堆栈内存溢出
  繁体   English   中英

Quarkus @RegisterRestClient 和 quarkus.tls.trust-all 参数 rest 客户端证书检查禁用

[英]Quarkus @RegisterRestClient and quarkus.tls.trust-all param rest client certificate check disable

 原文  2021-03-01 20:11:46       java/ ssl/ quarkus

问题描述

所以我有我的 quarkus 应用程序和使用 @RegisterRestClient 注释的接口,一切正常,但我想要访问的服务的 url 是 https。 所以难怪我会出错。

这一切都处于开发阶段,因此绝对不值得配置适当的证书(更不用说它是自签名的)。

然后我发现了这篇文章https://github.com/quarkusio/quarkus/issues/12266和这篇文章https://github.com/quarkusio/quarkus/issues/8975 ,而且,似乎,添加quarkus.tls.trust-all=true应该 rest 我的情况。 但是,在 java 模式下使用 quarkus 1.12.0.Final 我仍然得到下面的堆栈跟踪。

谁能指导我一些如何解决这个问题的想法? 我最初的猜测是trust.all参数在某种程度上不适用于这个特定的自动生成的休息客户端。 或者,也许我应该以某种方式全局更改 quarkus 的 ssl-engine,以便设置生效。

2021-03-01 22:55:04,998 ERROR [io.qua.run.Application] (Quarkus Main Thread) Failed to start application (with profile dev,noauth,postgres): sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
    at java.base/sun.security.validator.Validator.validate(Validator.java:264)
    at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1408)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1314)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
    at org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine.invoke(ManualClosingApacheHttpClient43Engine.java:268)
    at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:491)
    at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:149)
    at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112)
    at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)
    at com.sun.proxy.$Proxy81.printRzdPolicy(Unknown Source)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.jboss.resteasy.microprofile.client.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:147)

1 个解决方案

解决方案1
 0  2021-03-01 20:44:05

那应该行得通。 您可以尝试在application.properties中设置此属性:

<REST CLIENT NAME>/mp-rest/hostnameVerifier=io.quarkus.restclient.NoopHostnameVerifier

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将应用程序属性注入为 RegisterRestClient baseUri Quarkus 具有客户端凭据访问令牌的 Quarkus Rest 客户端 如何测试 Quarkus REST 客户端接口? Quarkus rest 客户端参数查询编码 Quarkus 上的响应式微配置文件 REST 客户端块 Quarkus rest-client 多部分文件上传 Quarkus Mockito 不使用 Rest 客户端注入模拟 如何使用 Quarkus 以两种方式 SSL 从 REST 服务中的请求中检索客户端证书 如何为 Quarkus REST 客户端配置 ObjectMapper Quarkus Rest 客户端未在 ClientHeadersFactory 的实现中注入 ConfigProperty
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM