zoukankan      html  css  js  c++  java
  • jenkins 插件下载ssl证书问题

    Jenkins(2020年及以后版本,2.260以上)安装后,插件下载时失败,网上找了各种解决方法,修改jenkins插件的下载源地址:

    找到菜单Manage Jenkins → Manage Plugins  → Advanced  → Update Site,

    把URL改为 https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json

    或把默认地址 https://updates.jenkins.io/update-center.json 的https改为http再重启。

    我把这些方法都试了以后,下载插件还是报错,心拨凉拨凉的。学技术的都最怕遇到环境问题,一个小环境问题可能要倒腾好几天。

    嘿嘿,在我刚要选择投降放弃时,柳暗花明又一村,摸索到了以下Jenkins安装插件失败的另一种解决方法。

    (Update Site的默认URL不需要动)

    1.报错图:

    报错的首行提示:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

     报错原因:访问https的插件地址因为安全证书问题而报错。

    2.解决方案:

    1.先编译如下文件InstallCert.java
    命令:javac InstallCert.java;

    2.再运行InstallCert类,命令:java InstallCert <hostname>;出现提示后按1,回车。会生成jssecacerts 文件。
       PS:此处hostname 为 mirrors.tuna.tsinghua.edu.cn,国内jenkins下载插件的地址会重定向到清华大学提供的镜像文件库。
    3.然后将生成的 jssecacerts 文件,拷贝到jdk中,目录位置:%JAVA_HOME%jrelibsecurity 
    (例如 D:Program FilesJavajdk1.8.0_71jrelibsecurity)

