integer.parseInt(c[1]);String p &＃61; (args.length &＃61;&＃61; 1) ? "changeit" : args[1];passphrase &＃61; p.toCharArray();} else {System.out.println("Usage: java InstallCert [:port] [passphrase]");return;}File file &＃61; new File("jssecacerts");if (file.isFile() &＃61;&＃61; false) {char SEP &＃61; File.separatorChar;File dir &＃61; new File(System.getProperty("java.home") &＃43; SEP &＃43; "lib"&＃43; SEP &＃43; "security");file &＃61; new File(dir, "jssecacerts");if (file.isFile() &＃61;&＃61; false) {file &＃61; new File(dir, "cacerts");}}System.out.println("Loading KeyStore " &＃43; file &＃43; "...");InputStream in &＃61; new FileInputStream(file);KeyStore ks &＃61; KeyStore.getInstance(KeyStore.getDefaultType());ks.load(in, passphrase);in.close();SSLContext context &＃61; SSLContext.getInstance("TLS");TrustManagerFactory tmf &＃61; TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());tmf.init(ks);X509TrustManager defaultTrustManager &＃61; (X509TrustManager) tmf.getTrustManagers()[0];SavingTrustManager tm &＃61; new SavingTrustManager(defaultTrustManager);context.init(null, new TrustManager[] { tm }, null);SSLSocketFactory factory &＃61; context.getSocketFactory();System.out.println("Opening connection to " &＃43; host &＃43; ":" &＃43; port &＃43; "...");SSLSocket socket &＃61; (SSLSocket) factory.createSocket(host, port);socket.setSoTimeout(10000);try {System.out.println("Starting SSL handshake...");socket.startHandshake();socket.close();System.out.println();System.out.println("No errors, certificate is already trusted");} catch (SSLException e) {System.out.println();e.printStackTrace(System.out);}X509Certificate[] chain &＃61; tm.chain;if (chain &＃61;&＃61; null) {System.out.println("Could not obtain server certificate chain");return;}BufferedReader reader &＃61; new BufferedReader(new InputStreamReader(System.in));System.out.println();System.out.println("Server sent " &＃43; chain.length &＃43; " certificate(s):");System.out.println();MessageDigest sha1 &＃61; MessageDigest.getInstance("SHA1");MessageDigest md5 &＃61; MessageDigest.getInstance("MD5");for (int i &＃61; 0; i > 4]);sb.append(HEXDIGITS[b & 15]);sb.append(&＃39; &＃39;);}return sb.toString();}private static class SavingTrustManager implements X509TrustManager {private final X509TrustManager tm;private X509Certificate[] chain;SavingTrustManager(X509TrustManager tm) {this.tm &＃61; tm;}public X509Certificate[] getAcceptedIssuers() {throw new UnsupportedOperationException();}public void checkClientTrusted(X509Certificate[] chain, String authType)throws CertificateException {throw new UnsupportedOperationException();}public void checkServerTrusted(X509Certificate[] chain, String authType)throws CertificateException {this.chain &＃61; chain;tm.checkServerTrusted(chain, authType);}}}

类&＃xff1a;   

MySecureProtocolSocketFactory

package io.renren;import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HttpClientError;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;public class MySecureProtocolSocketFactory implements SecureProtocolSocketFactory {private SSLContext sslContext &＃61; null;/*** Constructor for MySecureProtocolSocketFactory.*/public MySecureProtocolSocketFactory() {}/**** &＃64;return*/private static SSLContext createEasySSLContext() {try {SSLContext context &＃61; SSLContext.getInstance("SSL");context.init(null, new TrustManager[] { new MyX509TrustManager() },null);return context;} catch (Exception e) {throw new HttpClientError(e.toString());}}/**** &＃64;return*/private SSLContext getSSLContext() {if (this.sslContext &＃61;&＃61; null) {this.sslContext &＃61; createEasySSLContext();}return this.sslContext;}/** (non-Javadoc)** &＃64;see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String,* int, java.net.InetAddress, int)*/public Socket createSocket(String host, int port, InetAddress clientHost,int clientPort) throws IOException, UnknownHostException {return getSSLContext().getSocketFactory().createSocket(host, port,clientHost, clientPort);}/** (non-Javadoc)** &＃64;see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String,* int, java.net.InetAddress, int,* org.apache.commons.httpclient.params.HttpConnectionParams)*/public Socket createSocket(final String host, final int port,final InetAddress localAddress, final int localPort,final HttpConnectionParams params) throws IOException,UnknownHostException, ConnectTimeoutException {if (params &＃61;&＃61; null) {throw new IllegalArgumentException("Parameters may not be null");}int timeout &＃61; params.getConnectionTimeout();if (timeout &＃61;&＃61; 0) {return createSocket(host, port, localAddress, localPort);} else {return ControllerThreadSocketFactory.createSocket(this, host, port,localAddress, localPort, timeout);}}/** (non-Javadoc)** &＃64;see SecureProtocolSocketFactory#createSocket(java.lang.String,int)*/public Socket createSocket(String host, int port) throws IOException,UnknownHostException {return getSSLContext().getSocketFactory().createSocket(host, port);}/** (non-Javadoc)** &＃64;see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)*/public Socket createSocket(Socket socket, String host, int port,boolean autoClose) throws IOException, UnknownHostException {return getSSLContext().getSocketFactory().createSocket(socket, host,port, autoClose);}
}


类&＃xff1a;  

X509TrustManager

package io.renren;import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;import javax.net.ssl.X509TrustManager;public class MyX509TrustManager implements X509TrustManager {/* (non-Javadoc)* &＃64;see javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.X509Certificate[], java.lang.String)*/public void checkClientTrusted(X509Certificate[] arg0, String arg1)throws CertificateException {}/* (non-Javadoc)* &＃64;see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String)*/public void checkServerTrusted(X509Certificate[] arg0, String arg1)throws CertificateException {}/* (non-Javadoc)* &＃64;see javax.net.ssl.X509TrustManager#getAcceptedIssuers()*/public X509Certificate[] getAcceptedIssuers() {return null;}}

如果编译不了 。 就应该到当前目录的上一个目录进行编译运行。不用带https://

如&＃xff1a;  F:\work\gitlab\renren-security\renren-admin\src\test\java> java io/renren/InstallCert wssb6.szsi.gov.cn

输入1&＃xff0c;回车&＃xff0c;然后会在当前的目录下产生一个名为“ssecacerts”的证书。

将证书拷贝到$JAVA_HOME/jre/lib/security目录下&＃xff0c;或者通过以下方式&＃xff1a;
System.setProperty("javax.net.ssl.trustStore", "你的jssecacerts证书路径"); //在connect前设置

static {try {System.setProperty("javax.net.ssl.trustStore", "F:\\work\\gitlab\\renren-security\\renren-admin\\src\\test\\java\\jssecacerts");ProtocolSocketFactory fcty &＃61; new MySecureProtocolSocketFactory();Protocol.registerProtocol("https", new Protocol("https", fcty, 443));HttpClient httpClient &＃61; new HttpClient();res &＃61;Jsoup.connect(logURL).data("user","1111","password","222220","isIE","1","type","1").method(Connection.Method.POST).execute();} catch (IOException e) {e.printStackTrace();}}

注意&＃xff1a;因为是静态加载&＃xff0c;所以要重新启动你的Web Server&＃xff0c;证书才能生效。