接收 HTTP 传输错误:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21239336/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-13 07:33:14 来源:igfitidea点击:
Receiving HTTP transport error : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed
提问by Karim L.
I am implementing a jax-ws web service client in a maven sub module using jaxws-maven-pluginwith wsimportgoal, which is in charge of parsing multiple configured .wsdl files in order to generate the needed artifacts to code the client.
我正在使用带有wsimport目标的jaxws-maven-plugin在 maven 子模块中实现一个 jax-ws Web 服务客户端,它负责解析多个配置的 .wsdl 文件以生成所需的工件来编码客户端。
The generation process is working fine, but when implementing the client, I need to use SSL when communicating with the deployed web service. For that, the client provided me with a certificate (cert.p12file) and a password .
生成过程工作正常,但在实现客户端时,我需要在与部署的 Web 服务通信时使用 SSL。为此,客户向我提供了证书(cert.p12文件)和密码。
As I don't have access to the HttpsURLConnection to initialize the SSLContext programatically when using the jax-ws generated artifacts to implement the web service client, I've just coded an initProxySettings()method which will be in charge of setting system properties before calling the client as shown below.
由于在使用 jax-ws 生成的工件来实现 Web 服务客户端时,我无法访问 HttpsURLConnection 以编程方式初始化 SSLContext,因此我刚刚编写了一个initProxySettings()方法,该方法将负责之前设置系统属性调用客户端,如下所示。
private void initProxySettings() {
Properties systemSettings = System.getProperties();
systemSettings.setProperty("proxySet", "true");
systemSettings.setProperty("http.proxyHost", proxyHost);
systemSettings.setProperty("http.proxyPort", "443");
systemSettings.setProperty("https.proxyHost", sslProxyHost);
systemSettings.setProperty("https.proxyPort", sslProxyPort);
systemSettings.setProperty("javax.net.ssl.keyStore", p12FilePath);
systemSettings.setProperty("javax.net.ssl.keyStorePassword",p12FilePassword);
systemSettings.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
systemSettings.setProperty("javax.net.debug", "ssl");
System.setProperties(systemSettings);
}
When trying to run a connected test with the service, I get the following error :
尝试使用该服务运行连接测试时,出现以下错误:
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:121)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:142)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:83)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:587)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:546)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:531)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:428)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:211)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:124)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:98)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
at $Proxy95.reportRatesTrade(Unknown Source)
at myCompany.connectivity.myApp.wsconnector.FpmlReportSender.sendRateFpmlReport(FpmlReportSender.java:66)
at myCompany.connectivity.myAPP.wsconnector.FpmlWsClientSender.sendFpmlViaWebService(FpmlWsClientSender.java:67)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.camel.component.bean.MethodInfo.invoke(MethodInfo.java:407)
at org.apache.camel.component.bean.MethodInfo.doProceed(MethodInfo.java:278)
at org.apache.camel.component.bean.MethodInfo.proceed(MethodInfo.java:251)
at org.apache.camel.component.bean.BeanProcessor.process(BeanProcessor.java:166)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:72)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:398)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:118)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:80)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.component.file.GenericFileConsumer.processExchange(GenericFileConsumer.java:401)
at org.apache.camel.component.file.GenericFileConsumer.processBatch(GenericFileConsumer.java:201)
at org.apache.camel.component.file.GenericFileConsumer.poll(GenericFileConsumer.java:165)
at org.apache.camel.impl.ScheduledPollConsumer.doRun(ScheduledPollConsumer.java:187)
at org.apache.camel.impl.ScheduledPollConsumer.run(ScheduledPollConsumer.java:114)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access1(ScheduledThreadPoolExecutor.java:98)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:109)
... 43 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:325)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:219)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1053)
... 55 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:320)
... 61 more
Here is an excerpt of the SSL debug which I've shorten :
这是我缩短的 SSL 调试的摘录:
keyStore type is : pkcs12
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : company- [email protected]
chain [0] = [
[
Version: V3
Subject: CN=company99DF011B-51A9-57F9-E341-E0A68D4B9751, OU=USERS, O=KGC0418
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunPKCS11-Solaris RSA public key, 2048 bits (id 139309464, session object)
modulus: 22112756093157512458757695440781457752806273315592450355957740196952202759592017766120571999875831031807562268295134910443622272782776544232874456458580772402436337356828895708779249509298037562892132455656130873883482145964182231114271360652011365917415253840206676718726431817484730833855366587344152579527243740623
public exponent: 65537
Validity: [From: Sun Dec 08 17:31:09 MET 2013,
To: Thu Jan 08 17:31:09 MET 2015]
Issuer: CN=KGC0418 companyPROD, OU=company Authorized Use Only, O=KGC0418, C=US
SerialNumber: [ 03]
Certificate Extensions: 3
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
S/MIME
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 1A C2 D9 E5 AC 6D 36 2F 65 F1 4C A2 11 3B 92 EB .....m6/e.L..;..
0010: 9B F9 4B CA ..K.
]
[CN=company Global Root CA, OU=company Authorized Use Only, O=COMPANY, C=US]
SerialNumber: [ 14]
]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:....
