文档章节

InstallCert and Java 7

cyper
 cyper
发布于 2015/02/11 03:12
字数 1333
阅读 734
收藏 2
读这篇时提到:http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/

以下为FQ转载

When communicating with a server using a self-signed SSL using a Java based client, this custom certificate must be known by the callee side of the communication. This can be done manually by adding the certificate to the client JVM.

To simplify this process, one can use a simple tool called InstallCert as described here and here. This application was originally written for Java 5 / Java 6. While this solution still works, when you try to run this application through Java 7, you will get an additional error message like this:

javax.net.ssl.SSLException: java.lang.UnsupportedOperationException
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1844)
 at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1827)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1346)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
 at org.vangen.auth.InstallCert.main(InstallCert.java:81)
Caused by: java.lang.UnsupportedOperationException
 at org.vangen.auth.InstallCert$SavingTrustManager.getAcceptedIssuers(InstallCert.java:168)
 at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:926)
 at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:872)
 at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:814)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
 ... 2 more

To avoid this error, you will need to change how accepted issuers are returned. The original code threw an exception for this method. The Java 7 implementation calls this method, which was not the case with earlier versions of Java. The solution to this problem is to simply return an empty array like this:

@Override
publicX509Certificate[] getAcceptedIssuers() {
    returnnewX509Certificate[0];
    // throw new UnsupportedOperationException();
}

By doing this small change, the application will no longer return an error upon execution. The full application code will then be:

packageorg.vangen.auth;
 
importjava.io.BufferedReader;
importjava.io.File;
importjava.io.FileInputStream;
importjava.io.FileOutputStream;
importjava.io.InputStream;
importjava.io.InputStreamReader;
importjava.io.OutputStream;
importjava.security.KeyStore;
importjava.security.MessageDigest;
importjava.security.cert.CertificateException;
importjava.security.cert.X509Certificate;
 
importjavax.net.ssl.SSLContext;
importjavax.net.ssl.SSLException;
importjavax.net.ssl.SSLSocket;
importjavax.net.ssl.SSLSocketFactory;
importjavax.net.ssl.TrustManager;
importjavax.net.ssl.TrustManagerFactory;
importjavax.net.ssl.X509TrustManager;
 
publicclassInstallCert {
 
    publicstaticvoidmain(finalString[] args)throwsException {
        String host;
        intport;
        char[] passphrase;
        if((args.length ==1) || (args.length ==2)) {
            finalString[] c = args[0].split(":");
            host = c[0];
            port = (c.length ==1) ?443: Integer.parseInt(c[1]);
            finalString p = (args.length ==1) ?"changeit": args[1];
            passphrase = p.toCharArray();
        }else{
            System.out.println(
                    "Usage: java InstallCert <host>[:port] [passphrase]");
            return;
        }
 
        File file =newFile("jssecacerts");
        if(file.isFile() ==false) {
            finalcharSEP = File.separatorChar;
            finalFile dir =newFile(System.getProperty("java.home")
                    + SEP +"lib"+ SEP +"security");
            file =newFile(dir,"jssecacerts");
            if(file.isFile() ==false) {
                file =newFile(dir,"cacerts");
            }
        }
 
        System.out.println("Loading KeyStore "+ file +"...");
        finalInputStream in =newFileInputStream(file);
        finalKeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(in, passphrase);
        in.close();
 
        finalSSLContext context = SSLContext.getInstance("TLS");
        finalTrustManagerFactory tmf =
                TrustManagerFactory.getInstance(TrustManagerFactory
                        .getDefaultAlgorithm());
        tmf.init(ks);
        finalX509TrustManager defaultTrustManager =
                (X509TrustManager) tmf.getTrustManagers()[0];
        finalSavingTrustManager tm =newSavingTrustManager(
                defaultTrustManager);
        context.init(null,newTrustManager[] { tm },null);
        finalSSLSocketFactory factory = context.getSocketFactory();
 
        System.out.println("Opening connection to "
                + host +":"+ port +"...");
        finalSSLSocket socket = (SSLSocket) factory.createSocket(host, port);
        socket.setSoTimeout(10000);
        try{
            System.out.println("Starting SSL handshake...");
            socket.startHandshake();
            socket.close();
            System.out.println();
            System.out.println("No errors, certificate is already trusted");
        }catch(finalSSLException e) {
            System.out.println();
            e.printStackTrace(System.out);
        }
 
        finalX509Certificate[] chain = tm.chain;
        if(chain ==null) {
            System.out.println("Could not obtain server certificate chain");
            return;
        }
 
        finalBufferedReader reader =
                newBufferedReader(newInputStreamReader(System.in));
 
