知方号

知方号

IDEA maven引入 SSL证书校验问题<数字证书导入启用失败怎么回事>

maven依赖导入问题

之前在做项目的时候就遇到了这个问题,pom文件中引入依赖时,会有如下报错:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target

这是因为maven请求远程仓库进行下载依赖jar包时进行了安全证书的验证,由于本地jdk没有添加安全证书,因此在执行安全验证时没有通过,造成了依赖无法引入的问题。

解决方法

1.手动下载依赖

我第一次遇到这个问题的时候就是这样解决的,现在想来也是非常头铁的一种解决方式。需要什么依赖自己下载到本地maven仓库。由于不可名状的原因国内开发者不可能访问国外的maven库因此需要使用aliyun提供的maven库,此处附上网址:

https://maven.aliyun.com/mvn/view

2.忽略SSL证书校验

既然我们没有证书,那么就直接忽略证书校验好了。 IDEA打开file->settings->Build,Execution,Development->Build Tools->Runner->VM Options,在输入框中输入命令使运行时忽略SLL证书的校验即可。 附上mvn命令:

-Dmaven.wagon.http.ssl.insecure=true-Dmaven.wagon.http.ssl.allowall=true

3.生成并导入SSL证书

如果我们没有证书,又不想忽略校验,那么我们就自己生成一个SSL证书即可。

3.1

新建一个InstallCert类运行证书生成代码,注意,在执行前需要设置main参数,参数即为maven地址,如"maven.aliyun.com/nexus/content/groups/public"。程序运行过程中需要确定,输入1即可。执行完成后会在程序同级目录生成jssecacerts证书,接下来就是将证书导入。 PS:如果不想设置main参数也可以自定义一个String[] str变量并赋值为maven仓库的url,然后把代码中的args改成str即可。

此处附上证书生成代码:

import javax.net.ssl.*;import java.io.*;import java.security.KeyStore;import java.security.MessageDigest;import java.security.cert.CertificateException;import java.security.cert.X509Certificate;public class InstallCert { public static void main(String[] args) throws Exception { String host; int port; char[] passphrase; if ((args.length == 1) || (args.length == 2)) { String[] c = args[0].split(":"); host = c[0]; port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); String p = (args.length == 1) ? "changeit" : args[1]; passphrase = p.toCharArray(); } else { System.out .println("Usage: java InstallCert [:port] [passphrase]"); return; } File file = new File("jssecacerts"); if (file.isFile() == false) { char SEP = File.separatorChar; File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security"); file = new File(dir, "jssecacerts"); if (file.isFile() == false) { file = new File(dir, "cacerts"); } } System.out.println("Loading KeyStore " + file + "..."); InputStream in = new FileInputStream(file); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(in, passphrase); in.close(); SSLContext context = SSLContext.getInstance("TLS"); TrustManagerFactory tmf = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); X509TrustManager defaultTrustManager = (X509TrustManager) tmf .getTrustManagers()[0]; SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); context.init(null, new TrustManager[]{tm}, null); SSLSocketFactory factory = context.getSocketFactory(); System.out .println("Opening connection to " + host + ":" + port + "..."); SSLSocket socket = (SSLSocket) factory.createSocket(host, port); socket.setSoTimeout(10000); try { System.out.println("Starting SSL handshake..."); socket.startHandshake(); socket.close(); System.out.println(); System.out.println("No errors, certificate is already trusted"); } catch (SSLException e) { System.out.println(); e.printStackTrace(System.out); } X509Certificate[] chain = tm.chain; if (chain == null) { System.out.println("Could not obtain server certificate chain"); return; } BufferedReader reader = new BufferedReader(new InputStreamReader( System.in)); System.out.println(); System.out.println("Server sent " + chain.length + " certificate(s):"); System.out.println(); MessageDigest sha1 = MessageDigest.getInstance("SHA1"); MessageDigest md5 = MessageDigest.getInstance("MD5"); for (int i = 0; i > 4]); sb.append(HEXDIGITS[b & 15]); sb.append(); } return sb.toString(); } private static class SavingTrustManager implements X509TrustManager { private final X509TrustManager tm; private X509Certificate[] chain; SavingTrustManager(X509TrustManager tm) { this.tm = tm; } public X509Certificate[] getAcceptedIssuers() { throw new UnsupportedOperationException(); } public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { throw new UnsupportedOperationException(); } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { this.chain = chain; tm.checkServerTrusted(chain, authType); } }} 3.2

把生成的证书文件放至路径 JAVA_HOME/jre/lib/security下,每个人的 JAVA_HOME都不一样,各自对应自己的路径,最后重启系统。

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件至lizi9903@foxmail.com举报,一经查实,本站将立刻删除。