Solve the pkix problem: unable to find valid certification path to requested target

/*

* Copyright 2006 Sun Microsystems, Inc. All rights reserved.

*

* Redistribution and use in source and binary forms, with or

* Modification, are permitted provided that the following conditions

* Are met:

*

*-Redistributions of source code must retain the above Copyright

* Notice, this list of conditions and the following disclawing.

*

*-Redistributions in binary form must reproduce the above Copyright

* Notice, this list of conditions and the following disclawing in

* Documentation and/or other materials provided with the distribution.

*

*-Neither the name of Sun Microsystems nor the names of its

* Contributors may be used to endorse or promote products derived

* From this software without specific prior written permission.

*

* This software is provided by the copyright holders and contributors"

* Is "and any express or implied warranties, including, but not limited,

* The implied warranties of merchantability and fitness for a participant

* Purpose are disclaimed. In no event shall the copyright owner or

* Contributors be liable for any direct, indirect, incidental, special,

* Exemplary, or consequential damages (including, but not limited,

* Procurement of substitute goods or services; loss of use, data, or

* Profits; or business interruption) however caused and on any theory

* Liability, whether in contract, strict liability, or tort (including

* Negligence or otherwise) arising in any way out of the use of this

* Software, even if advised of the possibility of such damage.

*/

Import java. Io. bufferedreader;

Import java. Io. file;

Import java. Io. fileinputstream;

Import java. Io. fileoutputstream;

Import java. Io. inputstream;

Import java. Io. inputstreamreader;

Import java. Io. outputstream;

Import java. Security. keystore;

Import java. Security. messagedigest;

Import java. Security. cert. certificateexception;

Import java. Security. cert. x509certificate;

Import javax.net. SSL. sslcontext;

Import javax.net. SSL. sslexception;

Import javax.net. SSL. sslsocket;

Import javax.net. SSL. sslsocketfactory;

Import javax.net. SSL. trustmanager;

Import javax.net. SSL. trustmanagerfactory;

Import javax.net. SSL. x509trustmanager;

/**

* Step 1: Execution method: Java installcert hostname

* Eg: Java installcert www.cebbank.com

* Step 2: Enter 1 and press Enter. The following print information is displayed.

* Step 3: A certificate named jssecacerts has been generated in the face-to-face directory.

* Step 4: copy the certificate named jssecacerts \ % java_honme % \ JRE \ Lib \ SECURITY \

* Step 5: restart the Application Service and the certificate will take effect ..

* PS: Remove Chinese comments for execution; otherwise, an error will be reported !!!

* @ Author Ligang

*

* First, compile the Java file directory.

* Javac-D. installcert. Java

* Java COM/ptengine/test/installcert localhost

*/

Public class installcert {

Public static void main (string [] ARGs) throws exception {

String host;

Int port;

Char [] passphrase;

If (ARGs. Length = 1) | (ARGs. Length = 2 )){

String [] C = ARGs [0]. Split (":");

Host = C [0];

Port = (C. Length = 1 )? 443: integer. parseint (C [1]);

String P = (ARGs. Length = 1 )? "Changeit": ARGs [1];

Passphrase = P. tochararray ();

} Else {

System. Out. println ("Usage: Java installcert

Return;

}

File file = new file ("jssecacerts ");

If (file. isfile () = false ){

Char Sep = file. separatorchar;

File dir = new file (system. getproperty ("Java. Home") + Sep + "lib" + Sep + "security ");

File = new file (Dir, "jssecacerts ");

If (file. isfile () = false ){

File = new file (Dir, "cacerts ");

}

}

System. Out. println ("loading keystore" + file + "...");

Inputstream in = new fileinputstream (File );

Keystore Ks = keystore. getinstance (keystore. getdefaulttype ());

KS. Load (in, passphrase );

In. Close ();

Sslcontext context = sslcontext. getinstance ("TLS ");

