unable to find valid certification path to requested target

Posted 2021-03-07 268lwc

[WARNING] Could not transfer metadata org.sonarsource.sonar-packaging-maven-plugin:sonar-packaging-maven-plugin/maven-metadata.xml from/to central (https://repo.maven.apache.org/maven2): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

使用技术：maven   仓库：阿里云

如果报上边那个错误，有多种情况，最直接的方法就是换仓库，可以换国内的或国外的，

国内的下载快，但第三方可能存在验证问题；国外的下载较慢，其实也不是很慢，推荐国外使用maven官方的。

首先说一下我最后的解决方法。

我的方法一：

 打开idea---》setting---》runnner

在vm options中添加：-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true     中间用空格隔开

根据网上搜查，大致还有以下几个方案，不过我尝试都没效果

1.删除本地仓库依赖（我删除了本地仓库，没有效果，反而使项目依赖全都没有，一堆爆红）

2.判斷是连到 repo.maven.apache.org 的时候凭证未信任.

  1 /*
  2  * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
  3  *
  4  * Redistribution and use in source and binary forms, with or without
  5  * modification, are permitted provided that the following conditions
  6  * are met:
  7  *
  8  *   - Redistributions of source code must retain the above copyright
  9  *     notice, this list of conditions and the following disclaimer.
 10  *
 11  *   - Redistributions in binary form must reproduce the above copyright
 12  *     notice, this list of conditions and the following disclaimer in the
 13  *     documentation and/or other materials provided with the distribution.
 14  *
 15  *   - Neither the name of Sun Microsystems nor the names of its
 16  *     contributors may be used to endorse or promote products derived
 17  *     from this software without specific prior written permission.
 18  *
 19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 20  * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 21  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 23  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 24  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 25  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 26  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 27  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 28  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 29  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 30  */
 31 /**
 32  * Originally from:
 33  * http://blogs.sun.com/andreas/resource/InstallCert.java
 34  * Use:
 35  * java InstallCert hostname
 36  * Example:
 37  *% java InstallCert ecc.fedora.redhat.com
 38  */
 39 
 40 import javax.net.ssl.*;
 41 import java.io.*;
 42 import java.net.Socket;
 43 
 44 import java.security.KeyStore;
 45 import java.security.MessageDigest;
 46 import java.security.cert.CertificateException;
 47 import java.security.cert.X509Certificate;
 48 
 49 /**
 50  * Class used to add the server‘s certificate to the KeyStore
 51  * with your trusted certificates.
 52  */
 53 public class InstallCert {
 54 
 55     public static void main(String[] args) throws Exception {
 56         String host;
 57         int port;
 58         char[] passphrase;
 59         if ((args.length == 1) || (args.length == 2)) {
 60             String[] c = args[0].split(":");
 61             host = c[0];
 62             port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
 63             String p = (args.length == 1) ? "changeit" : args[1];
 64             passphrase = p.toCharArray();
 65         } else {
 66             System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
 67             return;
 68         }
 69 
 70         File file = new File("jssecacerts");
 71         if (file.isFile() == false) {
 72             char SEP = File.separatorChar;
 73             File dir = new File(System.getProperty("java.home") + SEP
 74                     + "lib" + SEP + "security");
 75             file = new File(dir, "jssecacerts");
 76             if (file.isFile() == false) {
 77                 file = new File(dir, "cacerts");
 78             }
 79         }
 80         System.out.println("Loading KeyStore " + file + "...");
 81         InputStream in = new FileInputStream(file);
 82         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
 83         ks.load(in, passphrase);
 84         in.close();
 85 
 86         SSLContext context = SSLContext.getInstance("TLS");
 87         TrustManagerFactory tmf =
 88                 TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
 89         tmf.init(ks);
 90         X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
 91         SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
 92         context.init(null, new TrustManager[]{tm}, null);
 93         SSLSocketFactory factory = context.getSocketFactory();
 94 
