java 没有可用的X509TrustManager实现

qnakjoqk  于 2023-02-28  发布在  Java
关注(0)|答案(3)|浏览(454)

我正在调用AWS API,我一直遇到以下错误

Exception in thread "main" com.amazonaws.AmazonClientException: Unable to execute HTTP request: java.security.cert.CertificateException: No X509TrustManager implementation available
       at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:709)
       at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:449)
       at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:411)
       at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:360)
       at com.amazonaws.services.kms.AWSKMSClient.doInvoke(AWSKMSClient.java:2723)
       at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:2693)
       at com.amazonaws.services.kms.AWSKMSClient.generateDataKey(AWSKMSClient.java:1488)
       at com.infor.aws.KMSTest.createDEK(KMSTest.java:217)
       at com.infor.aws.KMSTest.main(KMSTest.java:144)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available
       at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
       at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
       at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
       at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
       at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
       at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
       at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
       at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
       at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
       at com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.connectSocket(SdkTLSSocketFactory.java:132)
       at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
       at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke(Method.java:498)
       at com.amazonaws.http.conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerFactory.java:76)
       at com.amazonaws.http.conn.$Proxy2.connect(Unknown Source)
       at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
       at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
       at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
       at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
       at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
       at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
       at com.amazonaws.http.apache.client.impl.SdkHttpClient.execute(SdkHttpClient.java:72)
       at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:854)
       at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:697)
       ... 8 more
Caused by: java.security.cert.CertificateException: No X509TrustManager implementation available
       at sun.security.ssl.DummyX509TrustManager.checkServerTrusted(SSLContextImpl.java:1119)
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
       ... 35 more

我已经在Stackoverflow上运行了多个线程,并添加了所有必需的truststore、truststoretype系统属性。我已经尝试了这个thread。但是没有任何效果。有人遇到过这个吗?我像下面这样调用它

TrustManagerFactory tmf = TrustManagerFactory
                                   .getInstance(TrustManagerFactory.getDefaultAlgorithm());

KeyStore ks  = KeyStore.getInstance("BCFKS");
ks.load(new FileInputStream("<jre-home>\\\\lib\\\\security\\\\cacerts"), "changeit".toCharArray());
tmf.init(ks);

 // Get hold of the trust manager
X509TrustManager x509Tm = null;
for (TrustManager tm : tmf.getTrustManagers()) {
     if (tm instanceof X509TrustManager) {
          x509Tm = (X509TrustManager) tm;
          break;
     }
}
nlejzf6q

nlejzf6q1#

在调试了几个小时之后,在我的情况下,它被证明是一个损坏的密钥存储库。检查是否可以使用keytool命令列出密钥存储库的内容。

gab6jxml

gab6jxml2#

当我们将AWS-Client初始化移到设置信任存储密码之后的位置时,这个问题得到了解决。在我的代码中,我创建AWS-Client太早了。

tvokkenx

tvokkenx3#

在我的例子中,我调用了一个SOAP服务,该服务在构建信任库之前需要SSL身份验证,因此服务调用没有证书,或者至少没有完全形成的证书,这导致服务调用失败,并出现以下错误。
当我首先移动spring初始化,然后是信任存储构建,最后是服务调用时,就修复了这个问题。

KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(null, null);
CertificateFactory cf = CertificateFactory.getInstance("X.509");

FileInputStream fis = null;
FileOutputStream fos = null;

fis = new FileInputStream(<your cert file>);
X509Certificate certificate = (X509Certificate)cf.generateCertificate(fis);
fis.close();

trustStore.setCertificateEntry(<cert name/alias>, certificate);
fos = new FileOutputStream(<path of the file to write to>);
// "changeit" is the default password that is used.
trustStore.store(fos, "changeit".toCharArray());
fos.close();

如果您需要的是PKCS12,请将其替换为JKS。

相关问题