Solve the pkix problem: unable to find valid certification path to requested target

Source: Internet
Author: User

/*

* Copyright 2006 Sun Microsystems, Inc. All rights reserved.

*

* Redistribution and use in source and binary forms, with or

* Modification, are permitted provided that the following conditions

* Are met:

*

*-Redistributions of source code must retain the above Copyright

* Notice, this list of conditions and the following disclawing.

*

*-Redistributions in binary form must reproduce the above Copyright

* Notice, this list of conditions and the following disclawing in

* Documentation and/or other materials provided with the distribution.

*

*-Neither the name of Sun Microsystems nor the names of its

* Contributors may be used to endorse or promote products derived

* From this software without specific prior written permission.

*

* This software is provided by the copyright holders and contributors"

* Is "and any express or implied warranties, including, but not limited,

* The implied warranties of merchantability and fitness for a participant

* Purpose are disclaimed. In no event shall the copyright owner or

* Contributors be liable for any direct, indirect, incidental, special,

* Exemplary, or consequential damages (including, but not limited,

* Procurement of substitute goods or services; loss of use, data, or

* Profits; or business interruption) however caused and on any theory

* Liability, whether in contract, strict liability, or tort (including

* Negligence or otherwise) arising in any way out of the use of this

* Software, even if advised of the possibility of such damage.

*/


Import java. Io. bufferedreader;

Import java. Io. file;

Import java. Io. fileinputstream;

Import java. Io. fileoutputstream;

Import java. Io. inputstream;

Import java. Io. inputstreamreader;

Import java. Io. outputstream;

Import java. Security. keystore;

Import java. Security. messagedigest;

Import java. Security. cert. certificateexception;

Import java. Security. cert. x509certificate;


Import javax.net. SSL. sslcontext;

Import javax.net. SSL. sslexception;

Import javax.net. SSL. sslsocket;

Import javax.net. SSL. sslsocketfactory;

Import javax.net. SSL. trustmanager;

Import javax.net. SSL. trustmanagerfactory;

Import javax.net. SSL. x509trustmanager;


/**

* Step 1: Execution method: Java installcert hostname

* Eg: Java installcert www.cebbank.com

* Step 2: Enter 1 and press Enter. The following print information is displayed.

* Step 3: A certificate named jssecacerts has been generated in the face-to-face directory.

* Step 4: copy the certificate named jssecacerts \ % java_honme % \ JRE \ Lib \ SECURITY \

* Step 5: restart the Application Service and the certificate will take effect ..

* PS: Remove Chinese comments for execution; otherwise, an error will be reported !!!

* @ Author Ligang

*

* First, compile the Java file directory.

* Javac-D. installcert. Java

* Java COM/ptengine/test/installcert localhost

*/

Public class installcert {

Public static void main (string [] ARGs) throws exception {

String host;

Int port;

Char [] passphrase;

If (ARGs. Length = 1) | (ARGs. Length = 2 )){

String [] C = ARGs [0]. Split (":");

Host = C [0];

Port = (C. Length = 1 )? 443: integer. parseint (C [1]);

String P = (ARGs. Length = 1 )? "Changeit": ARGs [1];

Passphrase = P. tochararray ();

} Else {

System. Out. println ("Usage: Java installcert

Return;

}


File file = new file ("jssecacerts ");

If (file. isfile () = false ){

Char Sep = file. separatorchar;

File dir = new file (system. getproperty ("Java. Home") + Sep + "lib" + Sep + "security ");

File = new file (Dir, "jssecacerts ");

If (file. isfile () = false ){

File = new file (Dir, "cacerts ");

}

}

System. Out. println ("loading keystore" + file + "...");

Inputstream in = new fileinputstream (File );

Keystore Ks = keystore. getinstance (keystore. getdefaulttype ());

KS. Load (in, passphrase );

In. Close ();


Sslcontext context = sslcontext. getinstance ("TLS ");

