2013年2月28日星期四

sun.security.validator.ValidatorException: PKIX path validation failed

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: basic constraints check failed: pathLenConstraint violated - this cert must be the last cert in the certification path
 at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
 at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
 at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
 at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
 at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
 at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
 at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
 at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
 at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
 at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
 at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
 at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
 at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
 at com.my.FlagIt.main(FlagIt.java:143)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: basic constraints check failed: pathLenConstraint violated - this cert must be the last cert in the certification path
 at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:251)
 at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:234)
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:158)
 at sun.security.validator.Validator.validate(Validator.java:218)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
 ... 17 more
Caused by: java.security.cert.CertPathValidatorException: basic constraints check failed: pathLenConstraint violated - this cert must be the last cert in the certification path
 at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
 at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:326)
 at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
 at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
 at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:246)
 ... 24 more


Resolution:

Add these codes before your codes:
X509TrustManager tm = new X509TrustManager() {
   @Override
   public
   X509Certificate[] getAcceptedIssuers() {
    return null;
   }
   @Override
   public void checkClientTrusted(X509Certificate[] arg0, String arg1)
     throws CertificateException {
    // TODO Auto-generated method stub
   
   }
   @Override
   public void checkServerTrusted(X509Certificate[] arg0, String arg1)
     throws CertificateException {
    // TODO Auto-generated method stub
   
   }
  };
  SSLContext ctx;
 
 
   int port = 443;
  
   //Protocol https = new Protocol("https", new AuthSSLProtocolSocketFactory(), port);
   //
   //Protocol https = new Protocol("https", new MySocketFactory(), port);
   //new EasySSLProtocolSocketFactory();
   Protocol https = new Protocol("https", new AuthSSLProtocolSocketFactory(), port);
  
   Protocol.registerProtocol("https", https);
  
   try {
    ctx = SSLContext.getInstance("SSL");
    ctx.init(null, new TrustManager[] { tm }, null);
    SSLContext.setDefault(ctx);
   } catch (NoSuchAlgorithmException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
   } catch (KeyManagementException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
   }


Add this class:
package com.my;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;

public class AuthSSLProtocolSocketFactory implements
  SecureProtocolSocketFactory {
 private SSLContext sslcontext = null;
 private SSLContext createSSLContext() {
  SSLContext sslcontext = null;
  try {
   sslcontext = SSLContext.getInstance("SSL");
   sslcontext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new java.security.SecureRandom());
  } catch (NoSuchAlgorithmException e) {
   e.printStackTrace();
  } catch (KeyManagementException e) {
   e.printStackTrace();
  }
  return sslcontext;
 }
 private SSLContext getSSLContext() {
  if (this.sslcontext == null) {
   this.sslcontext = createSSLContext();
  }
  return this.sslcontext;
 }
 public Socket createSocket(Socket socket, String host, int port,
   boolean autoClose) throws IOException, UnknownHostException {
  return getSSLContext().getSocketFactory().createSocket(socket, host,
    port, autoClose);
 }
 public Socket createSocket(String host, int port) throws IOException,
   UnknownHostException {
  return getSSLContext().getSocketFactory().createSocket(host, port);
 }
 public Socket createSocket(String host, int port, InetAddress clientHost,
   int clientPort) throws IOException, UnknownHostException {
  return getSSLContext().getSocketFactory().createSocket(host, port,
    clientHost, clientPort);
 }
 public Socket createSocket(String host, int port, InetAddress localAddress,
   int localPort, HttpConnectionParams params) throws IOException,
   UnknownHostException, ConnectTimeoutException {
  if (params == null) {
   throw new IllegalArgumentException("Parameters may not be null");
  }
  int timeout = params.getConnectionTimeout();
  SocketFactory socketfactory = getSSLContext().getSocketFactory();
  if (timeout == 0) {
   return socketfactory.createSocket(host, port, localAddress,
     localPort);
  } else {
   Socket socket = socketfactory.createSocket();
   SocketAddress localaddr = new InetSocketAddress(localAddress,
     localPort);
   SocketAddress remoteaddr = new InetSocketAddress(host, port);
   socket.bind(localaddr);
   socket.connect(remoteaddr, timeout);
   return socket;
  }
 }

  private static class TrustAnyTrustManager implements X509TrustManager {
       
         public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
         }
   
         public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
         }
   
         public X509Certificate[] getAcceptedIssuers() {
             return new X509Certificate[]{};
         }
  /* @Override
   public
   X509Certificate[] getAcceptedIssuers() {
    return null;
   }
   @Override
   public void checkClientTrusted(X509Certificate[] arg0, String arg1)
     throws CertificateException {
    // TODO Auto-generated method stub
   
   }
   @Override
   public void checkServerTrusted(X509Certificate[] arg0, String arg1)
     throws CertificateException {
    // TODO Auto-generated method stub
   
   }*/
     }
 
}


That's it.

2013年2月7日星期四