我正在使用Spring Social登录gmail帐户进入我的webapp。我实现了这个功能,但是今天我得到了
javax.net.ssl.SSLPeerUnverifiedException: Host name 'www.googleapis.com' does not match the certificate subject provided by the peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US)
这是堆栈跟踪:
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name 'www.googleapis.com' does not match the certificate subject provided by the peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:84)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:52)
at org.springframework.http.client.InterceptingClientHttpRequest$RequestExecution.execute(InterceptingClientHttpRequest.java:94)
at org.springframework.social.oauth2.OAuth2RequestInterceptor.intercept(OAuth2RequestInterceptor.java:45)
at org.springframework.http.client.InterceptingClientHttpRequest$RequestExecution.execute(InterceptingClientHttpRequest.java:84)
at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:69)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:52)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:541)
... 44 more
如果我使用firefox浏览到网址:https://www.apis.google.com/ 我收到警告证明该证书对该域名无效。
春天社交的召唤有什么问题吗? 如何临时禁用gmail spring social的主机验证?
答案 0 :(得分:11)
我遇到了同样的问题。我最好的猜测。 HTTPs呼叫和证书之间存在不匹配。这看起来像是一个谷歌问题,然后是Spring Social Google API问题。
不确定这个问题发生了多长时间。我昨天开始研究这段代码。
将打开Google和Spring Google Social的错误
上的社交错误59:27:345 ERROR org.springframework.social.connect.web.ProviderSignInController.oauth2Callback Message=Exception while completing OAuth 2 connection:
org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://www.googleapis.com/plus/v1/people/me":Host name 'www.googleapis.com' does not match the certificate subject provided by the peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US); nested exception is javax.net.ssl.SSLPeerUnverifiedException: Host name 'www.googleapis.com' does not match the certificate subject provided by the peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:580)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:530)
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:237)
at org.springframework.social.google.api.impl.AbstractGoogleApiOperations.getEntity(AbstractGoogleApiOperations.java:50)
at org.springframework.social.google.api.plus.impl.PlusTemplate.getPerson(PlusTemplate.java:105)
at org.springframework.social.google.api.plus.impl.PlusTemplate.getGoogleProfile(PlusTemplate.java:110)
at org.springframework.social.google.connect.GoogleAdapter.fetchUserProfile(GoogleAdapter.java:51)
at org.springframework.social.google.connect.GoogleAdapter.fetchUserProfile(GoogleAdapter.java:31)
at org.springframework.social.google.connect.GoogleConnectionFactory.extractProviderUserId(GoogleConnectionFactory.java:37)
at org.springframework.social.connect.support.OAuth2ConnectionFactory.createConnection(OAuth2ConnectionFactory.java:91)
at org.springframework.social.connect.web.ConnectSupport.completeConnection(ConnectSupport.java:161)
at org.springframework.social.connect.web.ProviderSignInController.oauth2Callback(ProviderSignInController.java:216)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
终于找到了解决这个问题的方法。
将HttpClient降级为4.3.x.有一个错误已归档并已解决标记为4.5.x https://issues.apache.org/jira/browse/HTTPCLIENT-1613
供参考 - https://github.com/GabiAxel/spring-social-google/issues/67#issuecomment-97154525
答案 1 :(得分:0)
如果我使用firefox浏览到网址:https://www.apis.google.com/我收到证明该证书对此域名无效的警告。
主机名必须为apis.google.com,即没有www。然后证书验证应该成功。
春天社交的召唤有什么问题吗?
在这里您使用其他名称,即www.googleapis.com。该名称的证书是正确的。
主机名称' www.googleapis.com'与对等方提供的证书主题不匹配(CN = * .storage.googleapis.com,O = Google Inc,L = Mountain View,ST = California,C = US)
虽然CN确实*.storage.googleapis.com,但*.googleapis.com的主题替代名称与www.googleapis.com匹配。这意味着您的代码使用的主机名检查是错误的。我不知道这个错误检查的来源,但它可能是旧版本的Java或您使用的库。
如何临时禁用gmail spring social的主机验证?
这是一个坏主意,因为这会破坏使用https的原因。
答案 2 :(得分:0)
检查您是否使用HttpClient。然后更改为HttpClient 4.3.x库,而不是4.4.x。
<!-- http://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.3.1</version>
</dependency>