个人中心
gpt4 book ai didi

java - PKIX 路径构建失败 - OpenShift 上的 Spring Boot 服务

转载 作者:行者123 更新时间:2023-12-04 22:43:06 24 4
gpt4 key购买 nike

我尝试从在 OpenShift 平台上的 Docker 容器内运行的 Spring Boot 服务调用 SSL 安全 Web 服务。
我收到以下错误:

org.springframework.ws.client.WebServiceIOException: I/O error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:561) 
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390) 
at client.webClient.callServ(WebClient.java:45)
那是我的网络客户端: 
public class webClient extends WebServiceGatewaySupport {

private String targetUrl = "https://service.com/REST/call";
private String soapActionCall = "http://soapurl.com";

@Autowired
@Qualifier("webServiceTemplateClient")
private WebServiceTemplate webServiceTemplateClient;

@Autowired
private ClientInterceptor interceptor;  

public ClientResponse callServ(ServData request) {
    try {
        ClientInterceptor[] interceptors = new ClientInterceptor[1];
        interceptors[0] = interceptor;
        webServiceTemplateClient.setInterceptors(interceptors);
        
        ClientResponse response = (ClientResponse) webServiceTemplateClient.marshalSendAndReceive(targetUrl,
                request, new MessageCallback(soapActionCall));
        return response;
    } catch (Exception ex) {
        ex.printStackTrace();
        return null;
    }

}
}
这是配置: 
@Configuration
public class ClientConfig {

private String username = "demo";
private String password = "demo";
private String defaultUri = "https://service.com/rest/call";
private String trustPassword = "secret";
private String trustStore = "/opt/app-root/ssl/key.jks";

@Autowired
private ResourceLoader resourceLoader;


@Bean
@Qualifier("marshallerClient")
public Jaxb2Marshaller marshallerClient() {
    Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
    marshaller.setContextPath("client.Service");
    return marshaller;
}

@Bean
public ServClient servClient(@Qualifier("marshallerClient") Jaxb2Marshaller marshallerClient) {
    ServClient client = new ServClient();
    client.setDefaultUri(defaultUri);
    client.setMarshaller(marshallerClient);
    client.setUnmarshaller(marshallerClient);
    return client;
}

@Bean
@Qualifier("webServiceTemplateClient")
public WebServiceTemplate webServiceTemplateClient() {
    WebServiceTemplate webServiceTemplate = new WebServiceTemplate();
    webServiceTemplate.setMarshaller(marshallerClient());
    webServiceTemplate.setUnmarshaller(marshallerClient());
    webServiceTemplate.setDefaultUri("");
    webServiceTemplate.setMessageSender(httpComponentsMessageSenderClient());

    return webServiceTemplate;
}

@Bean
public HttpComponentsMessageSender httpComponentsMessageSenderClient() {
    HttpComponentsMessageSender httpComponentsMessageSender = new HttpComponentsMessageSender() ;
    // set the basic authorization credentials
    httpComponentsMessageSender.setCredentials(usernamePasswordCredentialsClient());
    return httpComponentsMessageSender;
}

@Bean
public UsernamePasswordCredentials usernamePasswordCredentialsClient() {
    // pass the user name and password to be used
    return new UsernamePasswordCredentials(security.decrypt(username), security.decrypt(password));
}

@Bean
public HttpsUrlConnectionMessageSender httpsUrlConnectionMessageSender() throws Exception {
    System.out.println("httpsUrlConnectionMessageSender");
    HttpsUrlConnectionMessageSender httpsUrlConnectionMessageSender = new HttpsUrlConnectionMessageSender();
    httpsUrlConnectionMessageSender.setTrustManagers(sessionTrustManagersFactoryBean().getObject());
    return httpsUrlConnectionMessageSender;
}

@Bean
public KeyStoreFactoryBean sessionTrustStore() {
    KeyStoreFactoryBean keyStoreFactoryBean = new KeyStoreFactoryBean();
    Resource resTrustStore = resourceLoader.getResource("file:" + trustStore);
    keyStoreFactoryBean.setLocation(resTrustStore);
    keyStoreFactoryBean.setPassword(security.decrypt(trustPassword));
    return keyStoreFactoryBean;
}

@Bean
public TrustManagersFactoryBean sessionTrustManagersFactoryBean() {
    TrustManagersFactoryBean trustManagersFactoryBean = new TrustManagersFactoryBean();
    trustManagersFactoryBean.setKeyStore(sessionTrustStore().getObject());

    return trustManagersFactoryBean;
}
}
keystore 保存我用 Firefox 从站点提取的证书。
我需要为 Keystore 设置任何额外的 Informationen 吗?
从我的日志中我可以看到, keystore 已成功加载。

最佳答案

我认为你不应该有 "file:"这里:

Resource resTrustStore = resourceLoader.getResource("file:" + trustStore);

关于java - PKIX 路径构建失败 - OpenShift 上的 Spring Boot 服务,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63486678/

24 4 0
文章推荐: python - SSL 错误(从 Python 2.7.15 到 Python 3.7.7 的端口)- HTTP 错误 401 : Message validation failed
文章推荐: ssl - 使用 cloud_proxy_sql 设置自定义 CA 证书
文章推荐: ssl - 如何修复 GCloud App Engine ERR_SSL_PROTOCOL_ERROR?
文章推荐: php - 谷歌浏览器显示等待缓存
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com