Comment ignorer la création de chemin PKIX a échoué: sun.security.provider.certpath.SunCertPathBuilderException?

J’ai eu l’exception suivante lorsque j’essaie d’envoyer une demande à un serveur http:

Voici le code que j’ai utilisé

URL url = new URL( "https://www.abc.com"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("GET"); conn.setDoOutput(true); DataOutputStream wr = new DataOutputStream(conn.getOutputStream()); // wr.writeBytes(params); wr.flush(); wr.close(); BufferedReader br = new BufferedReader(new InputStreamReader( conn.getInputStream())); Ssortingng line = null; while ((line = br.readLine()) != null) { System.out.println(line); } 

Voici l’exception:

 Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certificateion path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) at com.amazon.mzang.tools.httpchecker.CategoryYank.getPV(CategoryYank.java:32) at com.amazon.mzang.tools.httpchecker.CategoryYank.main(CategoryYank.java:18) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certificateion path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185) ... 13 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certificateion path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ... 19 more 

Le serveur ne m’appartient pas. Est-il possible d’ignorer cette exception?

Si vous voulez ignorer le certificate tous ensemble, jetez un oeil à la réponse ici: Ignorer le certificate ssl auto-signé en utilisant le client Jersey

Bien que cela rendra votre application vulnérable aux attaques de type man-in-the-middle.

Ou essayez d’append le certificate à votre magasin Java en tant que certificate de confiance. Ce site peut être utile. http://blog.icodejava.com/tag/get-public-key-of-ssl-certificatee-in-java/

Voici un autre fil de discussion montrant comment append un certificate à votre magasin. Java SSL connect, ajoutez le certificate de serveur au magasin de clés par programme

La clé est la suivante:

 KeyStore.Entry newEntry = new KeyStore.TrustedCertificateEntry(someCert); ks.setEntry("someAlias", newEntry, null); 

J’ai utilisé le code ci-dessous pour remplacer la vérification SSL dans mon projet et cela a fonctionné pour moi.

 package com.beingjavaguys.testftp; import java.io.InputStreamReader; import java.io.Reader; import java.net.URL; import java.net.URLConnection; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; /** * Fix for Exception in thread "main" javax.net.ssl.SSLHandshakeException: * sun.security.validator.ValidatorException: PKIX path building failed: * sun.security.provider.certpath.SunCertPathBuilderException: unable to find * valid certificateion path to requested target */ public class ConnectToHttpsUrl { public static void main(Ssortingng[] args) throws Exception { /* Start of Fix */ TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, Ssortingng authType) { } public void checkServerTrusted(X509Certificate[] certs, Ssortingng authType) { } } }; SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(Ssortingng hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); /* End of the fix*/ URL url = new URL("https://nameofthesecuredurl.com"); URLConnection con = url.openConnection(); Reader reader = new InputStreamReader(con.getInputStream()); while (true) { int ch = reader.read(); if (ch == -1) break; System.out.print((char) ch); } } } 

Définissez la propriété validateTLSCertificates sur false pour votre commande JSoup .

 Jsoup.connect("https://google.com/").validateTLSCertificates(false).get(); 

FWIW, sur Ubuntu 10.04.2 LTS en installant les packages ca-certificatees-java et ca-certificatees a résolu ce problème pour moi.

J’ai eu la même erreur lors de l’exécution du test simple Spring-Boot + RestAssured ci-dessous.

 import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import static com.jayway.restassured.RestAssured.when; import static org.apache.http.HttpStatus.SC_OK; @RunWith(SpringJUnit4ClassRunner.class) public class GeneratorTest { @Test public void generatorEndPoint() { when().get("https://bal-bla-bla-bla.com/generators") .then().statusCode(SC_OK); } } 

La solution simple dans mon cas est d’append ‘useRelaxedHTTPSValidations ()’

 RestAssured.useRelaxedHTTPSValidation(); 

Alors le test ressemble à

 import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import static com.jayway.restassured.RestAssured.when; import static org.apache.http.HttpStatus.SC_OK; @RunWith(SpringJUnit4ClassRunner.class) public class GeneratorTest { @Before public void setUp() { RestAssured.useRelaxedHTTPSValidation(); } @Test public void generatorEndPoint() { when().get("https://bal-bla-bla-bla.com/generators") .then().statusCode(SC_OK); } }