    4.最后重新启动jenkins,证书才能生效。
    文件:InstallCert.java
    复制代码
      1 /* 
      2  * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved. 
      3  * 
      4  * Redistribution and use in source and binary forms, with or without 
      5  * modification, are permitted provided that the following conditions 
      6  * are met: 
      7  * 
      8  *   - Redistributions of source code must retain the above copyright 
      9  *     notice, this list of conditions and the following disclaimer. 
     10  * 
     11  *   - Redistributions in binary form must reproduce the above copyright 
     12  *     notice, this list of conditions and the following disclaimer in the 
     13  *     documentation and/or other materials provided with the distribution. 
     14  * 
     15  *   - Neither the name of Sun Microsystems nor the names of its 
     16  *     contributors may be used to endorse or promote products derived 
     17  *     from this software without specific prior written permission. 
     18  * 
     19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 
     20  * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 
     21  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
     22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
     23  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
     24  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 
     25  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 
     26  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 
     27  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 
     28  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
     29  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
     30  */  
     31   
     32 import java.io.BufferedReader;  
     33 import java.io.File;  
     34 import java.io.FileInputStream;  
     35 import java.io.FileOutputStream;  
     36 import java.io.InputStream;  
     37 import java.io.InputStreamReader;  
     38 import java.io.OutputStream;  
     39 import java.security.KeyStore;  
     40 import java.security.MessageDigest;  
     41 import java.security.cert.CertificateException;  
     42 import java.security.cert.X509Certificate;  
     43   
     44 import javax.net.ssl.SSLContext;  
     45 import javax.net.ssl.SSLException;  
     46 import javax.net.ssl.SSLSocket;  
     47 import javax.net.ssl.SSLSocketFactory;  
     48 import javax.net.ssl.TrustManager;  
     49 import javax.net.ssl.TrustManagerFactory;  
     50 import javax.net.ssl.X509TrustManager;  
     51   
     52 public class InstallCert {  
     53   
     54     public static void main(String[] args) throws Exception {  
     55         String host;  
     56         int port;  
     57         char[] passphrase;  
     58         if ((args.length == 1) || (args.length == 2)) {  
     59             String[] c = args[0].split(":");  
     60             host = c[0];  
     61             port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);  
     62             String p = (args.length == 1) ? "changeit" : args[1];  
     63             passphrase = p.toCharArray();  
     64         } else {  
     65             System.out  
     66                     .println("Usage: java InstallCert <host>[:port] [passphrase]");  
     67             return;  
     68         }  
     69   
     70         File file = new File("jssecacerts");  
     71         if (file.isFile() == false) {  
     72             char SEP = File.separatorChar;  
     73             File dir = new File(System.getProperty("java.home") + SEP + "lib"  
     74                     + SEP + "security");  
     75             file = new File(dir, "jssecacerts");  
     76             if (file.isFile() == false) {  
     77                 file = new File(dir, "cacerts");  
     78             }  
     79         }  
     80         System.out.println("Loading KeyStore " + file + "...");  
     81         InputStream in = new FileInputStream(file);  
     82         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());  
     83         ks.load(in, passphrase);  
     84         in.close();  
     85   
     86         SSLContext context = SSLContext.getInstance("TLS");  
     87         TrustManagerFactory tmf = TrustManagerFactory  
     88                 .getInstance(TrustManagerFactory.getDefaultAlgorithm());  
     89         tmf.init(ks);  
     90         X509TrustManager defaultTrustManager = (X509TrustManager) tmf  
     91                 .getTrustManagers()[0];  
     92         SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);  
     93         context.init(null, new TrustManager[] { tm }, null);  
     94         SSLSocketFactory factory = context.getSocketFactory();  
     95   
     96         System.out  
     97                 .println("Opening connection to " + host + ":" + port + "...");  
     98         SSLSocket socket = (SSLSocket) factory.createSocket(host, port);  
     99         socket.setSoTimeout(10000);  
    100         try {  
    101             System.out.println("Starting SSL handshake...");  
    102             socket.startHandshake();  
    103             socket.close();  
    104             System.out.println();  
    105             System.out.println("No errors, certificate is already trusted");  
    106         } catch (SSLException e) {  
    107             System.out.println();  
    108             e.printStackTrace(System.out);  
    109         }  
    110   
    111         X509Certificate[] chain = tm.chain;  
    112         if (chain == null) {  
    113             System.out.println("Could not obtain server certificate chain");  
    114             return;  
    115         }  
    116   
    117         BufferedReader reader = new BufferedReader(new InputStreamReader(  
    118                 System.in));  
    119   
    120         System.out.println();  
    121         System.out.println("Server sent " + chain.length + " certificate(s):");  
    122         System.out.println();  
    123         MessageDigest sha1 = MessageDigest.getInstance("SHA1");  
    124         MessageDigest md5 = MessageDigest.getInstance("MD5");  
    125         for (int i = 0; i < chain.length; i++) {  
    126             X509Certificate cert = chain[i];  
    127             System.out.println(" " + (i + 1) + " Subject "  
    128                     + cert.getSubjectDN());  
    129             System.out.println("   Issuer  " + cert.getIssuerDN());  
    130             sha1.update(cert.getEncoded());  
    131             System.out.println("   sha1    " + toHexString(sha1.digest()));  
    132             md5.update(cert.getEncoded());  
    133             System.out.println("   md5     " + toHexString(md5.digest()));  
    134             System.out.println();  
    135         }  
    136   
    137         System.out  
    138                 .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");  
    139         String line = reader.readLine().trim();  
    140         int k;  
    141         try {  
    142             k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;  
    143         } catch (NumberFormatException e) {  
    144             System.out.println("KeyStore not changed");  
    145             return;  
    146         }  
    147   
    148         X509Certificate cert = chain[k];  
    149         String alias = host + "-" + (k + 1);  
    150         ks.setCertificateEntry(alias, cert);  
    151   
    152         OutputStream out = new FileOutputStream("jssecacerts");  
    153         ks.store(out, passphrase);  
    154         out.close();  
    155   
    156         System.out.println();  
    157         System.out.println(cert);  
    158         System.out.println();  
    159         System.out  
    160                 .println("Added certificate to keystore 'jssecacerts' using alias '"  
    161                         + alias + "'");  
    162     }  
    163   
    164     private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();  
    165   
    166     private static String toHexString(byte[] bytes) {  
    167         StringBuilder sb = new StringBuilder(bytes.length * 3);  
    168         for (int b : bytes) {  
    169             b &= 0xff;  
    170             sb.append(HEXDIGITS[b >> 4]);  
    171             sb.append(HEXDIGITS[b & 15]);  
    172             sb.append(' ');  
    173         }  
    174         return sb.toString();  
    175     }  
    176   
    177     private static class SavingTrustManager implements X509TrustManager {  
    178   
    179         private final X509TrustManager tm;  
    180         private X509Certificate[] chain;  
    181   
    182         SavingTrustManager(X509TrustManager tm) {  
    183             this.tm = tm;  
    184         }  
    185   
    186         public X509Certificate[] getAcceptedIssuers() {  
    187             throw new UnsupportedOperationException();  
    188         }  
    189   
    190         public void checkClientTrusted(X509Certificate[] chain, String authType)  
    191                 throws CertificateException {  
    192             throw new UnsupportedOperationException();  
    193         }  
    194   
    195         public void checkServerTrusted(X509Certificate[] chain, String authType)  
    196                 throws CertificateException {  
    197             this.chain = chain;  
    198             tm.checkServerTrusted(chain, authType);  
    199         }  
    200     }  
    201   
    202 }  
    复制代码
  • 相关阅读:
    《大型网站技术架构:核心原理与案例分析》阅读笔记三
    《大型网站技术架构:核心原理与案例分析》阅读笔记二
    《大型网站技术架构:核心原理与案例分析》阅读笔记一
    《用户故事与敏捷方法》阅读笔记三
    软件需求与分析课堂讨论一
    信息领域热词分析
    datax的第一次使用
    质量属性2——质量六大属性之可用性在代码端的实现
    质量属性1——《淘宝网》
    阅读笔记之——《架构漫谈》四
  • 原文地址:https://www.cnblogs.com/ruiy/p/15067637.html
Copyright © 2011-2022 走看看