維護一個新浪微博同步的代碼,發現在Myeclipse 10下,單元測試無法執行。如下:
javax.net.ssl.SSLHandshakeException : sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException : basic constraints check failed: pathLenConstraint violated - this cert must be thelast
cert in the certification path at com.sun.net.ssl.internal.ssl.Alerts.getSSLException( Alerts.java:174)
同樣是https,為什麼QQ的就沒有問題呢?
在新浪開發平台,找到這個:獲取accesstoken報錯(服務器為https協議),說要 "自定義類繼承SSLSocketFactory,調用方法,只要用認證返回的HttpCilent即可",一想,這也不靠譜啊,代碼改動量太大。
又找到這個:ERROR: sun.security.validator.ValidatorException: PKIX path validation failed,說"強制httpclient信任任何證書"
。
還有這個:解決開放平台的證書錯誤:ValidatorException:PKIX path validation failed, 需要自己安裝新浪微博的證書
①:下載微博證書
#openssl s_client -showcerts -connect api.weibo.com:443 >/tmp/weibo.cert
②:編輯微博證書,用任何熟悉的編輯器,去掉weibo.cert文件中BEGIN CERTIFICATE和END CERTIFICATE之外的內容
(注意有三個CERTIFICATE塊,去掉第一個BEGIN CERTIFICATE之前和最後一個END CERTIFICATE之後的內容)
③:導入微博證書:
keytool -import -trustcacerts -alias root -file weibo.cert -keystore keystore
試了下表示沒成功(我是在windows下,所以直接通過浏覽器導入證書)。
------------------------------------------------------------------------------------------------------------------------------------------------------------
然後又找到一個靠譜的帖子:微博同步ValidatorException,同樣的問題,說是JDK的bug引起的,升級到jdk 1.6.0_20就不會出現這個問題了。查了一下我的JDK,發現有兩個版本,1.7.0_17和1.6.0_13。
那我就將項目的java compiler compliance level設置為1.7,然後碰到了Unsupported major.minor version 51.0問題。
先找到這條:Unsupported major.minor version 51.0,有相關解釋:
了解了51.0 這個數字的意義後,繼續google,看到這條:解決Unsupported major.minor version 51.0問題的感悟,涉及到build path 和compiler compliance level的問題:the version number shown describes the version of the JRE the class file is compatible with.The reported major numbers are: J2SE 8 = 52, J2SE 7 = 51, J2SE 6.0 = 50, J2SE 5.0 = 49, JDK 1.4 = 48, JDK 1.3 = 47, JDK 1.2 = 46, JDK 1.1 = 45 (source: http://en.wikipedia.org/wiki/Java_class_file ) To fix the actual problem you should try to either run the Java code with newer version Java JRE or
specify target parameter to the Java compiler to instruct the compiler to create code compatible with
earlier Java versions. For example in order to to generate class files compatible with Java 1.4, use the following command line: javac -source 1.4 HelloWorld.java
With newer versions of Java compiler you are likely to get a warning about bootstrap class path not
being set. More information about this error is available at:
https://blogs.oracle.com/darcy/entry/bootclasspath_older_source
昨天偶然又維護一個新浪微博同步的代碼,突然發現自己的測試類同步不出去了~,報錯如下:
1
ERROR: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: basic constraints check failed: pathLenConstraint violated -
this
cert must be the last cert in the certification path
看見security下面的異常就心裡一緊,這貌似是oauth2.0協議的https請求導致的,而且請求沒有發送出去就報錯了。然後google,百度,微博各種搜索
微博的開放平台提問上看到有大神回復:強制httpclient信任任何證書就可以了。
但是純文字的微博我用的jdk裡的urlconnection,不知道怎麼強制信任證書,http頭文件中也沒找到相關設置,大神們看到可以教下小菜我試一下這個方法可不可行。