0

我今天注意到,我的服务拒绝 API 证书。它不是自签名证书,而是由 let's encrypt 颁发的。我发现它在浏览器和一些在线证书检查工具上看起来不错。上周它运行得很好——但不知何故在周末停止了。它是 Java 12(在 Mac、Linux 和 Linux 上尝试过 OpenJDK 和 OpenJ9)

你们对如何调试(甚至修复)这个有任何想法吗?我检查了各种

Exception in thread "main" java.lang.IllegalStateException: OAuth Authentication failed from https://graph.homefully.tech/oauth/authorize
    at de.homefully.platform.graphclient.GraphClient.revalidateAccessToken(GraphClient.java:170)
    at de.homefully.platform.graphclient.GraphClient.execute(GraphClient.java:90)
    at de.homefully.platform.graphclient.GraphClient.query(GraphClient.java:66)
    at de.homefully.platform.adplacementjob.graphapi.AdPlacementSupplier.get(AdPlacementSupplier.java:18)
    at de.homefully.platform.adplacementjob.graphapi.AdPlacementSupplier.get(AdPlacementSupplier.java:11)
    at de.homefully.platform.adplacementjob.PlacementOrders.load(PlacementOrders.java:19)
    at de.homefully.platform.adplacementjob.JobExecutor.orderedPlacements(JobExecutor.java:38)
    at de.homefully.platform.adplacementjob.JobExecutor.main(JobExecutor.java:31)
    at de.homefully.platform.adplacementjob.RealEstateObjectPublisher.main(RealEstateObjectPublisher.java:9)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:641)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:460)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:441)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:419)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1180)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1091)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:404)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:364)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:221)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:165)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:140)
    at de.homefully.platform.graphclient.GraphClient.revalidateAccessToken(GraphClient.java:147)
    ... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:384)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:289)
    at java.base/sun.security.validator.Validator.validate(Validator.java:264)
    at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:321)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:625)
    ... 33 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:379)
    ... 39 more
4

1 回答 1

0

证书过期了吗?你说它在周末停止的事实表明它可能是。

我有同样的问题,这就是原因。我注意到当它找不到有效证书时,我会得到:SEVERE: I/O Exception javax.net.ssl.SSLHandshakeException:. 但是,当可以找到所需的证书但已过期时,我会收到相同的SEVERE: I/O Exception. sun.security.validator.ValidatorException.

我希望这有帮助。

于 2019-06-17T09:33:43.933 回答