Trustmanagerfactory TMF = trustmanagerfactory. getinstance (trustmanagerfactory. getdefaultalgorithm ());

TMF. INIT (KS );

X509trustmanager defaulttrustmanager = (x509trustmanager) TMF. gettrustmanagers () [0];

Savingtrustmanager TM = new savingtrustmanager (defatrutrustmanager );

Context. INIT (null, new trustmanager [] {TM}, null );

Sslsocketfactory factory = context. getsocketfactory ();

System. Out. println ("Opening connection to" + host + ":" + port + "...");

Sslsocket socket = (sslsocket) Factory. createsocket (host, Port );

Socket. setsotimeout (10000 );

Try {

System. Out. println ("Starting SSL handshake ...");

Socket. starthandshake ();

Socket. Close ();

System. Out. println ();

System. Out. println ("no errors, certificate is already trusted ");

} Catch (sslexception e ){

System. Out. println ();

E. printstacktrace (system. Out );

}

X509certificate [] Chain = TM. chain;

If (chain = NULL ){

System. Out. println ("cocould not obtain server certificate chain ");

Return;

}

Bufferedreader reader = new bufferedreader (New inputstreamreader (system. In ));

System. Out. println ();

System. Out. println ("server sent" + chain. Length + "certificate (s ):");

System. Out. println ();

Messagedigest sha1 = messagedigest. getinstance ("sha1 ");

Messagedigest MD5 = messagedigest. getinstance ("MD5 ");

For (INT I = 0; I <chain. length; I ++ ){

X509certificate Cert = chain [I];

System. Out. println ("" + (I + 1) + "subject" + cert. getsubjectdn ());

System. Out. println ("issuer" + cert. getissuerdn ());

Sha1.update (CERT. getencoded ());

System. Out. println ("sha1" + tohexstring (sha1.digest ()));

Md5.update (CERT. getencoded ());

System. Out. println ("MD5" + tohexstring (md5.digest ()));

System. Out. println ();

}

System. Out. println ("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

String line = reader. Readline (). Trim ();

Int K;

Try {

K = (line. Length () = 0 )? 0: integer. parseint (line)-1;

} Catch (numberformatexception e ){

System. Out. println ("keystore not changed ");

Return;

}

X509certificate Cert = chain [k];

String alias = Host + "-" + (k + 1 );

KS. setcertificateentry (alias, Cert );

Outputstream out = new fileoutputstream ("jssecacerts ");

KS. Store (Out, passphrase );

Out. Close ();

System. Out. println ();

System. Out. println (CERT );

System. Out. println ();

System. Out. println ("added certificate to keystore 'jssecacerts' using alias'" + alias + "'");

}

Private Static final char [] hexdigits = "0123456789 abcdef". tochararray ();

Private Static string tohexstring (byte [] bytes ){

Stringbuilder sb = new stringbuilder (bytes. length * 3 );

For (int B: bytes ){

B & = 0xff;

SB. append (hexdigits [B> 4]);

SB. append (hexdigits [B & 15]);

SB. append ('');

}

Return sb. tostring ();

}

Private Static class savingtrustmanager implements x509trustmanager {

Private Final x509trustmanager TM;

Private x509certificate [] chain;

Savingtrustmanager (x509trustmanager TM ){

This. TM = TM;

}

Public x509certificate [] getacceptedissuers (){

Throw new unsupportedoperationexception ();

}

Public void checkclienttrusted (x509certificate [] Chain, string authtype) throws certificateexception {

Throw new unsupportedoperationexception ();

}

Public void checkservertrusted (x509certificate [] Chain, string authtype) throws certificateexception {

This. Chain = chain;

TM. checkservertrusted (chain, authtype );

}

}

}

This article is from "Li Gang's Learning Journey" blog, please be sure to keep this source http://381510688.blog.51cto.com/4623168/1570385

Solve the pkix problem: unable to find valid certification path to requested target