无法通过SSL使用Amazon S3 API?
平嘉熙
问题内容:
问题答案:
我正在尝试使用Amazon S3 API加密和上传文件。
public class AmazonS3 {
String KmsId = "my_id_comes_here";
private TransferManager getTransferManager() {
AWSCredentials awsCredentials = new ProfileCredentialsProvider().getCredentials();
KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(KmsId);
AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(awsCredentials, materialProvider,
new CryptoConfiguration().withKmsRegion(Regions.EU_CENTRAL_1)).withRegion(Regions.EU_CENTRAL_1);
s3Client.setEndpoint("s3.eu-central-1.amazonaws.com");
TransferManager transferManager = new TransferManager(s3Client);
return transferManager;
}
public void upload(String bucket, String keyName, String filePath)
throws InterruptedException, NoSuchAlgorithmException, IOException, InvalidKeySpecException {
TransferManager transferManager = getTransferManager();
// TransferManager processes all transfers asynchronously, so this call will return immediately.
Upload upload = transferManager.upload(bucket, keyName, new File(filePath));
try {
// Or you can block and wait for the upload to finish
upload.waitForCompletion();
System.out.println("Upload complete.");
} catch (AmazonClientException amazonClientException) {
System.out.println("Unable to upload file, upload was aborted.");
amazonClientException.printStackTrace();
}
}
如果 我不将我的 托拉斯 作为参数 传递 给我的应用程序,那会 很好 。
但是,如果 我使用我的托管人初始化我的应用程序, 如下所示:
-Dspring.profiles.active="dev" -Djavax.net.debug=all -Djavax.net.ssl.trustStore=/usr/share/ca-certificates/anevis/java/activemq/client.ts -Djavax.net.ssl.trustStorePassword=changeit
它给了我这个错误:
com.amazonaws.AmazonClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:516)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:317)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3595)
at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:999)
at com.amazonaws.services.s3.transfer.TransferManager.doDownload(TransferManager.java:779)
at com.amazonaws.services.s3.transfer.TransferManager.download(TransferManager.java:691)
at com.anevis.documentengine.configuration.jms.AmazonS3.download(AmazonS3.java:57)
at com.anevis.documentengine.configuration.jms.S3UploadTest.testUpload(S3UploadTest.java:25)
at com.anevis.documentengine.configuration.jms.S3UploadTest.main(S3UploadTest.java:9)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
at com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.connectSocket(SdkTLSSocketFactory.java:128)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:749)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:505)
... 13 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 32 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 38 more
如何解决此错误?
问题答案:
您的信任库没有用于保护AWS
API的证书颁发机构。您需要创建一个新的信任库,并将其client.ts与AWS所需的信任库结合在一起。最简单的方法是client.ts与cacertsJRE中的密钥库合并。
例:
keytool -importkeystore -srckeystore client.ts -destkeystore combined.ts -srcstorepass changeit -deststorepass changeit
keytool -importkeystore -srckeystore $JAVA_HOME/jre/lib/security/cacerts -destkeystore combined.ts -srcstorepass changeit -deststorepass changeit
然后使用combined.ts代替client.ts。
类似资料:
-
我有一个JavaSpring Boot Application,我已经将服务器配置为在SSL上运行,这是强制性的。 我已经为我的域创建了一个证书从LetsEncrypt证书,并通过运行为keystore创建了一个p12文件 我想用Ingress Nginx控制器在Kubernetes上公开它,所以我创建了一个秘密 我已经部署了应用程序,可以看到部署文件,当我将本地8443端口转发到其服务的8443
-
在我们的docker-swarm中运行kafka connect,使用以下撰写文件: kafka connect节点成功启动,我可以设置任务并查看这些任务的状态······ 我是否在撰写文件或任务配置中缺少某些配置?
-
问题内容: 如何使用Node.js通过SSL连接到MongoDB服务器? 我已经阅读了一些驱动程序(mongojs,mongodb- native )的源代码,并且我已经搜索了一段时间,但是似乎找不到任何合适的教程,指南或文档。 问题答案: 如评论中所建议,具有所需的一切。 我使用以下命令启动并运行: 编辑 你也可以从猫鼬做ssl :
-
我有Artemis ActiveMQ版本2.19.0,有3组主/从: 我也在连接器之间使用SSL连接,这里是来自一台机器的broker.xml: 经纪人之间的关系很好。当我试图从一个制作人那里发送消息时,我得到了这个错误 下面是我的JMS连接url的样子: 首先,我不明白为什么在日志中我看到我的商店的错误路径,它说:“在/home/artemis_cert/amq5/client_ts.p12处没
-
我将Jetty的HttpClient设置为使用SSL连接到apache http server,它将请求作为http路由到web服务器: HttpClient<--HTTPS->http server<--HTTP->web服务器。 此安装程序已运行了一段时间。 我现在正在尝试添加代理: HttpClient<---HTTPS using CONNECT Method-->proxy<---HTT