我有一个Web应用程序,要求客户端发送它的证书,服务器必须验证证书(即查看颁发者是否是有效的颁发者并出现在服务器的信任库中).这是代码:
FileInputStream fin=new FileInputStream("C:/trustedca");
KeyStore anchors = KeyStore.getInstance("JKS","SUN");
anchors.load(fin, "server".toCharArray());
X509CertSelector target = new X509CertSelector();
FileInputStream fin1=new FileInputStream("C:/client.crt");
CertificateFactory cf=CertificateFactory.getInstance("X.509");
X509Certificate cert=null;
while (fin1.available() > 0)
{
System.out.println("in while---------");
cert =(X509Certificate) cf.generateCertificate(fin1);
}
target.setCertificate(cert);
PKIXBuilderParameters params = new PKIXBuilderParameters(anchors, target);
CertPathBuilder builder = (CertPathBuilder) CertPathBuilder.getInstance("PKIX").build(params);
PKIXCertPathBuilderResult r = (PKIXCertPathBuilderResult) builder.build((CertPathParameters)params);<br>
但我得到一个例外:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target<br>
注意:
客户端发送的证书是client.crt,用于签署client.crt证书的证书是密钥库"trustedca"中存在的ca.crt.那为什么要给出这个例外呢?