解决PKIX path building failed的问题
在一次调试中,出现了这个错误:
[ERROR] http-8080-Processor25 2010-01-20 15:29:28,640 org.jasig.cas.client.validation.Cas20ServiceTicketValidator - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetat com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:58)at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:167)at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:141)at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:137)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:149)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:78)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)at com.web114.web.filter.UTF8EncoderFilter.doFilter(UTF8EncoderFilter.java:57)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)at java.lang.Thread.run(Unknown Source)
protected final String retrieveResponseFromServer(final URL validationUrl,final String ticket) {HttpURLConnection connection = null;try {connection = (HttpURLConnection) validationUrl.openConnection();final BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));String line;final StringBuffer stringBuffer = new StringBuffer(255);synchronized (stringBuffer) {while ((line = in.readLine()) != null) {stringBuffer.append(line);stringBuffer.append("\n");}return stringBuffer.toString();}} catch (final IOException e) {log.error(e, e);return null;} catch (final Exception e1){log.error(e1, e1);return null;}finally {if (connection != null) {connection.disconnect();}}}trustAllHttpsCertificates();HttpsURLConnection.setDefaultHostnameVerifier(hv);
HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String urlHostName, SSLSession session) { System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost()); return true; } };private static void trustAllHttpsCertificates() throws Exception {javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];javax.net.ssl.TrustManager tm = new miTM();trustAllCerts[0] = tm;javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");sc.init(null, trustAllCerts, null);javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());}static class miTM implements javax.net.ssl.TrustManager,javax.net.ssl.X509TrustManager {public java.security.cert.X509Certificate[] getAcceptedIssuers() {return null;}public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) {return true;}public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) {return true;}public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)throws java.security.cert.CertificateException {return;}public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)throws java.security.cert.CertificateException {return;}}