在进行gradle构建时,我一直在研究PXIX路径构建失败的问题。重新安装jdk不起作用,但是代码可以在其他PC(win / ubuntu)上运行,没有任何问题。 我跟踪了无数篇文章,将目标主机的证书(例如plugins.gradle.org)导入到我的本地Java密钥库中,但还是没有运气。
当我打开java.net.ssl的调试时,我注意到以下区别:我使用openssl / keytool导入的证书与我在握手期间获得的证书具有不同的签名算法(请参阅底部的代码)!这似乎是问题所在。
我的问题是:这是我的“ PKIX路径构建失败”问题的真正原因吗?我该如何解决呢?
我在本地密钥库中拥有的密钥(我导入的密钥):
"certificate" : {
"version" : "v3",
"serial number" : "0B 68 E1 1A 96 B8 F5 45 9E F6 BE 18 1E B3 64 B7",
"signature algorithm": "SHA256withECDSA", <<-----------
"issuer" : "CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US",
"not before" : "2020-07-05 08:00:00.000 CST",
"not after" : "2021-07-05 20:00:00.000 CST",
"subject" : "CN=gradle.org, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
},
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.digicert.com
,
accessMethod: caIssuers
accessLocation: URIName: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: A5 CE 37 EA EB B0 75 0E 94 67 88 B4 45 FA D9 24 ..7...u..g..E..$
0010: 10 87 96 1F ....
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl3.digicert.com/CloudflareIncECCCA-3.crl]
, DistributionPoint:
[URIName: http://crl4.digicert.com/CloudflareIncECCCA-3.crl]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.114412.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di
0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS
]] ]
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: gradle.org
DNSName: *.gradle.org
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 44 80 3A FA 00 84 38 D1 BD 20 F2 AB 55 7D FD 0C D.:...8.. ..U...
0010: BB 2B F8 50 .+.P
]
]
}
]},
但是我在握手过程中从服务器获得的证书:
javax.net.ssl|DEBUG|01|main|2020-08-09 02:12:11.364 CST|CertificateMessage.java:358|Consuming server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "00 FA 96 8B 4E 71 C3 D7 DF 61 53 3D 49 07 83 1F 5E",
"signature algorithm": "SHA256withRSA",<<-----------
"issuer" : "CN=GlobalSign Root CA, C=EN",
"not before" : "2020-07-05 08:00:00.000 CST",
"not after" : "2021-07-05 20:00:00.000 CST",
"subject" : "CN=gradle.org, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: gradle.org
DNSName: *.gradle.org
]
}
]}
]
)