调用https引发的Graal本机映像引发原因:java.security.InvalidAlgorithmParameterException:trustAnchors参数必须为非空

时间:2019-03-03 22:14:00

标签: aws-lambda micronaut graalvm micronaut-aws substratevm

我正在生成发出https呼叫的Graal本机图像。问题是尝试拨打电话时会引发异常:

@Controller("/")
public class ExampleController {

    private static final Log LOG = LogFactory.getLog(ExampleController.class);
    private ObjectMapper mapper = new ObjectMapper()
            .disable(MapperFeature.CAN_OVERRIDE_ACCESS_MODIFIERS)
            .disable(MapperFeature.ALLOW_FINAL_FIELDS_AS_MUTATORS)
            .enable(JsonParser.Feature.ALLOW_COMMENTS)
            .disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);

    private static final HttpClientFactory<ConnectionManagerAwareHttpClient> httpClientFactory = new
            ApacheHttpClientFactory();

    private HttpClient httpClient;

    public ExampleController() {
        this.httpClient = httpClientFactory.create(HttpClientSettings.adapt(new ClientConfiguration()));
    }

    @Get("/http")
    public String httpClient() throws IOException {

        String url = "https://www.google.com/search?q=httpClient";
        HttpGet request = new HttpGet(url);

        // add request header
        HttpResponse response = httpClient.execute(request);

        System.out.println("Response Code : "
                + response.getStatusLine().getStatusCode());
        return "ok";
    }
}

跟踪:

Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
        at com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.connectSocket(SdkTLSSocketFactory.java:142)
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.amazonaws.http.conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerFactory.java:76)
        at com.amazonaws.http.conn.$Proxy225.connect(Unknown Source)
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:394)
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
        at com.amazonaws.http.apache.client.impl.SdkHttpClient.execute(SdkHttpClient.java:72)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1297)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1113)
        ... 49 more
Caused by: java.security.cert.CertificateException: No X509TrustManager implementation available
        at sun.security.ssl.DummyX509TrustManager.checkServerTrusted(SSLContextImpl.java:1290)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
        ... 73 more

以前,我不得不手动添加一堆类reflect.json,直到到达我不知道如何继续的地方:

, {
  "name" : "com.sun.crypto.provider.HmacCore",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "com.sun.crypto.provider.HmacCore$HmacSHA256",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "sun.security.provider.X509Factory",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "sun.security.x509.AuthorityKeyIdentifierExtension",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "sun.security.x509.SubjectKeyIdentifierExtension",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "sun.security.x509.SubjectAlternativeNameExtension",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "sun.security.x509.KeyUsageExtension",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "sun.security.x509.CRLDistributionPointsExtension",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "sun.security.x509.ExtendedKeyUsageExtension",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "sun.security.x509.CertificatePoliciesExtension",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "sun.security.x509.AuthorityInfoAccessExtension",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "sun.security.x509.BasicConstraintsExtension",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}, {
  "name" : "sun.security.ssl.X509TrustManagerImpl",
  "allPublicMethods" : true,
  "allDeclaredConstructors" : true
}

Github上有一个项目:https://github.com/codependent/graal-app

要对其进行测试,请运行:

  1. export AWS_DEFAULT_REGION=eu-central-1
  2. docker build . -t graap-app
  3. ./sam-local.sh

更新:

我在https://github.com/oracle/graal/blob/master/substratevm/JCA-SECURITY-SERVICES.md找到了与安全相关的文档

我删除了添加到reflect.json的所有类,而是将--enable-all-security-services标志放入位于native-image的{​​{1}}命令中。

现在错误是:

  

由以下原因导致:java.security.InvalidAlgorithmParameterException:   trustAnchors参数必须为非空

0 个答案:

没有答案