如何解决PKIX路径构建失败-OpenShift上的Spring Boot Service
我尝试从运行在OpenShift平台上的Docker容器中的Spring Boot服务调用SSL安全的Web服务。
我收到以下错误:
org.springframework.ws.client.WebServiceIOException: I/O error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:561)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390)
at client.webClient.callServ(WebClient.java:45)
那是我的网络客户端:
public class webClient extends WebServiceGatewaySupport {
private String targetUrl = "https://service.com/REST/call";
private String soapActionCall = "http://soapurl.com";
@Autowired
@Qualifier("webServiceTemplateClient")
private WebServiceTemplate webServiceTemplateClient;
@Autowired
private ClientInterceptor interceptor;
public ClientResponse callServ(ServData request) {
try {
ClientInterceptor[] interceptors = new ClientInterceptor[1];
interceptors[0] = interceptor;
webServiceTemplateClient.setInterceptors(interceptors);
ClientResponse response = (ClientResponse) webServiceTemplateClient.marshalSendAndReceive(targetUrl,request,new MessageCallback(soapActionCall));
return response;
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
}
这是配置:
@Configuration
public class ClientConfig {
private String username = "demo";
private String password = "demo";
private String defaultUri = "https://service.com/rest/call";
private String trustPassword = "secret";
private String trustStore = "/opt/app-root/ssl/key.jks";
@Autowired
private ResourceLoader resourceLoader;
@Bean
@Qualifier("marshallerClient")
public Jaxb2Marshaller marshallerClient() {
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
marshaller.setContextPath("client.Service");
return marshaller;
}
@Bean
public ServClient servClient(@Qualifier("marshallerClient") Jaxb2Marshaller marshallerClient) {
ServClient client = new ServClient();
client.setDefaultUri(defaultUri);
client.setMarshaller(marshallerClient);
client.setUnmarshaller(marshallerClient);
return client;
}
@Bean
@Qualifier("webServiceTemplateClient")
public WebServiceTemplate webServiceTemplateClient() {
WebServiceTemplate webServiceTemplate = new WebServiceTemplate();
webServiceTemplate.setMarshaller(marshallerClient());
webServiceTemplate.setUnmarshaller(marshallerClient());
webServiceTemplate.setDefaultUri("");
webServiceTemplate.setMessageSender(httpComponentsMessageSenderClient());
return webServiceTemplate;
}
@Bean
public HttpComponentsMessageSender httpComponentsMessageSenderClient() {
HttpComponentsMessageSender httpComponentsMessageSender = new HttpComponentsMessageSender() ;
// set the basic authorization credentials
httpComponentsMessageSender.setCredentials(usernamePasswordCredentialsClient());
return httpComponentsMessageSender;
}
@Bean
public UsernamePasswordCredentials usernamePasswordCredentialsClient() {
// pass the user name and password to be used
return new UsernamePasswordCredentials(security.decrypt(username),security.decrypt(password));
}
@Bean
public HttpsUrlConnectionMessageSender httpsUrlConnectionMessageSender() throws Exception {
System.out.println("httpsUrlConnectionMessageSender");
HttpsUrlConnectionMessageSender httpsUrlConnectionMessageSender = new HttpsUrlConnectionMessageSender();
httpsUrlConnectionMessageSender.setTrustManagers(sessionTrustManagersFactoryBean().getObject());
return httpsUrlConnectionMessageSender;
}
@Bean
public KeyStoreFactoryBean sessionTrustStore() {
KeyStoreFactoryBean keyStoreFactoryBean = new KeyStoreFactoryBean();
Resource resTrustStore = resourceLoader.getResource("file:" + trustStore);
keyStoreFactoryBean.setLocation(resTrustStore);
keyStoreFactoryBean.setPassword(security.decrypt(trustPassword));
return keyStoreFactoryBean;
}
@Bean
public TrustManagersFactoryBean sessionTrustManagersFactoryBean() {
TrustManagersFactoryBean trustManagersFactoryBean = new TrustManagersFactoryBean();
trustManagersFactoryBean.setKeyStore(sessionTrustStore().getObject());
return trustManagersFactoryBean;
}
}
密钥库保留我使用Firefox从站点提取的证书。 我是否需要为密钥库设置其他信息? 从我的日志中可以看到,密钥库已成功加载。
解决方法
我不认为您应该在这里"file:":
Resource resTrustStore = resourceLoader.getResource("file:" + trustStore);
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。