Trustmanagerfactory TMF = trustmanagerfactory. getinstance (trustmanagerfactory. getdefaultalgorithm ());

TMF. INIT (KS );

X509trustmanager defaulttrustmanager = (x509trustmanager) TMF. gettrustmanagers () [0];

Savingtrustmanager TM = new savingtrustmanager (defatrutrustmanager );

Context. INIT (null, new trustmanager [] {TM}, null );

Sslsocketfactory factory = context. getsocketfactory ();


System. Out. println ("Opening connection to" + host + ":" + port + "...");

Sslsocket socket = (sslsocket) Factory. createsocket (host, Port );

Socket. setsotimeout (10000 );

Try {

System. Out. println ("Starting SSL handshake ...");

Socket. starthandshake ();

Socket. Close ();

System. Out. println ();

System. Out. println ("no errors, certificate is already trusted ");

} Catch (sslexception e ){

System. Out. println ();

E. printstacktrace (system. Out );

}


X509certificate [] Chain = TM. chain;

If (chain = NULL ){

System. Out. println ("cocould not obtain server certificate chain ");

Return;

}


Bufferedreader reader = new bufferedreader (New inputstreamreader (system. In ));


System. Out. println ();

System. Out. println ("server sent" + chain. Length + "certificate (s ):");

System. Out. println ();

Messagedigest sha1 = messagedigest. getinstance ("sha1 ");

Messagedigest MD5 = messagedigest. getinstance ("MD5 ");

For (INT I = 0; I <chain. length; I ++ ){

X509certificate Cert = chain [I];

System. Out. println ("" + (I + 1) + "subject" + cert. getsubjectdn ());

System. Out. println ("issuer" + cert. getissuerdn ());

Sha1.update (CERT. getencoded ());

System. Out. println ("sha1" + tohexstring (sha1.digest ()));

Md5.update (CERT. getencoded ());

System. Out. println ("MD5" + tohexstring (md5.digest ()));

System. Out. println ();

}


System. Out. println ("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

String line = reader. Readline (). Trim ();

Int K;

Try {

K = (line. Length () = 0 )? 0: integer. parseint (line)-1;

} Catch (numberformatexception e ){

System. Out. println ("keystore not changed ");

Return;

}


X509certificate Cert = chain [k];

String alias = Host + "-" + (k + 1 );

KS. setcertificateentry (alias, Cert );


Outputstream out = new fileoutputstream ("jssecacerts ");

KS. Store (Out, passphrase );

Out. Close ();


System. Out. println ();

System. Out. println (CERT );

System. Out. println ();

System. Out. println ("added certificate to keystore 'jssecacerts' using alias'" + alias + "'");

}


Private Static final char [] hexdigits = "0123456789 abcdef". tochararray ();


Private Static string tohexstring (byte [] bytes ){

Stringbuilder sb = new stringbuilder (bytes. length * 3 );

For (int B: bytes ){

B & = 0xff;

SB. append (hexdigits [B> 4]);

SB. append (hexdigits [B & 15]);

SB. append ('');

}

Return sb. tostring ();

}


Private Static class savingtrustmanager implements x509trustmanager {

Private Final x509trustmanager TM;

Private x509certificate [] chain;


Savingtrustmanager (x509trustmanager TM ){

This. TM = TM;

}


Public x509certificate [] getacceptedissuers (){

Throw new unsupportedoperationexception ();

}


Public void checkclienttrusted (x509certificate [] Chain, string authtype) throws certificateexception {

Throw new unsupportedoperationexception ();

}


Public void checkservertrusted (x509certificate [] Chain, string authtype) throws certificateexception {

This. Chain = chain;

TM. checkservertrusted (chain, authtype );

}

}

}

This article is from "Li Gang's Learning Journey" blog, please be sure to keep this source http://381510688.blog.51cto.com/4623168/1570385

Solve the pkix problem: unable to find valid certification path to requested target

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.