Java rabbitmq SSL 问题 java.net.SocketException: Broken pipe (Write failed)
[英]Java rabbitmq SSL issue java.net.SocketException: Broken pipe (Write failed)
问题描述
package com.rm.rabbitmq.tls;
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
import com.rabbitmq.client.*;
public class Example2 {
public static void main(String[] args) throws Exception {
char[] keyPassphrase = "".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream("/Users/global/Documents/tls-gen/basic/result/client_key.p12"), keyPassphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keyPassphrase);
char[] trustPassphrase = "welcome".toCharArray();
KeyStore tks = KeyStore.getInstance("JKS");
tks.load(new FileInputStream("/Users/global/Documents/tls-gen/basic/result/truststore"), trustPassphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(tks);
SSLContext c = SSLContext.getInstance("TLSv1.3");
c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
factory.setPort(5671);
factory.useSslProtocol(c);
factory.useSslProtocol("TLSv1.2");
//factory.enableHostnameVerification();
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
channel.basicPublish("", "rabbitmq-java-test", null, "Hello, World".getBytes());
GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
if (chResponse == null) {
System.out.println("No message retrieved");
} else {
byte[] body = chResponse.getBody();
System.out.println("Received: " + new String(body));
}
channel.close();
conn.close();
}
}
RabbitMq configuration file advanced.config 
RabbitMq 配置文件 advanced.config
[
{ssl, [{versions, ['tlsv1.3', 'tlsv1.2','tlsv1.1']}]},
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile, "/Users/global/Documents/tls-gen/basic/result/ca_certificate.pem"},
{certfile, "/Users/global/Documents/tls-gen/basic/result/server_certificate.pem"},
{keyfile, "/Users/global/Documents/tls-gen/basic/result/server_key.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, true}]}
]}
].
Let's verify whether rabbitMq started supporting the TLS connections or not?让我们验证一下 rabbitMq 是否开始支持 TLS 连接?
2022-06-02 21:20:29.062237+05:30 [info] <0.658.0> started TCP listener on 127.0.0.1:5672
2022-06-02 21:20:29.063290+05:30 [info] <0.678.0> started TLS (SSL) listener on [::]:5671
Now time to check the detailed error while connecting to rabbitmq using the java client.现在是时候检查使用 java 客户端连接到 rabbitmq 时的详细错误了。
javax.net.ssl|FINE|01|main|2022-06-02 22:08:46.906 IST|SunX509KeyManagerImpl.java:164|found key for : 1 (
"certificate" : {
"version" : "v3",
"serial number" : "02",
"signature algorithm": "SHA256withRSA",
"issuer" : "L=$$$$, CN=TLSGenSelfSignedtRootCA 2022-06-01T22:41:29.160912",
"not before" : "2022-06-01 22:41:33.000 IST",
"not after" : "2032-05-29 22:41:33.000 IST",
"subject" : "O=client, CN=del1-lmc-n72765.local",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://localhost:8000/basic.crl]
]]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: del1-lmc-n72765.local
DNSName: del1-lmc-n72765.local
DNSName: localhost
]
}
]}
)
javax.net.ssl|FINE|01|main|2022-06-02 22:08:46.916 IST|X509TrustManagerImpl.java:78|adding as trusted certificates (
"certificate" : {
"version" : "v3",
"serial number" : "01",
"signature algorithm": "SHA256withRSA",
"issuer" : "L=$$$$, CN=TLSGenSelfSignedtRootCA 2022-06-01T22:41:29.160912",
"not before" : "2022-06-01 22:41:32.000 IST",
"not after" : "2032-05-29 22:41:32.000 IST",
"subject" : "O=server, CN=del1-lmc-n72765.local",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 80 1C 48 61 BB 42 15 D6 0C 1C 2A D8 37 B6 13 94 ..Ha.B....*.7...
0010: 9A 91 65 3F ..e?
