1. Accueil
  2. Question et réponse
  3. Vous ne pouvez pas utiliser l'API Amazon S3 via SSL?

Vous ne pouvez pas utiliser l'API Amazon S3 via SSL?

2016-02-02 3 views
5

J'essaie d'utiliser l'API Amazon S3 pour crypter et télécharger un fichier.Vous ne pouvez pas utiliser l'API Amazon S3 via SSL?

public class AmazonS3 { 

    String KmsId = "my_id_comes_here"; 

    private TransferManager getTransferManager() { 
     AWSCredentials awsCredentials = new ProfileCredentialsProvider().getCredentials(); 
     KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(KmsId); 
     AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(awsCredentials, materialProvider, 
       new CryptoConfiguration().withKmsRegion(Regions.EU_CENTRAL_1)).withRegion(Regions.EU_CENTRAL_1); 
     s3Client.setEndpoint("s3.eu-central-1.amazonaws.com"); 
     TransferManager transferManager = new TransferManager(s3Client); 
     return transferManager; 
    } 

    public void upload(String bucket, String keyName, String filePath) 
      throws InterruptedException, NoSuchAlgorithmException, IOException, InvalidKeySpecException { 

     TransferManager transferManager = getTransferManager(); 
     // TransferManager processes all transfers asynchronously, so this call will return immediately. 
     Upload upload = transferManager.upload(bucket, keyName, new File(filePath)); 

     try { 
      // Or you can block and wait for the upload to finish 
      upload.waitForCompletion(); 
      System.out.println("Upload complete."); 
     } catch (AmazonClientException amazonClientException) { 
      System.out.println("Unable to upload file, upload was aborted."); 
      amazonClientException.printStackTrace(); 
     } 
    }

Ce qui fonctionne très bien si je ne passe pas montrustore comme arguments à ma demande.

Mais, si je initialise ma demande avec mon trustore comme ceci:

-Dspring.profiles.active="dev" -Djavax.net.debug=all -Djavax.net.ssl.trustStore=/usr/share/ca-certificates/anevis/java/activemq/client.ts -Djavax.net.ssl.trustStorePassword=changeit

Il me donne cette erreur:

com.amazonaws.AmazonClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:516) 
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:317) 
    at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3595) 
    at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:999) 
    at com.amazonaws.services.s3.transfer.TransferManager.doDownload(TransferManager.java:779) 
    at com.amazonaws.services.s3.transfer.TransferManager.download(TransferManager.java:691) 
    at com.anevis.documentengine.configuration.jms.AmazonS3.download(AmazonS3.java:57) 
    at com.anevis.documentengine.configuration.jms.S3UploadTest.testUpload(S3UploadTest.java:25) 
    at com.anevis.documentengine.configuration.jms.S3UploadTest.main(S3UploadTest.java:9) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:497) 
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144) 
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) 
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) 
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) 
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) 
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) 
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535) 
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403) 
    at com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.connectSocket(SdkTLSSocketFactory.java:128) 
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) 
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) 
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) 
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) 
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) 
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) 
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) 
    at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:749) 
    at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:505) 
    ... 13 more 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) 
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) 
    at sun.security.validator.Validator.validate(Validator.java:260) 
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) 
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) 
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) 
    ... 32 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) 
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) 
    ... 38 more

Comment puis-je corriger cette erreur?

Source

2016-02-02 Valter Silva

Répondre

6

Votre magasin de confiance n'a pas l'autorité de certification qui sécurise les API AWS. Vous devez créer un nouveau magasin de confiance qui combine client.ts avec ceux requis pour AWS. La méthode la plus simple consiste à fusionner client.ts avec le magasin de clés cacerts de JRE.

Exemple:

keytool -importkeystore -srckeystore client.ts -destkeystore combined.ts -srcstorepass changeit -deststorepass changeit 
keytool -importkeystore -srckeystore $JAVA_HOME/jre/lib/security/cacerts -destkeystore combined.ts -srcstorepass changeit -deststorepass changeit

Utilisez ensuite combined.ts au lieu de client.ts.

Source

2016-02-02 16:50:54 ataylor

+0

WOW, ça a marché! Merci Monsieur! –

0

Merci, nous avons eu un problème similaire mais j'ai légèrement modifié la réponse à notre scénario.

J'ai reçu ce com.amazonaws.AmazonClientException: Impossible d'exécuter la requête HTTP: sun.security.validator.ValidatorException: construction de chemin PKIX a échoué: sun.security.provider.certpath.SunCertPathBuilderException: impossible de trouver chemin de certification valide à la demande cible

exception lors de la tentative de connexion à AmazonDynamoDB. Lorsque nous avons déplacé notre application sur HTTPS, nous avons commencé à recevoir cette erreur. Donc, la solution était la même, la seule différence était à la place du client. J'ai dû ajouter un certificat dans cacerts qui a été généré pendant la migration HTTPS. Keybool -importkeystore -srckeystore $ JAVA_HOME/jre/lib/sécurité/cacerts -destkeystore test.p12 -srcstorepass changement -deststorepass test;

Merci,

Source

2016-11-09 18:08:08 Komal

 Questions connexes

  • Aucun problème connexe^_^