        System.out.println();
        System.out.println("Server sent "+ chain.length +" certificate(s):");
        System.out.println();
        finalMessageDigest sha1 = MessageDigest.getInstance("SHA1");
        finalMessageDigest md5 = MessageDigest.getInstance("MD5");
        for(inti =0; i < chain.length; i++) {
            finalX509Certificate cert = chain[i];
            System.out.println(" "+ (i +1) +" Subject "
                    + cert.getSubjectDN());
            System.out.println("   Issuer  "+ cert.getIssuerDN());
            sha1.update(cert.getEncoded());
            System.out.println("   sha1    "+ toHexString(sha1.digest()));
            md5.update(cert.getEncoded());
            System.out.println("   md5     "+ toHexString(md5.digest()));
            System.out.println();
        }
 
        System.out.println("Enter certificate to add to trusted keystore"
                +" or 'q' to quit: [1]");
        finalString line = reader.readLine().trim();
        intk;
        try{
            k = (line.length() ==0) ?0: Integer.parseInt(line) -1;
        }catch(finalNumberFormatException e) {
            System.out.println("KeyStore not changed");
            return;
        }
 
        finalX509Certificate cert = chain[k];
        finalString alias = host +"-"+ (k +1);
        ks.setCertificateEntry(alias, cert);
 
        finalOutputStream out =newFileOutputStream(file);
        ks.store(out, passphrase);
        out.close();
 
        System.out.println();
        System.out.println(cert);
        System.out.println();
        System.out.println(
                "Added certificate to keystore 'cacerts' using alias '"
                        + alias +"'");
    }
 
    privatestaticfinalchar[] HEXDIGITS ="0123456789abcdef".toCharArray();
 
    privatestaticString toHexString(finalbyte[] bytes) {
        finalStringBuilder sb =newStringBuilder(bytes.length *3);
        for(intb : bytes) {
            b &=0xff;
            sb.append(HEXDIGITS[b >>4]);
            sb.append(HEXDIGITS[b &15]);
            sb.append(' ');
        }
        returnsb.toString();
    }
 
    privatestaticclassSavingTrustManagerimplementsX509TrustManager {
 
        privatefinalX509TrustManager tm;
        privateX509Certificate[] chain;
 
        SavingTrustManager(finalX509TrustManager tm) {
            this.tm = tm;
        }
 
        @Override
        publicX509Certificate[] getAcceptedIssuers() {
            returnnewX509Certificate[0];
            // throw new UnsupportedOperationException();
        }
 
        @Override
        publicvoidcheckClientTrusted(finalX509Certificate[] chain,
                finalString authType)
                throwsCertificateException {
            thrownewUnsupportedOperationException();
        }
 
        @Override
        publicvoidcheckServerTrusted(finalX509Certificate[] chain,
                finalString authType)
                throwsCertificateException {
            this.chain = chain;
            this.tm.checkServerTrusted(chain, authType);
        }
    }
}

以下是原版for JDK5 and JDK6的,从google code搜索而来

package com.aw.ad.util;
/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
/**
 * http://blogs.sun.com/andreas/resource/InstallCert.java
 * Use:
 * java InstallCert hostname
 * Example:
 *% java InstallCert ecc.fedora.redhat.com
 */

import javax.net.ssl.*;
import java.io.*;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * Class used to add the server's certificate to the KeyStore
 * with your trusted certificates.
 */
public class InstallCert {

    public static void main(String[] args) throws Exception {
        String host;
        int port;
        char[] passphrase;
        if ((args.length == 1) || (args.length == 2)) {
            String[] c = args[0].split(":");
            host = c[0];
            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
            String p = (args.length == 1) ? "changeit" : args[1];
            passphrase = p.toCharArray();
        } else {
            System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
            return;
        }

        File file = new File("jssecacerts");
        if (file.isFile() == false) {
            char SEP = File.separatorChar;
            File dir = new File(System.getProperty("java.home") + SEP
                    + "lib" + SEP + "security");
            file = new File(dir, "jssecacerts");
            if (file.isFile() == false) {
                file = new File(dir, "cacerts");
            }
        }
        System.out.println("Loading KeyStore " + file + "...");
        InputStream in = new FileInputStream(file);
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(in, passphrase);
        in.close();

        SSLContext context = SSLContext.getInstance("TLS");
        TrustManagerFactory tmf =
                TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);
        X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
        context.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory factory = context.getSocketFactory();

        System.out.println("Opening connection to " + host + ":" + port + "...");
        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
        socket.setSoTimeout(10000);
        try {
            System.out.println("Starting SSL handshake...");
            socket.startHandshake();
            socket.close();
            System.out.println();
            System.out.println("No errors, certificate is already trusted");
        } catch (SSLException e) {
            System.out.println();
            e.printStackTrace(System.out);
        }

        X509Certificate[] chain = tm.chain;
        if (chain == null) {
            System.out.println("Could not obtain server certificate chain");
            return;
        }

        BufferedReader reader =
                new BufferedReader(new InputStreamReader(System.in));