]
]
},
{
ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://localhost:8000/basic.crl]
]]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: del1-lmc-n72765.local
DNSName: del1-lmc-n72765.local
DNSName: localhost
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CF 1A 03 E3 8D EB F5 53 5E E2 3C 49 AF C9 15 2B .......S^.<I...+
0010: 20 89 DF 65 ..e
]
]
}
]}
)
javax.net.ssl|FINE|01|main|2022-06-02 22:08:47.170 IST|SSLSocketOutputRecord.java:258|WRITE: TLS12 handshake, length = 258
javax.net.ssl|SEVERE|01|main|2022-06-02 22:08:47.174 IST|TransportContext.java:362|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking (
"throwable" : {
java.net.SocketException: Broken pipe (Write failed)
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)
at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at sun.security.ssl.SSLSocketOutputRecord.flush(SSLSocketOutputRecord.java:268)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:89)
at sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:572)
at sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:509)
at sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:115)
at sun.security.ssl.TransportContext.kickstart(TransportContext.java:250)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394)
at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:819)
at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:75)
at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1104)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.DataOutputStream.flush(DataOutputStream.java:123)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:129)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:134)
at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:276)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:590)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:612)
at com.rm.rabbitmq.tls.Example2.main(Example2.java:40)}
)
javax.net.ssl|ALL|01|main|2022-06-02 22:08:47.174 IST|SSLSessionImpl.java:839|Invalidated session: Session(1654187927078|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|FINE|01|main|2022-06-02 22:08:47.175 IST|SSLSocketOutputRecord.java:73|WRITE: TLS12 alert(handshake_failure), length = 2
javax.net.ssl|WARNING|01|main|2022-06-02 22:08:47.176 IST|TransportContext.java:404|Fatal: failed to send fatal alert HANDSHAKE_FAILURE (
"throwable" : {
java.net.SocketException: Broken pipe (Write failed)
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)
at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:83)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:401)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:313)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:819)
at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:75)
at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1104)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.DataOutputStream.flush(DataOutputStream.java:123)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:129)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:134)
at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:276)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:590)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:612)
at com.rm.rabbitmq.tls.Example2.main(Example2.java:40)}
)
javax.net.ssl|FINE|01|main|2022-06-02 22:08:47.176 IST|SSLSocketImpl.java:1510|close the underlying socket
javax.net.ssl|FINE|01|main|2022-06-02 22:08:47.176 IST|SSLSocketImpl.java:1529|close the SSL connection (initiative)
Exception in thread "main" javax.net.ssl.SSLException: Couldn't kickstart handshaking
at sun.security.ssl.Alert.createSSLException(Alert.java:127)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:370)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:313)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:819)
at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:75)
at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1104)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.DataOutputStream.flush(DataOutputStream.java:123)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:129)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:134)
at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:276)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:590)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:612)
at com.rm.rabbitmq.tls.Example2.main(Example2.java:40)
Suppressed: java.net.SocketException: Broken pipe (Write failed)
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)
at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:83)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:401)
... 14 more
Caused by: java.net.SocketException: Broken pipe (Write failed)
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)
at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at sun.security.ssl.SSLSocketOutputRecord.flush(SSLSocketOutputRecord.java:268)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:89)
at sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:572)
at sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:509)
at sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:115)
at sun.security.ssl.TransportContext.kickstart(TransportContext.java:250)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394)
... 12 more
openssl s_client -connect localhost:5672
CONNECTED(00000005)
4305976812:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:/System/Volumes/Data/SWE/macOS/BuildRoots/9dc5c14c79/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.3/libressl-2.8/ssl/ssl_pkt.c:386:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1654306955
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
openssl s_client -connect localhost:5671
CONNECTED(00000005)
write:errno=54
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1654307520
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
I already spent a day trying to resolve this issue but still, I am vulnerable to how to fix this.我已经花了一天时间试图解决这个问题,但我仍然很容易受到如何解决这个问题的影响。 I visited 100 threads already to resolve this but no clue.我已经访问了 100 个线程来解决这个问题,但没有任何线索。
Thank you so much for your attention and participation.非常感谢您的关注和参与。
1 个解决方案
解决方案1
0 2022-06-05 04:25:52
After the 3 days/night, I fixed the problem.在 3 天/夜之后,我解决了这个问题。
Step:1 I mistakenly calling
factory.useSslProtocol("TLSv1.2");
步骤:1 我错误地调用
了 factory.useSslProtocol("TLSv1.2");
which was already called factory.useSslProtocol(c);这已经被称为factory.useSslProtocol(c);
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
factory.setPort(5671);
factory.useSslProtocol(c);
Step:2 I have not done this step.步骤:2 我没有做这一步。 Imported the certificate to JDK cacert store将证书导入 JDK cacert 存储
keytool -import -trustcacerts -alias Server_cert1 -file /opt/homebrew/etc/rabbitmq/testca/cacert.cer -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_311.jdk/Contents/Home/jre/lib/security/cacerts
Notice the code: SSLContext.getInstance("TLSv1.3") This code picks up the certificates added to JDK cacert store.注意代码: SSLContext.getInstance("TLSv1.3")此代码获取添加到 JDK cacert 存储的证书。 So make a note of it.所以记下它。
Step:3 Whenever we want to secure a connection we have to change rabbitmq.config or advanced.config to configure the certificates.步骤:3 每当我们想要保护连接时,我们都必须更改 rabbitmq.config 或 advanced.config 来配置证书。
Earlier advanced.conf file.早期的 advanced.conf 文件。
Now I changed to[ {ssl, [{versions, ['tlsv1.3', 'tlsv1.2','tlsv1.1']}]}, {rabbit, [ {ssl_listeners, [5671]}, {auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']}, {ssl_options, [{cacertfile, "/Users/global/Documents/tls-gen/basic/result/ca_certificate.pem"}, {certfile, "/Users/global/Documents/tls-gen/basic/result/server_certificate.pem"}, {keyfile, "/Users/global/Documents/tls-gen/basic/result/server_del1-lmc-n72765.local_key.pem"}, {verify, verify_peer}, {password, "1234"}, {fail_if_no_peer_cert, true}]} ]} ].
现在我改为
[ {ssl, [{versions, ['tlsv1.3', 'tlsv1.2','tlsv1.1']}]}, {rabbit, [ {ssl_listeners, [5671]}, {auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']}, {ssl_options, [{cacertfile, "/opt/homebrew/etc/rabbitmq/testca/cacert.pem"}, {certfile, "/opt/homebrew/etc/rabbitmq/server/cert.pem"}, {keyfile, "/opt/homebrew/etc/rabbitmq/server/key.pem"}, {verify, verify_peer}, {password, "1234"}, {fail_if_no_peer_cert, true}]} ]} ]. I will cover the rabbitMq SSL configuration in the blog.我将在博客中介绍 rabbitMq SSL 配置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
相互SSL异常发送警报:java.net.SocketException:管道断开(写入失败) - Mutual SSL Exception sending alert: java.net.SocketException: Broken pipe (Write failed)
java.net.SocketException:sendto失败:Android上的EPIPE(管道断开) - java.net.SocketException: sendto failed: EPIPE (Broken pipe) on Android
Apache HttpClient 4.5.13 java.net.SocketException: Broken pipe(写入失败) - Apache HttpClient 4.5.13 java.net.SocketException: Broken pipe (Write failed)
java.net.SocketException:SMTP管道损坏 - java.net.SocketException: Broken pipe with SMTP
java.net.SocketException:管道损坏 - java.net.SocketException: Broken pipe
java.net.SocketException:管道损坏 - java.net.SocketException: Broken pipe
java.net.SocketException:将 json 有效负载发布到 rest api 时管道损坏(写入失败) - java.net.SocketException: Broken pipe (Write failed) while posting json payload to rest api
redis.clients.jedis.exceptions.JedisConnectionException: java.net.SocketException: Broken pipe (Write failed) - redis.clients.jedis.exceptions.JedisConnectionException: java.net.SocketException: Broken pipe (Write failed)
钻探到Hive连接错误(org.apache.thrift.transport.TTransportException java.net.SocketException:管道断开(写入失败)) - Drill to Hive connectivity error(org.apache.thrift.transport.TTransportException java.net.SocketException: Broken pipe (Write failed))
Java和telnet-java.net.SocketException:管道损坏 - Java and telnet - java.net.SocketException: Broken pipe
相关标签