【问题标题】:java - SSL in RMI [duplicate]java - RMI 中的 SSL [重复]
【发布时间】:2016-09-01 18:12:48
【问题描述】:

我正在尝试运行用于构建 RMI here 的示例代码,如果我将策略文件修改为此,我可以让服务器运行:

grant {
    permission java.net.SocketPermission "*", "listen,accept,resolve";
};

客户端返回此异常:

HelloClient exception: error during JRMP connection establishment; nested exception is: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at Client.Client.main(Client.java:25)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.DataOutputStream.flush(Unknown Source)
... 5 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 22 more

但我什至找不到所有这些东西的定义位置,所以我什至可以尝试解决它。谁能帮帮我?

编辑:

现在它给了我这个错误。我认为这与信任锚有关,但我不明白如何定义它们。

 HelloClient exception: error during JRMP connection establishment; nested exception is: 
     javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
     javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at Client.Client.main(Client.java:25)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.DataOutputStream.flush(Unknown Source)
... 5 more
 Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(Unknown Source)
at sun.security.validator.Validator.getInstance(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.getValidator(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
... 9 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(Unknown Source)
at java.security.cert.PKIXParameters.<init>(Unknown Source)
at java.security.cert.PKIXBuilderParameters.<init>(Unknown Source)
... 22 more

【问题讨论】:

  • @EJP 那篇文章对我没有帮助。我不明白答案,我明白我已经尝试过:将 JAVA_HOME 更改为 java1.8 ... samplecacert 所在的位置。尝试将samplecacert移动到项目根目录,src文件夹和server文件夹。

标签: java ssl rmi sslhandshakeexception


【解决方案1】:

检查 README.txt 文件部分“使用 SUN 的 JDK 运行的注意事项”,您似乎正在使用默认的信任库运行 Java。

samplecacerts

此信任库文件与股票非常相似 JDK cacerts 文件,因为它包含信任 来自多个供应商的证书。它还包含 来自“Duke”和“localhost”的可信证书 以上。

此密钥库的密码与 JDK cacert的初始密码:changeit

请参阅您的提供商的文档以了解 如何配置受信任证书的位置 文件。

使用 SUN 的 JDK 运行的注意事项:

Sun JDK 的用户可以指定 使用以下方法之一建立信任库 方法(并且在 Sun JDK JSSE 参考指南):

  1. 系统属性:
    java -Djavax.net.ssl.trustStore=samplecacerts \
    -Djavax.net.ssl.trustStorePassword=changeit
    Application
  1. 将文件安装到:
    <java-home>/lib/security/jssecacerts
  1. 将文件安装到:
    <java-home>/lib/security/cacerts

如果您选择 2) 或 3),请务必替换此 之前带有生产 cacerts 文件的文件 部署。

【讨论】:

  • 感谢您的回复。尝试了你所说的,错误改变了。编辑原始问题。
  • 这完全是关于使用示例代码提供的“公爵”证书。没有证据表明 OP 正在这样做。
  • 我的回答与第一个错误有关,与配置trustore后添加的不是原问题的错误无关。
  • 您的回答表明他应该使用随样本提供的 samplecacerts 文件,除非他使用“duke”证书,否则这不是必需的。您引用的注释是关于运行示例代码,而不是使用 JSSE 的一般软件。
  • 注释与原始问题有关,运行示例时出现问题,他不需要 duke cert 但需要 localhost 条目,请阅读自述文件中的 rmi 条目
猜你喜欢
  • 2018-08-15
  • 1970-01-01
  • 1970-01-01
  • 2011-01-23
  • 1970-01-01
  • 2016-03-08
  • 2016-02-06
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多