适用
- jdk version: jdk 17
- os: windows 10
现象
gradel 中拉取 github 的项目报错
Could not determine the dependencies of task ':kotlinYarnSetup'.
> Could not resolve all files for configuration ':detachedConfiguration12'.
> Could not resolve com.yarnpkg:yarn:1.22.17.
Required by:
project :
> Could not resolve com.yarnpkg:yarn:1.22.17.
> Could not get resource 'https://github.com/yarnpkg/yarn/releases/download/v1.22.17/yarn-v1.22.17.tar.gz'.
> Could not HEAD 'https://github.com/yarnpkg/yarn/releases/download/v1.22.17/yarn-v1.22.17.tar.gz'.
> Got SSL handshake exception during request. It might be caused by SSL misconfiguration
> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
> Get more help at https://help.gradle.org.
BUILD FAILED in 4m 49s
Configuration cache entry stored.
原因
由于Java无法验证服务器的证书链导致的, 可以通过导入证书来解决
方案
-
拉取这个项目 github.com/escline/Ins… 至本地
-
在 InstallCert.java 同目录下进入 cmd 命令行
-
按照项目中 readme.md 内容依次执行 (按环境调整, 若本地是 jdk 11, 就使用 java--source 11 xxxx)
java --source 17 InstallCert.java <args> keytool -exportcert -alias [host]-1 -keystore jssecacerts -storepass changeit -file [host].cer keytool -importcert -alias [host] -cacerts -storepass changeit -file [host].cer -
例如对 github.com 导入证书
java --source 17 InstallCert.java github.com keytool -exportcert -alias github.com-1 -keystore jssecacerts -storepass changeit -file github.com.cer keytool -importcert -alias github.com -cacerts -storepass changeit -file github.com.cer -
如果是使用 IDEA 开发, 重启 IDEA, 再跑 gradle 脚本重试
-
以上就是全部内容, 几个月前碰到这个问题, 直到最近又碰到才解决, 希望对你有帮助
info
- 项目中可能需要导入多个其他证书, 按以上步骤再导入其他证书即可
- 其中是否信任证书, 录入
y进行回车确认
info
- 以下是解决方案执行过程, 供参考
E:\newWorld\KotlinProject\kotlin>java --source 17 InstallCert.java objects.githubusercontent.com
注: InstallCert.java使用或覆盖了已过时的 API。
注: 有关详细信息, 请使用 -Xlint:deprecation 重新编译。
Loading KeyStore jssecacerts...
Opening connection to objects.githubusercontent.com:443 ...
Starting SSL handshake...
javax.net.ssl.SSLException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1712)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:470)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at InstallCert.main(InstallCert.java:107)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at jdk.compiler/com.sun.tools.javac.launcher.Main.execute(Main.java:419)
at jdk.compiler/com.sun.tools.javac.launcher.Main.run(Main.java:192)
at jdk.compiler/com.sun.tools.javac.launcher.Main.main(Main.java:132)
Caused by: java.lang.RuntimeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:208)
at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1441)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:242)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:113)
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:206)
... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 26 more
Server sent 1 certificate(s):
......省略.......
md5 43 20 3f b3 0d 4c c1 28 97 ed ca 02 a2 9a 12 47
Enter certificate to add to trusted keystore or 'q' to quit: [1]
1
[
......省略.......
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[2]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.github.io
DNSName: github.io
DNSName: githubusercontent.com
DNSName: www.github.com
DNSName: *.github.com
DNSName: *.githubusercontent.com
DNSName: github.com
]
]
Algorithm: [SHA256withRSA]
Signature:
......省略.......
00D0: CB 19 A6 CB 49 18 A4 47 43 AB 6F E1 BA DA 2A 43 ....I..GC.o...*C
00E0: DD 49 E7 8B F6 15 FD F5 1D B9 09 2E D0 16 19 3D .I.............=
00F0: 20 81 DE F3 DD D2 45 48 8D 1C D8 B8 A6 72 E2 86 .....EH.....r..
]
Added certificate to keystore 'jssecacerts' using alias 'objects.githubusercontent.com-1'
E:\newWorld\KotlinProject\kotlin>keytool -exportcert -alias objects.githubusercontent.com-1 -keystore jssecacerts -storepass changeit -file objects.githubusercontent.com.cer
存储在文件 <objects.githubusercontent.com.cer> 中的证书
Warning:
JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore jssecacerts -destkeystore jssecacerts -deststoretype pkcs12" 迁移到行 业标准格式 PKCS12。
E:\newWorld\KotlinProject\kotlin>keytool -importcert -alias objects.githubusercontent.com -cacerts -storepass changeit -file objects.githubusercontent.com.cer
所有者: CN=*.github.io, O="GitHub, Inc.", L=San Francisco, ST=California, C=US
发布者: CN=adc-CA-CA, DC=adc, DC=com
主体公共密钥算法: 2048 位 RSA 密钥
版本: 3
......省略.......
扩展:
#1: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
#2: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.github.io
DNSName: github.io
DNSName: githubusercontent.com
DNSName: www.github.com
DNSName: *.github.com
DNSName: *.githubusercontent.com
DNSName: github.com
]
是否信任此证书? [否]: y
证书已添加到密钥库中
Warning:
JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore C:\Program Files\Eclipse Adoptium\jdk-17.0.6.10-hotspot\lib\security\cacerts -destkeystore C:\Program Files\Eclipse Adoptium\jdk-17.0.6.10-hotspot\lib\security\cacerts -deststoretype pkcs12" 迁移到行业标准格式 PKCS12。