 95         System.out.println("Opening connection to " + host + ":" + port + "...");
 96         SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
 97         socket.setSoTimeout(10000);
 98         try {
 99             System.out.println("Starting SSL handshake...");
100             socket.startHandshake();
101             socket.close();
102             System.out.println();
103             System.out.println("No errors, certificate is already trusted");
104         } catch (SSLException e) {
105             System.out.println();
106             e.printStackTrace(System.out);
107         }
108 
109         X509Certificate[] chain = tm.chain;
110         if (chain == null) {
111             System.out.println("Could not obtain server certificate chain");
112             return;
113         }
114 
115         BufferedReader reader =
116                 new BufferedReader(new InputStreamReader(System.in));
117 
118         System.out.println();
119         System.out.println("Server sent " + chain.length + " certificate(s):");
120         System.out.println();
121         MessageDigest sha1 = MessageDigest.getInstance("SHA1");
122         MessageDigest md5 = MessageDigest.getInstance("MD5");
123         for (int i = 0; i < chain.length; i++) {
124             X509Certificate cert = chain[i];
125             System.out.println
126                     (" " + (i + 1) + " Subject " + cert.getSubjectDN());
127             System.out.println("   Issuer  " + cert.getIssuerDN());
128             sha1.update(cert.getEncoded());
129             System.out.println("   sha1    " + toHexString(sha1.digest()));
130             md5.update(cert.getEncoded());
131             System.out.println("   md5     " + toHexString(md5.digest()));
132             System.out.println();
133         }
134 
135         System.out.println("Enter certificate to add to trusted keystore or ‘q‘ to quit: [1]");
136         String line = reader.readLine().trim();
137         int k;
138         try {
139             k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
140         } catch (NumberFormatException e) {
141             System.out.println("KeyStore not changed");
142             return;
143         }
144 
145         X509Certificate cert = chain[k];
146         String alias = host + "-" + (k + 1);
147         ks.setCertificateEntry(alias, cert);
148 
149         OutputStream out = new FileOutputStream("jssecacerts");
150         ks.store(out, passphrase);
151         out.close();
152 
153         System.out.println();
154         System.out.println(cert);
155         System.out.println();
156         System.out.println
157                 ("Added certificate to keystore ‘jssecacerts‘ using alias ‘"
158                         + alias + "‘");
159     }
160 
161     private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
162 
163     private static String toHexString(byte[] bytes) {
164         StringBuilder sb = new StringBuilder(bytes.length * 3);
165         for (int b : bytes) {
166             b &= 0xff;
167             sb.append(HEXDIGITS[b >> 4]);
168             sb.append(HEXDIGITS[b & 15]);
169             sb.append(‘ ‘);
170         }
171         return sb.toString();
172     }
173 
174     private static class SavingTrustManager implements X509TrustManager {
175 
176         private final X509TrustManager tm;
177         private X509Certificate[] chain;
178 
179         SavingTrustManager(X509TrustManager tm) {
180             this.tm = tm;
181         }
182 
183         public X509Certificate[] getAcceptedIssuers() {
184        
185         /** 
186          * This change has been done due to the following resolution advised for Java 1.7+
187         http://infposs.blogspot.kr/2013/06/installcert-and-java-7.html
188                 **/ 
189         
190         return new X509Certificate[0];    
191             //throw new UnsupportedOperationException();
192         }
193 
194         public void checkClientTrusted(X509Certificate[] chain, String authType)
195                 throws CertificateException {
196             throw new UnsupportedOperationException();
197         }
198 
199         public void checkServerTrusted(X509Certificate[] chain, String authType)
200                 throws CertificateException {
201             this.chain = chain;
202             tm.checkServerTrusted(chain, authType);
203         }
204     }
205 }

打包
$ javac InstallCert.java

執行
$ java InstallCert repo.maven.apache.org

他會問你
Enter certificate to add to trusted keystore or ‘q‘ to quit: [1]

輸入 1 ,之後會在執行目錄下生成 jssecacerts
將“jssecacerts”的文件放入JAVA_HOME/jre/lib/security目錄下
再進行maven編譯就可以了