.........
......
.....
.....
***
trustStore is: /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
.........
........
.........
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1373450395 bytes = { 223, 37, 1, 148, 219, 69, 149, 109, 169, 194, 44, 197, 99, 80, 16, 189, 197, 104, 28, 99, 157, 172, 34, 240, 145, 73, 49, 89 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
Camel (myApp) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Handshake, length = 73
Camel (myApp) thread #0 - file://src/test/resources/fpml, WRITE: SSLv2 client hello message, length = 98
Camel (myApp) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1373446593 bytes = { 83, 8, 141, 30, 34, 196, 26, 7, 232, 255, 119, 56, 80, 5, 201, 181, 68, 107, 17, 160, 109, 152, 79, 219, 19, 16, 181, 222 }
Session ID: {146, 198, 54, 212, 84, 229, 79, 190, 99, 152, 78, 98, 18, 19, 152, 253, 197, 212, 1, 37, 17, 33, 77, 113, 59, 86, 136, 120, 33, 19, 126, 1}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
Camel (myApp) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 1295
*** Certificate chain
chain [0] = [
[....
.....
.....
.....
[9]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:...
....
...
]
***
Camel (myApp) thread #0 - file://src/test/resources/fpml, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Camel (myApp) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Alert, length = 2
Camel (myApp) thread #0 - file://src/test/resources/fpml, called closeSocket()
Camel (myApp) thread #0 - file://src/test/resources/fpml, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Finalizer, called close()
Finalizer, called closeInternal(true)
Could you tell me if this is the right way to use a .p12 certificate with JAX-WS client ? If my implementation is meaningful, what am I missing then ?
您能告诉我这是否是将 .p12 证书与 JAX-WS 客户端一起使用的正确方法吗?如果我的实现是有意义的,那么我错过了什么?
------ UPDATE-------
------更新-------
As suggested by @Jcs in the next post I've created a custom new key store in a JKS format by the following steps :
正如@Jcs 在下一篇文章中所建议的,我通过以下步骤以 JKS 格式创建了一个自定义的新密钥存储:
1/ Extracting the public key from cert.p12 file using the command :
1/ 使用以下命令从 cert.p12 文件中提取公钥:
openssl.exe pkcs12 -in cert.p12 -clcerts -nokeys -out publicCert.pem
2/ Creating a new trust store in JKS format using :
2/ 使用以下命令创建 JKS 格式的新信任库:
keytool -import -alias test -file publicCert.pem -keystore myTrustStore.jks
Then keeping the same configuration for the keyStore, I've configured the trusStore properties to point out this new generated JKS store as follows :
然后对 keyStore 保持相同的配置,我已经配置了 trusStore 属性来指出这个新生成的 JKS 存储,如下所示:
systemSettings.setProperty("javax.net.ssl.trustStore", myTrustStore.jks);
systemSettings.setProperty("javax.net.ssl.trustStorePassword", jksFilePassword);
systemSettings.setProperty("javax.net.ssl.trustStoreType", "JKS");
/*****/
systemSettings.setProperty("javax.net.ssl.keyStore", cert.p12);
systemSettings.setProperty("javax.net.ssl.keyStorePassword", p12FilePassword);
systemSettings.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
Now from what I see in the ssl.debug console, the trustStore points at the one I've set in my implementation :
现在从我在 ssl.debug 控制台中看到的, trustStore 指向我在我的实现中设置的那个:
***
trustStore is: src\test\resources\certificate\myTrustStore.jks
trustStore type is : JKS
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=COMPANY 99DF011B-51A9-57F9-E341-E0A68D4B9751, OU=USERS, O=KGC0418
Issuer: CN=KGC0418 XXXXXXXXX
Algorithm: RSA; Serial number: 0x3
Valid from Sun Dec 08 17:31:09 GMT+01:00 2013 until Thu Jan 08 17:31:09 GMT+01:00 2015
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1373559519 bytes = { 73, 210, 46, 42, 251, 113, 112, 255, 135, 100, 241, 240, 245, 125, 197, 72, 118, 72, 226, 121, 151, 222, 36, 76, 69, 108, 59, 223 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
Camel (camel-2) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Handshake, length = 73
Camel (camel-2) thread #0 - file://src/test/resources/fpml, WRITE: SSLv2 client hello message, length = 98
Camel (camel-2) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1373559520 bytes = { 208, 198, 151, 119, 235, 39, 193, 62, 48, 230, 205, 106, 86, 238, 78, 91, 82, 255, 187, 234, 12, 5, 121, 49, 30, 109, 211, 209 }
Session ID: {6, 28, 249, 26, 112, 151, 19, 203, 2, 16, 79, 111, 188, 253, 24, 4, 247, 139, 66, 144, 210, 30, 101, 226, 40, 73, 228, 161, 55, 230, 221, 114}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
Camel (camel-2) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 1295
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=xxxxxxxxxxxx
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 26518340377185970618433427871998795874305944949774222457599695023228997443108630011833718821919400987851754545189639992819856454324827540671299918071626122667103792561945932972886083246760975456684092491592159887675835743379582226715892057387136711529603424019350987371140627696296825793550900188321364783977163343619847560039629745177775488269466101953205609461762679291911956872358518707250384413293488030799581673273259857148207483603504965811669522407902645141827155299400058670101699158958543405382995894352227209548308584112363108195961049506258872806165116902528885827281882201616114758666943336739405701681289
public exponent: 65537
Validity: [From: Thu Nov 07 12:56:30 GMT+01:00 2013,
To: Sat Jan 09 18:53:11 GMT+01:00 2016]
Issuer: CN=GeoTrust SSL CA, O="GeoTrust, Inc.", C=US
SerialNumber: [ 02a093]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://gtssl-ocsp.geotrust.com,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://gtssl-aia.geotrust.com/gtssl.crt]
]
....
