调微信支付接口出现安全证书问题

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
错误代码如上。

解决方案
运行下面的类

public class InstallCert {
 
    public static void main(String[] args) throws Exception {
	String host;
	int port;
	char[] passphrase;
	//写微信支付接口
	String[] h={"api.mch.weixin.qq.com"};
	if ((h.length == 1) || (h.length == 2)) {
	    String[] c = h[0].split(":");
	    host = c[0];
	    port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
	    String p = (h.length == 1) ? "changeit" : h[1];
	    passphrase = p.toCharArray();
	} else {
	    System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
	    return;
	}
 
	File file = new File("jssecacerts");
	if (file.isFile() == false) {
	    char SEP = File.separatorChar;
	    File dir = new File(System.getProperty("java.home") + SEP
		    + "lib" + SEP + "security");
	    file = new File(dir, "jssecacerts");
	    if (file.isFile() == false) {
		file = new File(dir, "cacerts");
	    }
	}
	System.out.println("Loading KeyStore " + file + "...");
	InputStream in = new FileInputStream(file);
	KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
	ks.load(in, passphrase);
	in.close();
 
	SSLContext context = SSLContext.getInstance("TLS");
	TrustManagerFactory tmf =
	    TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
	tmf.init(ks);
	X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
	SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
	context.init(null, new TrustManager[] {tm}, null);
	SSLSocketFactory factory = context.getSocketFactory();
 
	System.out.println("Opening connection to " + host + ":" + port + "...");
	SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
	socket.setSoTimeout(10000);
	try {
	    System.out.println("Starting SSL handshake...");
	    socket.startHandshake();
	    socket.close();
	    System.out.println();
	    System.out.println("No errors, certificate is already trusted");
	} catch (SSLException e) {
	    System.out.println();
	    e.printStackTrace(System.out);
	}
 
	X509Certificate[] chain = tm.chain;
	if (chain == null) {
	    System.out.println("Could not obtain server certificate chain");
	    return;
	}
 
	BufferedReader reader =
		new BufferedReader(new InputStreamReader(System.in));
 
	System.out.println();
	System.out.println("Server sent " + chain.length + " certificate(s):");
	System.out.println();
	MessageDigest sha1 = MessageDigest.getInstance("SHA1");
	MessageDigest md5 = MessageDigest.getInstance("MD5");
	for (int i = 0; i < chain.length; i++) {
	    X509Certificate cert = chain[i];
	    System.out.println
	    	(" " + (i + 1) + " Subject " + cert.getSubjectDN());
	    System.out.println("   Issuer  " + cert.getIssuerDN());
	    sha1.update(cert.getEncoded());
	    System.out.println("   sha1    " + toHexString(sha1.digest()));
	    md5.update(cert.getEncoded());
	    System.out.println("   md5     " + toHexString(md5.digest()));
	    System.out.println();
	}
 
	System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
	String line = reader.readLine().trim();
	int k;
	try {
	    k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
	} catch (NumberFormatException e) {
	    System.out.println("KeyStore not changed");
	    return;
	}
 
	X509Certificate cert = chain[k];
	String alias = host + "-" + (k + 1);
	ks.setCertificateEntry(alias, cert);
 
	OutputStream out = new FileOutputStream("jssecacerts");
	ks.store(out, passphrase);
	out.close();
 
	System.out.println();
	System.out.println(cert);
	System.out.println();
	System.out.println
		("Added certificate to keystore 'jssecacerts' using alias '"
		+ alias + "'");
    }
 
    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
 
    private static String toHexString(byte[] bytes) {
	StringBuilder sb = new StringBuilder(bytes.length * 3);
	for (int b : bytes) {
	    b &= 0xff;
	    sb.append(HEXDIGITS[b >> 4]);
	    sb.append(HEXDIGITS[b & 15]);
	    sb.append(' ');
	}
	return sb.toString();
    }
 
    private static class SavingTrustManager implements X509TrustManager {
 
	private final X509TrustManager tm;
	private X509Certificate[] chain;
 
	SavingTrustManager(X509TrustManager tm) {
	    this.tm = tm;
	}
 
	public X509Certificate[] getAcceptedIssuers() {
	    throw new UnsupportedOperationException();
	}
 
	public void checkClientTrusted(X509Certificate[] chain, String authType)
		throws CertificateException {
	    throw new UnsupportedOperationException();
	}
 
	public void checkServerTrusted(X509Certificate[] chain, String authType)
		throws CertificateException {
	    this.chain = chain;
	    tm.checkServerTrusted(chain, authType);
	}
    }
 
