Question

我构建了一个客户端 - 服务器SSL应用程序，我想在其中进行一些测试，但我遇到了客户端问题。服务器运行正常，但当我尝试运行客户端时，我收到此消息：

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
    at sun.security.ssl.AppOutputStream.write(Unknown Source)
    at java.io.OutputStream.write(Unknown Source)
    at ssl.Client.main(Client.java:17)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 10 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 16 more

服务器：

package ssl;

import java.io.PrintStream;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;

public class Server {
    private static final String HOST = "localhost";
    private static final int PORT = 3443;

    public static void main(String[] args) throws Exception {
        System.setProperty("javax.net.ssl.keyStore", "DebKeyStore.jks");
        System.setProperty("javax.net.ssl.keyStorePassword", "iliebc");

        SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
        ServerSocket ss = ssf.createServerSocket(PORT, 0, InetAddress.getByName(HOST));

        System.out.println("Server started on port " + PORT);

        while (true) {
      Socket s = ss.accept();
      SSLSession session = ((SSLSocket) s).getSession();
      //System.out.println(session.getLocalCertificates());

      Certificate[] cchain2 = session.getLocalCertificates();
      for (int i = 0; i < cchain2.length; i++) {
        System.out.println(((X509Certificate) cchain2[i]).getSubjectDN());
      }
      System.out.println("Peer host is " + session.getPeerHost());
      System.out.println("Cipher is " + session.getCipherSuite());
      System.out.println("Protocol is " + session.getProtocol());
      System.out.println("ID is " + new BigInteger(session.getId()));
      System.out.println("Session created in " + session.getCreationTime());
      System.out.println("Session accessed in " + session.getLastAccessedTime());
      PrintStream out = new PrintStream(s.getOutputStream());
      out.println("Hi");
      out.close();
      s.close();
    }
    }
}

客户端：

package ssl;

import java.io.OutputStream;
import java.net.InetAddress;
import java.net.Socket;

import javax.net.ssl.SSLSocketFactory;

public class Client {
    private static final String HOST = "localhost";
    private static final int PORT = 3443;

    public static void main(String[] args) throws Exception {
        SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault();
        Socket socket = sf.createSocket(InetAddress.getByName(HOST), PORT);

        OutputStream out = socket.getOutputStream();
        System.out.println(out);
        out.write("\nConnection established.\n\n".getBytes());
        out.flush();

        int theCharacter = 0;
        theCharacter = System.in.read();

        while (theCharacter != '~') { // The '~' is an escape character to exit
            out.write(theCharacter);
            out.flush();
            theCharacter = System.in.read();
        }

        out.close();
        socket.close();
    }
}

我该如何解决这个例外？

Answer 1

解决方案：

System.setProperty("javax.net.ssl.keyStore", "DebKeyStore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "iliebc");
System.setProperty("javax.net.ssl.trustStore", "DebKeyStore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "iliebc");

Java SSL客户端 - 服务器：无法找到有效的证书

1 个答案: