个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
26
4
我尝试从 Spring 4 应用程序连接到 API rest,我使用 jdk1.6.0_121(它支持 TLSv1.2)和 JCE 1.6,在开发代码中我接受所有证书。我知道在这种情况下存在 2 个可能的错误
但是这个选项被丢弃了,因为我使用 Postman 从我的本地机器调用 API rest 并且工作正常,但是从测试服务器不工作。
@Configuration
public class RestTemplateConfig {
private static final int TIMEOUT = 20000;
private static final Logger LOGGER = Logger.getLogger(RestTemplateConfig.class);
@Bean
public RestTemplate restTemplate() {
try {
TrustManager tm = new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkServerTrusted(X509Certificate[] chain, String authType) {
LOGGER.info("Auto-trusted server certificate chain");
}
public void checkClientTrusted(X509Certificate[] chain, String authType) {
LOGGER.info("Auto-trusted client certificate chain");
}
};
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, new TrustManager[]{tm}, new SecureRandom());
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new String[]{"TLSv1.2"}, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(csf)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setConnectTimeout(TIMEOUT);
requestFactory.setReadTimeout(TIMEOUT);
requestFactory.setHttpClient(httpClient);
return new RestTemplate(requestFactory);
} catch (Exception e) {
LOGGER.error("No se pudo inicializar configuracion SSL ", e);
}
return null;
}
}
来自服务器的 StackTrace:
[24/01/2018 13:14:55] [DEBUG] [JSID=] [org.apache.http.client.protocol.RequestAddCookies]:123 - CookieSpec selected: default
[24/01/2018 13:14:55] [DEBUG] [JSID=] [org.apache.http.client.protocol.RequestAuthCache]:77 - Auth cache not set in the context
[24/01/2018 13:14:55] [DEBUG] [JSID=] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager]:265 - Connection request: [route: {s}->https://api.xxx.tech:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
[24/01/2018 13:14:55] [DEBUG] [JSID=] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager]:309 - Connection leased: [id: 0][route: {s}->https://api.xxx.tech:443][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
[24/01/2018 13:14:55] [DEBUG] [JSID=] [org.apache.http.impl.execchain.MainClientExec]:235 - Opening connection {s}->https://api.xxx.tech:443
[24/01/2018 13:14:56] [DEBUG] [JSID=] [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator]:139 - Connecting to api.xxx.tech/40.123.54.233:443
[24/01/2018 13:14:56] [DEBUG] [JSID=] [org.apache.http.conn.ssl.SSLConnectionSocketFactory]:337 - Connecting socket to api.xxx.tech/40.123.54.233:443 with timeout 20000
[24/01/2018 13:14:56] [DEBUG] [JSID=] [org.apache.http.conn.ssl.SSLConnectionSocketFactory]:390 - Enabled protocols: [TLSv1.2]
[24/01/2018 13:14:56] [DEBUG] [JSID=] [org.apache.http.conn.ssl.SSLConnectionSocketFactory]:391 - Enabled cipher suites:[TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
[24/01/2018 13:14:56] [DEBUG] [JSID=] [org.apache.http.conn.ssl.SSLConnectionSocketFactory]:395 - Starting handshake
[24/01/2018 13:14:56] [DEBUG] [JSID=] [org.apache.http.impl.conn.DefaultManagedHttpClientConnection]:96 - http-outgoing-0: Shutdown connection
[24/01/2018 13:14:56] [DEBUG] [JSID=] [org.apache.http.impl.execchain.MainClientExec]:129 - Connection discarded
[24/01/2018 13:14:56] [DEBUG] [JSID=] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager]:348 - Connection released: [id: 0][route: {s}->https://api.xxx.tech:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
[24/01/2018 13:14:56] [ERROR] [JSID=] [com.falabella.lib.shared.kong.connector.service.PaymentServiceImpl]:65 - UPS!
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://api.xxx.tech/sso/oauth2/v2/token": Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:666)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613)
at org.springframework.web.client.RestTemplate.postForObject(RestTemplate.java:380)
at com.falabella.lib.shared.kong.connector.service.PaymentServiceImpl.initPayment(PaymentServiceImpl.java:39)
at com.falabella.lib.shared.kong.connector.web.controller.PaymentController.initPayment(PaymentController.java:23)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3750)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3714)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2283)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2182)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1491)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:172)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:134)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1970)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1323)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1350)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1334)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:89)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:652)
... 34 more
我从服务器使用 Openssl openssl s_client -showcerts -connect api.sandbox.connect.fif.tech:443 获取证书,然后我获取了它。
CONNECTED(00000003)
depth=0 C = US, ST = California, L = San Francisco, O = Kong, OU = IT Department, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = Kong, OU = IT Department, CN = localhost
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=San Francisco/O=Kong/OU=IT Department/CN=localhost
i:/C=US/ST=California/L=San Francisco/O=Kong/OU=IT Department/CN=localhost
-----BEGIN CERTIFICATE-----
MIIDZjCCAk4CCQDdxMEwqGHAxjANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJV
UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEN
MAsGA1UECgwES29uZzEWMBQGA1UECwwNSVQgRGVwYXJ0bWVudDESMBAGA1UEAwwJ
bG9jYWxob3N0MB4XDTE4MDExMTIwMjMyNVoXDTE4MDIxMDIwMjMyNVowdTELMAkG
A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFu
Z6pX+6wFS4pjaZLPchrLBrcLONU/y2wOjWM2HwA76s1JEjPoe2qzesTqmDLu5Dv3
9bzPsNZU6NG/yBVBolalb3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdQQdzir2
vbVeQnJiw5JxidbGGJdPtuYqUJGuuNaZxgDjHYDBwDxUOjF2+zwWeFtoW/kTxdGL
QGxY1I7Bqx3LTTzRO3obulKburBjwZNIW7pRD+8pc7c1DhuijRWzqk93edCQ2U0P
1B6g8gQnn0ZPyrkh8FlH7hVk28HeOlfxsA20Ui1MZPFjwRFgvkzBVejmx4Ywr+xv
nMlkS5qD4K1n8qzS9jcgGN75OQZqck68qkQ53Mg16Ozw88ncpeW0S7pKEehwZzQO
xv+QVL1PuWBQwReq+8W/45jLtasP8D/gX9PfQUxFRNvSp/bDWbAhUBhvLrKLBk4V
76wBbmi4cjZ62Q==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=San Francisco/O=Kong/OU=IT Department/CN=localhost
issuer=/C=US/ST=California/L=San Francisco/O=Kong/OU=IT Department/CN=localhost
---
No client certificate CA names sent
---
SSL handshake has read 1549 bytes and written 389 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 00EC98B11D95F3B5987FF48CEF594588D
Session-ID-ctx:
Master-Key: D2D3C1BB29CEDD0562EA20B0D82FC5E2A947
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - 81 c7 ac 9c 06 1e 09 7c-8c a5 45 ec 7c 1b 7a 2b .......|..E.|.z+
0010 - df 4b a0 1c a1 7d 1c f6-50 26 57 74 0c 1c a4 85 .K...},.P&Wt....
0020 - 75 a4 07 65 1d f8 08 9d-2a 50 cd 40 66 c5 32 21 u..e..H.*P.@f.2!
0030 - 56 d2 8d 1e 08 f8 07 e6-cc 55 f9 85 1b b3 0c 40 V.....G..U.....@
0040 - 39 e8 9b 60 38 3e 19 62-da 55 7a 3c 8b 66 dd 91 9..`8>.b.Uz<.f..
0050 - 03 d1 c8 2b 90 35 93 43-1f 7f 06 61 e0 dc 5d 1e ...+.5.C...a..].
0060 - 90 da e3 b8 1b 72 a2 46-37 20 36 96 ac 1b f5 d6 .....r.F7 6.....
0070 - 81 14 75 d8 e0 ce 8b 6a-55 ec 27 e2 91 b3 2d ed ..u....jU.'...-.
0080 - d2 63 d8 c1 52 c6 07 58-38 ff f1 53 c5 2b d6 ff .c..R..X8..S.+..
0090 - 83 5a 53 5e 10 f5 54 75-7d 94 84 64 33 bb 13 33 .ZS^..Tu}..d3..3
00a0 - cc c0 72 e6 ba 11 d3 4f-5a 6b 4a 5a 17 cb 32 54 ..r....OZkJZ..2T
Start Time: 1516811974
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
closed
已编辑
应用程序安装在 weblogic 服务器 10.3.6.0。
最佳答案
日志显示 https://api.xxx.tech/sso/oauth2/v2/token证书的 CN 是 localhost - 尝试将证书中的 CN 修改为 api.xxx.tech
如果您登录到该框并可以向 https://localhost/sso/oauth2/v2/token 发出相同的请求 - 您可能不会看到错误,因为主机名将匹配证书CN
您还可以为主题备用名称 (SAN) 添加 X509 条目,您可以在其中指定主题备用名称 DNS: localhost 或 IP: 127.0.0.1
关于java - RestTemplate SSL 握手失败 - 连接被丢弃,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48428400/
26
4
0
我在使用以下代码时遇到问题: function http_file_exists($url){ $f=fopen($url,"r"); if($f){ fclose($f); retu
我已经通过 Git 部署到 Azure 几个月了,没有出现重大问题,但现在我似乎遇到了一个无法克服的错误。 我创建了一个新的 Azure 网站,为正在开发的项目创建单独的预览链接。我在新站点上设置了
我已经通过flutter创建了一个App并完成了它,我想在flutter文档中阅读时进行部署。 我收到此错误: FAILURE: Build failed with an exception. * W
我在Windows 10中使用一些简单的Powershell代码遇到了这个奇怪的问题,我认为这可能是我做错了,但我不是Powershell的天才。 我有这个: $ix = [System.Net.Dn
我正在尝试使用 RapidJSON 解析从服务器接收到的数据。以下是收到的确切字符串: [ { "Node": "9478149a08f9", "Address": "172.17
我尝试为 ios 编译 OpenCV。我总是收到这些错误。我用不同版本的opencv试了一下,结果都是一样的。 我运行这个:python 平台/ios/build_framework.py ios_o
我在一台机器上做基本的发布/订阅,我的客户端是 StackExchange-Redis 的 C# 客户端,我在同一台机器上运行基于 Windows 的 Redis 服务器(服务器版本 2.8.4) 当
我有这段代码,但无法执行,请帮我解决这个问题 连接 connect_error) { die ("connection failed: " . $terhubung->connect_erro
我在 tomcat 上运行并由 maven 编译的 Web 应用程序给出了以下警告和错误。我可以在本地存储库中看到所有 JAR,但有人可以帮忙吗。 WARNING: Failed to scan JA
我正在 Windows 8 上使用 Android Studio 开发一个 android 应用程序,我正在使用一些 native 代码。突然间我无法编译我的 C 文件。当我运行 ndk-build
下面的代码对类和结构的成员进行序列化和反序列化。序列化工作正常,但我在尝试使用 oarch >> BOOST_SERIALIZATION_NVP(outObj); 反序列化时遇到了以下错误; 代码中是
如果我运行此命令“rspec ./spec/requests/api/v1/password_reset_request_spec.rb”,此文件中的所有测试都会通过。 但是,当我运行“rspec”时
我在尝试执行测试以使用 Protractor 上传文件时出错,我的代码是这个 it('it should be possible to upload a file', function() {
System.loadLibrary("nativefaceswap"); 当我运行我的应用程序时,我在 Android Studio 中发现了此类错误。在logcat中显示: java.lang.U
我希望有人能帮助我!使用任何方法或命令行的任何 SSL/HTTPS 调用均无效。 我在 Windows 10 中使用 Ubuntu Server 18.04 作为子系统。我的问题是昨天才开始出现的,因
通过删除这两个值将日期字段从 null=True 和 Blank=True 更改为 required 时,使用 db.alter 命令时遇到问题。 当以下行被注释掉时,迁移运行不会出现问题。
我第一次使用 Heroku 尝试创建应用程序(使用 SendGrid 的 Inbound Parse Webhook"和 Twilio SMS 通过电子邮件发送和接收 SMS 消息)。通过 Virtu
我正在将我的 swift 项目更新到 Xcode 7 上的 Swift 2.0。xcode 在构建项目时报告了以下错误: 命令/Applications/Xcode.app/Contents/Deve
在我的代码中,SSL 库函数 SSL_library_init() 没有按预期返回 1。我如何才能看到它返回了什么错误? 我在 SSL_library_init() 之后调用了 SSL_load_er
我正在尝试运行在以下链接中找到的答案: Asynchronously Load the Contents of a Div 但是当我这样做时,我会遇到我不太理解的错误。 我的代码: $(documen
我是一名优秀的程序员,十分优秀!