search

plutext / docx4j-ImportXHTML

Converts XHTML to OpenXML WordML (docx) using docx4j
135 stars 124 forks source link

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target #60

Closed wussup closed 4 years ago

wussup commented 4 years ago

Hello,

I am trying to load into the document image from https and get the next exception:

2020-04-16 07:16:41 [http-nio-8081-exec-3] WARN  o.docx4j.org.xhtmlrenderer.exception - IO problem for https://www.kaspersky.pl/resources/template/i/icons/product-icon-KSOS.png
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
    at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
    at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1587)
    at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1515)
    at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
    at java.base/java.net.URL.openStream(URL.java:1140)
    at org.docx4j.org.xhtmlrenderer.swing.NaiveUserAgent.resolveAndOpenStream(NaiveUserAgent.java:123)
    at org.docx4j.org.xhtmlrenderer.docx.Docx4jUserAgent.getDocx4JImageResource(Docx4jUserAgent.java:64)
    at org.docx4j.convert.in.xhtml.XHTMLImageHandlerDefault.addImage(XHTMLImageHandlerDefault.java:101)
    at org.docx4j.convert.in.xhtml.XHTMLImporterImpl.addImage(XHTMLImporterImpl.java:1702)
    at org.docx4j.convert.in.xhtml.XHTMLImporterImpl.traverse(XHTMLImporterImpl.java:1238)
    at org.docx4j.convert.in.xhtml.XHTMLImporterImpl.traverse(XHTMLImporterImpl.java:1304)
    at org.docx4j.convert.in.xhtml.XHTMLImporterImpl.traverse(XHTMLImporterImpl.java:1284)
    at org.docx4j.convert.in.xhtml.XHTMLImporterImpl.traverse(XHTMLImporterImpl.java:1284)
    at org.docx4j.convert.in.xhtml.XHTMLImporterImpl.traverse(XHTMLImporterImpl.java:1284)
    at org.docx4j.convert.in.xhtml.XHTMLImporterImpl.traverse(XHTMLImporterImpl.java:825)
    at org.docx4j.convert.in.xhtml.XHTMLImporterImpl.convert(XHTMLImporterImpl.java:698)
    ...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
    at java.base/sun.security.validator.Validator.validate(Validator.java:264)
    at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629)
    ... 137 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
    ... 143 common frames omitted
2020-04-16 07:16:41 [http-nio-8081-exec-3] ERROR o.d.c.i.x.XHTMLImageHandlerDefault - Couldn't fetch https://www.kaspersky.pl/resources/template/i/icons/product-icon-KSOS.png

Could you please tell me, how I can trust all https certificates?

wussup commented 4 years ago

Workaround:

// FIX: Accept all certificates
{
    try {
        TrustManager[] trustAllCerts = new TrustManager[] {
            new TrustAllManager()
        };
        // Install the all-trusting trust manager
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (NoSuchAlgorithmException | KeyManagementException e) {
        e.printStackTrace();
    }

    // Install the all-trusting host verifier
    HttpsURLConnection.setDefaultHostnameVerifier(new AllHostsValidVerifier());
}
private static class TrustAllManager implements X509TrustManager {

    @Override
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @Override
    public void checkClientTrusted(X509Certificate[] certs, String authType) {}

    @Override
    public void checkServerTrusted(X509Certificate[] certs, String authType) {}
}
private static class AllHostsValidVerifier implements HostnameVerifier {
    @Override
    public boolean verify(String hostname, SSLSession session) {
        return true;
    }
}