search

VKCOM / vk-java-sdk

Java library for working with VK API
MIT License
292 stars 153 forks source link

java.security.cert.CertPathValidatorException: signature check failed #107

Open iNomaD opened 6 years ago

iNomaD commented 6 years ago

Очень странный баг с HTTP клиентом. Раньше писал приложения с использованием sdk, но в один прекрасный момент они перестали работать при вызове любых HTTP методов. Решил проверить на examples/hello-bot из свеженького sdk - результат тот же.

:examples:hello-bot:run                 
01:57:13.231 [main] ERROR com.vk.api.sdk.client.ApiRequest - Problems with request: https://api.vk.com/method/groups.setCallbackSettings
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
 signature check failed
  at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_65]
      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[?:1.8.0_65]
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[?:1.8.0_65]
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_65]
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) ~[?:1.8.0_65]
       at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_65]
   at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_65]
  at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[?:1.8.0_65]
       at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[?:1.8.0_65]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_65]
       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_65]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_65]
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) ~[httpclient-4.5.3.jar:4.5.3]
  at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) ~[httpclient-4.5.3.jar:4.5.3]
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.3.jar:4.5.3]
   at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) ~[httpclient-4.5.3.jar:4.5.3]
     at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) ~[httpclient-4.5.3.jar:4.5.3]
 at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) ~[httpclient-4.5.3.jar:4.5.3]
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) ~[httpclient-4.5.3.jar:4.5.3]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.3.jar:4.5.3]
   at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) ~[httpclient-4.5.3.jar:4.5.3]
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.3.jar:4.5.3]
 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.3.jar:4.5.3]
  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.3.jar:4.5.3]
 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.3.jar:4.5.3]
  at com.vk.api.sdk.httpclient.HttpTransportClient.call(HttpTransportClient.java:133) ~[sdk-0.5.11.jar:?]
        at com.vk.api.sdk.httpclient.HttpTransportClient.callWithStatusCheck(HttpTransportClient.java:114) ~[sdk-0.5.11.jar:?]
 at com.vk.api.sdk.httpclient.HttpTransportClient.post(HttpTransportClient.java:242) ~[sdk-0.5.11.jar:?]
        at com.vk.api.sdk.httpclient.HttpTransportClient.post(HttpTransportClient.java:231) ~[sdk-0.5.11.jar:?]
        at com.vk.api.sdk.client.ApiRequest.executeAsString(ApiRequest.java:113) [sdk-0.5.11.jar:?]
    at com.vk.api.sdk.client.ApiRequest.executeWithoutRetry(ApiRequest.java:77) [sdk-0.5.11.jar:?]
 at com.vk.api.sdk.client.ApiRequest.execute(ApiRequest.java:66) [sdk-0.5.11.jar:?]
     at com.vk.api.examples.hellobot.Application.initVkApi(Application.java:44) [main/:?]
   at com.vk.api.examples.hellobot.Application.main(Application.java:25) [main/:?]
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
       at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:352) ~[?:1.8.0_65]
       at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260) ~[?:1.8.0_65]
   at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_65]
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_65]
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:1.8.0_65]
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:1.8.0_65]
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[?:1.8.0_65]
       ... 29 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
   at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) ~[?:1.8.0_65]
     at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219) ~[?:1.8.0_65]
 at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140) ~[?:1.8.0_65]
 at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79) ~[?:1.8.0_65]
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) ~[?:1.8.0_65]
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347) ~[?:1.8.0_65]
       at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260) ~[?:1.8.0_65]
   at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_65]
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_65]
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:1.8.0_65]
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:1.8.0_65]
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[?:1.8.0_65]
       ... 29 more
Caused by: java.security.SignatureException: Signature does not match.
     at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:449) ~[?:1.8.0_65]
  at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166) ~[?:1.8.0_65]
    at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147) ~[?:1.8.0_65]
      at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125) ~[?:1.8.0_65]
     at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219) ~[?:1.8.0_65]
 at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140) ~[?:1.8.0_65]
 at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79) ~[?:1.8.0_65]
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) ~[?:1.8.0_65]
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347) ~[?:1.8.0_65]
       at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260) ~[?:1.8.0_65]
   at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_65]
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_65]
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:1.8.0_65]
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:1.8.0_65]
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[?:1.8.0_65]
       ... 29 more
java.lang.RuntimeException: Client error during init
        at com.vk.api.examples.hellobot.Application.initVkApi(Application.java:48)
        at com.vk.api.examples.hellobot.Application.main(Application.java:25)
Caused by: com.vk.api.sdk.exceptions.ClientException: I/O exception
        at com.vk.api.sdk.client.ApiRequest.executeAsString(ApiRequest.java:116)
        at com.vk.api.sdk.client.ApiRequest.executeWithoutRetry(ApiRequest.java:77)
        at com.vk.api.sdk.client.ApiRequest.execute(ApiRequest.java:66)
        at com.vk.api.examples.hellobot.Application.initVkApi(Application.java:44)
        ... 1 more
:examples:hello-bot:run FAILED
tsivarev commented 6 years ago

Клиент не смог установить SSL соединение. Проверьте, сможете ли вы открыть ссылку https://api.vk.com/method/groups.setCallbackSettings в браузере.

iNomaD commented 6 years ago

Решил проблему, добавив сертификат vk в jdk вручную.