}
D:\Develop\jdk8\bin\java.exe "-javaagent:D:\Develop\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar=51261:D:\Develop\IntelliJ IDEA 2019.1.3\bin" -Dfile.encoding=UTF-8 -classpath D:\Develop\jdk8\jre\lib\charsets.jar;D:\Develop\jdk8\jre\lib\deploy.jar;D:\Develop\jdk8\jre\lib\ext\access-bridge-64.jar;D:\Develop\jdk8\jre\lib\ext\cldrdata.jar;D:\Develop\jdk8\jre\lib\ext\dnsns.jar;D:\Develop\jdk8\jre\lib\ext\jaccess.jar;D:\Develop\jdk8\jre\lib\ext\jfxrt.jar;D:\Develop\jdk8\jre\lib\ext\localedata.jar;D:\Develop\jdk8\jre\lib\ext\nashorn.jar;D:\Develop\jdk8\jre\lib\ext\sunec.jar;D:\Develop\jdk8\jre\lib\ext\sunjce_provider.jar;D:\Develop\jdk8\jre\lib\ext\sunmscapi.jar;D:\Develop\jdk8\jre\lib\ext\sunpkcs11.jar;D:\Develop\jdk8\jre\lib\ext\zipfs.jar;D:\Develop\jdk8\jre\lib\javaws.jar;D:\Develop\jdk8\jre\lib\jce.jar;D:\Develop\jdk8\jre\lib\jfr.jar;D:\Develop\jdk8\jre\lib\jfxswt.jar;D:\Develop\jdk8\jre\lib\jsse.jar;D:\Develop\jdk8\jre\lib\management-agent.jar;D:\Develop\jdk8\jre\lib\plugin.jar;D:\Develop\jdk8\jre\lib\resources.jar;D:\Develop\jdk8\jre\lib\rt.jar;D:\IDEA_Project\leyou\ly-pojo\ly-order-pojo\target\classes;D:\Develop\webserver\maven_repository\tk\mybatis\mapper-core\1.1.5\mapper-core-1.1.5.jar;D:\Develop\webserver\maven_repository\javax\persistence\persistence-api\1.0\persistence-api-1.0.jar;D:\Develop\webserver\maven_repository\com\fasterxml\jackson\core\jackson-databind\2.9.8\jackson-databind-2.9.8.jar;D:\Develop\webserver\maven_repository\com\fasterxml\jackson\core\jackson-annotations\2.9.0\jackson-annotations-2.9.0.jar;D:\Develop\webserver\maven_repository\com\fasterxml\jackson\core\jackson-core\2.9.8\jackson-core-2.9.8.jar;D:\Develop\webserver\maven_repository\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar;D:\Develop\webserver\maven_repository\org\projectlombok\lombok\1.18.6\lombok-1.18.6.jar com.leyou.order.dto.InstallCert
Loading KeyStore D:\Develop\jdk8\jre\lib\security\cacerts...
Opening connection to api.mch.weixin.qq.com:443...
Starting SSL handshake...

javax.net.ssl.SSLException: java.lang.UnsupportedOperationException
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1903)
	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1886)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1402)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
	at com.leyou.order.dto.InstallCert.main(InstallCert.java:58)
Caused by: java.lang.UnsupportedOperationException
	at com.leyou.order.dto.InstallCert$SavingTrustManager.getAcceptedIssuers(InstallCert.java:142)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1204)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1150)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1092)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
	... 2 more

Server sent 3 certificate(s):

 1 Subject CN=payapp.weixin.qq.com, OU=R&D, O=Shenzhen Tencent Computer Systems Company Limited, L=Shenzhen, ST=Guangdong, C=CN
   Issuer  CN=Secure Site CA G2, OU=www.digicert.com, O=DigiCert Inc, C=US
   sha1    7e 63 97 43 73 22 6e f3 16 e9 50 87 df cb 48 82 c2 c0 01 c0 
   md5     60 a0 3e 96 f3 c1 cf 4a 13 f3 a0 f7 73 6d f4 f8 

 2 Subject CN=Secure Site CA G2, OU=www.digicert.com, O=DigiCert Inc, C=US
   Issuer  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
   sha1    8d 88 8b 3c ae 20 c7 4f 4c e1 b3 0b f5 1e e3 6e ab 56 2c de 
   md5     60 90 14 30 38 22 99 f7 e3 72 9f 64 91 ea 3f a4 

 3 Subject CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
   Issuer  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
   sha1    fb 20 fa 8a 6a 93 b3 75 f0 54 81 4f 9e 00 27 3e a5 1a 61 38 
   md5     44 aa 16 4a e8 fb 6b 59 01 d0 c6 ba 62 e5 48 27 

Enter certificate to add to trusted keystore or 'q' to quit: [1]

输入1回车即可。

调其他接口出现问题只需改类中的地址为接口地址

调微信支付接口出现安全证书问题调微信支付接口出现安全证书问题 ccccchaibo 发布了5 篇原创文章 · 获赞 3 · 访问量 99 私信 关注
上一篇:Git 小课堂 002——别名


下一篇:小程序解密用户信息报 IV not 16 bytes long