[2]: ObjectId: 2.xx.xx.17 Criticality=false
....
[3]: ObjectId: 2.xx.xx.35 Criticality=false
...
[4]: ObjectId: 2.xx.xx.14 Criticality=false
....
[5]: ObjectId: 2.xx.xx.32 Criticality=false
....
[6]: ObjectId: 2.xx.xx.19 Criticality=true
....
[7]: ObjectId: 2.xx.xx.37 Criticality=false
....
[8]: ObjectId: 2.xx.xx.31 Criticality=false
..
.
[9]: ObjectId: 2.xx.xx.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 14 EB 1F A8 91 DE F0 A6 54 B4 BB D1 6F E4 10 63 ........T...o..c
]
***
Camel (camel-2) thread #0 - file://src/test/resources/fpml, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Camel (camel-2) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Alert, length = 2
Camel (camel-2) thread #0 - file://src/test/resources/fpml, called closeSocket()
Camel (camel-2) thread #0 - file://src/test/resources/fpml, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Camel (camel-2) thread #0 - file://src/test/resources/fpml, called close()
Camel (camel-2) thread #0 - file://src/test/resources/fpml, called closeInternal(true)
but I'm still having the same error :
但我仍然有同样的错误:
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:121)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:142)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:83)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:587)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:546)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:531)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:428)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:211)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:124)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:98)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
at $Proxy102.reportRatesTrade(Unknown Source)
at myCompany.connectivity.myApp.wsconnector.FpmlReportSender.sendRateFpmlReport(FpmlReportSender.java:75)
at myCompany.connectivity.myApp.wsconnector.FpmlWsClientSender.sendFpmlViaWebService(FpmlWsClientSender.java:67)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.camel.component.bean.MethodInfo.invoke(MethodInfo.java:407)
at org.apache.camel.component.bean.MethodInfo.doProceed(MethodInfo.java:278)
at org.apache.camel.component.bean.MethodInfo.proceed(MethodInfo.java:251)
at org.apache.camel.component.bean.BeanProcessor.process(BeanProcessor.java:166)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:72)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:398)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:118)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:80)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.component.file.GenericFileConsumer.processExchange(GenericFileConsumer.java:401)
at org.apache.camel.component.file.GenericFileConsumer.processBatch(GenericFileConsumer.java:201)
at org.apache.camel.component.file.GenericFileConsumer.poll(GenericFileConsumer.java:165)
at org.apache.camel.impl.ScheduledPollConsumer.doRun(ScheduledPollConsumer.java:187)
at org.apache.camel.impl.ScheduledPollConsumer.run(ScheduledPollConsumer.java:114)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access1(ScheduledThreadPoolExecutor.java:98)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:109)
... 43 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:294)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:200)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1053)
... 55 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:289)
... 61 more
Did I set both the keyStore and the trustStore correctly ?
我是否正确设置了 keyStore 和 trustStore?
回答by Jcs
As far as I see, you are correctly using the PKCS#12 file. The problem is caused by the server certificate. Since you did not set any trustStorethe default trustStoreis used. This is written in this log line:
据我所知,您正确使用了 PKCS#12 文件。问题是由服务器证书引起的。由于您没有设置任何trustStore默认值trustStore。这写在这个日志行中:
trustStore is: /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts
However SSL implementation was not able to attach the server certificate chain to any trusted certificate in this store. Maybe this server certificate is self-signed, maybe it is issued by a dedicated in-house certification authority or maybe it has just been issued by a certification authority which is not listed here.
但是 SSL 实现无法将服务器证书链附加到此存储中的任何受信任证书。也许这个服务器证书是自签名的,也许它是由一个专门的内部证书颁发机构颁发的,或者它刚刚由一个此处未列出的证书颁发机构颁发。
To fix it, ask your client for the root CA certificate and add it into the cacertsfile or create a custom new keystore. You can use the keytool -importcertcommand.
要修复它,请向您的客户端询问根 CA 证书并将其添加到cacerts文件中或创建自定义的新密钥库。您可以使用该keytool -importcert命令。
If you create a new keystore, you'll need to add this to your code:
如果您创建新的密钥库,则需要将其添加到您的代码中:
systemSettings.setProperty("javax.net.ssl.trustStore", "/path/to/trust/store");
systemSettings.setProperty("javax.net.ssl.trustStorePassword", "trustStorePassword");