        System.out.println();
        System.out.println("Server sent " + chain.length + " certificate(s):");
        System.out.println();
        MessageDigest sha1 = MessageDigest.getInstance("SHA1");
        MessageDigest md5 = MessageDigest.getInstance("MD5");
        for (int i = 0; i < chain.length; i++) {
            X509Certificate cert = chain[i];
            System.out.println
                    (" " + (i + 1) + " Subject " + cert.getSubjectDN());
            System.out.println("   Issuer  " + cert.getIssuerDN());
            sha1.update(cert.getEncoded());
            System.out.println("   sha1    " + toHexString(sha1.digest()));
            md5.update(cert.getEncoded());
            System.out.println("   md5     " + toHexString(md5.digest()));
            System.out.println();
        }

        System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
        String line = reader.readLine().trim();
        int k;
        try {
            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
        } catch (NumberFormatException e) {
            System.out.println("KeyStore not changed");
            return;
        }

        X509Certificate cert = chain[k];
        String alias = host + "-" + (k + 1);
        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");
        ks.store(out, passphrase);
        out.close();

        System.out.println();
        System.out.println(cert);
        System.out.println();
        System.out.println
                ("Added certificate to keystore 'jssecacerts' using alias '"
                        + alias + "'");
    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {
        StringBuilder sb = new StringBuilder(bytes.length * 3);
        for (int b : bytes) {
            b &= 0xff;
            sb.append(HEXDIGITS[b >> 4]);
            sb.append(HEXDIGITS[b & 15]);
            sb.append(' ');
        }
        return sb.toString();
    }

    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager tm) {
            this.tm = tm;
        }

        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }

        public void checkClientTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            throw new UnsupportedOperationException();
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            this.chain = chain;
            tm.checkServerTrusted(chain, authType);
        }
    }

}




本文转载自:http://infposs.blogspot.ca/2013/06/installcert-and-java-7.html

共有 人打赏支持
cyper

cyper

粉丝 58
博文 685
码字总数 143161
作品 0
武汉
前端工程师
异常:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:

版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/catoop/article/details/80819638 问题 java使用httpclient或者restTemplate进行https请求时,出现如下异常:...

单红宇
06/26
0
0
解决PKIX path building failed

/** @author wyj @create 2018-06-01 09:41 **/import java.io.BufferedReader;import java.io.File;import java.io.FileInputStream;import java.io.FileOutputStream;import java.io.Input......

JavaJar
06/01
0
0
PKIX path building failed: sun.security.provide...

在执行webservice的过程中,出现如下异常: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpat......

Java编程思想
2013/06/26
0
0
webservice ssl 2 下载webservice服务端所有的证书

编译:javac InstallCert.java 运行:java InstallCert gsxapiut.apple.com InstallCert.java代码 /* Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Redistribution and use......

Zhao-Qian
2015/06/09
0
0
linux下的jdk环境变量配置

新安装的ubuntu不能以root用户登录,可以这样做 sudo passwd root //然后设置密码 su //输入密码登录 ubuntu 新建简单文本 touch hello.sh //新建文件 hello.sh vim hello.sh // 打开hello文...

苏云飞
2015/11/18
0
0

没有更多内容

加载失败,请刷新页面

加载更多

20180920 rzsz传输文件、用户和用户组相关配置文件与管理

利用rz、sz实现Linux与Windows互传文件 [root@centos01 ~]# yum install -y lrzsz # 安装工具sz test.txt # 弹出对话框,传递到选择的路径下rz # 回车后,会从对话框中选择对应的文件传递...

野雪球
今天
2
0
OSChina 周四乱弹 —— 毒蛇当辣条

Osc乱弹歌单(2018)请戳(这里) 【今日歌曲】 @ 达尔文:分享花澤香菜/前野智昭/小野大輔/井上喜久子的单曲《ミッション! 健?康?第?イチ》 《ミッション! 健?康?第?イチ》- 花澤香菜/前野智...

小小编辑
今天
7
3
java -jar运行内存设置

java -Xms64m #JVM启动时的初始堆大小 -Xmx128m #最大堆大小 -Xmn64m #年轻代的大小,其余的空间是老年代 -XX:MaxMetaspaceSize=128m # -XX:CompressedClassSpaceSize=6...

李玉长
今天
4
0
Spring | 手把手教你SSM最优雅的整合方式

HEY 本节主要内容为:基于Spring从0到1搭建一个web工程,适合初学者,Java初级开发者。欢迎与我交流。 MODULE 新建一个Maven工程。 不论你是什么工具,选这个就可以了,然后next,直至finis...

冯文议
今天
2
0
RxJS的另外四种实现方式(四)——性能最高的库(续)

接上一篇RxJS的另外四种实现方式(三)——性能最高的库 上一篇文章我展示了这个最高性能库的实现方法。下面我介绍一下这个性能提升的秘密。 首先,为了弄清楚Most库究竟为何如此快,我必须借...

一个灰
今天
3
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部