java.lang.IllegalStateException: Failed to configure KeyVault 属性 source caused by 未能进行身份验证
java.lang.IllegalStateException: Failed to configure KeyVault property source caused by Failed to do authentication
使用 azure-keyvault-secrets-spring-boot-starter 2.2.1 我们收到以下错误,没有任何提示为什么当我们尝试连接到 azure vault 以选择一些值时会发生。
我们的日志显示:
ERROR org.springframework.boot.SpringApplication - Application run failed
cdb-be_1 | java.lang.IllegalStateException: Failed to configure KeyVault property source
cdb-be_1 | at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessorHelper.addKeyVaultPropertySource(KeyVaultEnvironmentPostProcessorHelper.java:80)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessor.postProcessEnvironment(KeyVaultEnvironmentPostProcessor.java:26)
cdb-be_1 | at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEnvironmentPreparedEvent(ConfigFileApplicationListener.java:177)
cdb-be_1 | at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEvent(ConfigFileApplicationListener.java:165)
cdb-be_1 | at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
cdb-be_1 | at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
cdb-be_1 | at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
cdb-be_1 | at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:127)
cdb-be_1 | at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:76)
cdb-be_1 | at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:53)
cdb-be_1 | at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:342)
cdb-be_1 | at org.springframework.boot.SpringApplication.run(SpringApplication.java:305)
cdb-be_1 | at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215)
cdb-be_1 | at org.springframework.boot.SpringApplication.run(SpringApplication.java:1204)
cdb-be_1 | at com.siemens.sfs.cdb.be.CdbBackendApplication.main(CdbBackendApplication.java:71)
cdb-be_1 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
cdb-be_1 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
cdb-be_1 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
cdb-be_1 | at java.lang.reflect.Method.invoke(Method.java:498)
cdb-be_1 | at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
cdb-be_1 | at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
cdb-be_1 | at org.springframework.boot.loader.Launcher.launch(Launcher.java:51)
cdb-be_1 | at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:52)
cdb-be_1 | Caused by: java.lang.IllegalStateException: Failed to do authentication.
cdb-be_1 | at com.microsoft.azure.keyvault.spring.AzureKeyVaultCredential.refreshToken(AzureKeyVaultCredential.java:66)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.AzureKeyVaultCredential.doAuthenticate(AzureKeyVaultCredential.java:46)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.doAuthenticate(KeyVaultCredentials.java:420)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.getAuthenticationCredentials(KeyVaultCredentials.java:224)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.buildAuthenticatedRequest(KeyVaultCredentials.java:123)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.buildAuthenticatedRequest(KeyVaultCredentials.java:161)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.access0(KeyVaultCredentials.java:34)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.intercept(KeyVaultCredentials.java:76)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
cdb-be_1 | at com.microsoft.rest.interceptors.BaseUrlHandler.intercept(BaseUrlHandler.java:43)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
cdb-be_1 | at com.microsoft.rest.interceptors.RequestIdHeaderInterceptor.intercept(RequestIdHeaderInterceptor.java:29)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
cdb-be_1 | at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:257)
cdb-be_1 | at okhttp3.RealCall.execute(RealCall.java:93)
cdb-be_1 | at retrofit2.OkHttpCall.execute(OkHttpCall.java:186)
cdb-be_1 | at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:40)
cdb-be_1 | at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:24)
cdb-be_1 | at rx.Observable.unsafeSubscribe(Observable.java:10327)
cdb-be_1 | at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48)
cdb-be_1 | at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33)
cdb-be_1 | at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
cdb-be_1 | at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
cdb-be_1 | at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
cdb-be_1 | at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
cdb-be_1 | at rx.Observable.subscribe(Observable.java:10423)
cdb-be_1 | at rx.Observable.subscribe(Observable.java:10390)
cdb-be_1 | at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:443)
cdb-be_1 | at rx.observables.BlockingObservable.single(BlockingObservable.java:340)
cdb-be_1 | at com.microsoft.azure.keyvault.implementation.KeyVaultClientBaseImpl.getSecrets(KeyVaultClientBaseImpl.java:3922)
cdb-be_1 | at com.microsoft.azure.keyvault.implementation.KeyVaultClientCustomImpl.listSecrets(KeyVaultClientCustomImpl.java:1170)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.KeyVaultOperation.fillSecretsList(KeyVaultOperation.java:138)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.KeyVaultOperation.<init>(KeyVaultOperation.java:48)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessorHelper.addKeyVaultPropertySource(KeyVaultEnvironmentPostProcessorHelper.java:69)
cdb-be_1 | ... 22 common frames omitted
cdb-be_1 | Caused by: java.lang.IllegalStateException: Failed to do authentication.
cdb-be_1 | at com.microsoft.azure.utils.AADAuthUtil.getToken(AADAuthUtil.java:31)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.AzureKeyVaultCredential.refreshToken(AzureKeyVaultCredential.java:57)
cdb-be_1 | ... 58 common frames omitted
cdb-be_1 | Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
cdb-be_1 | at java.util.concurrent.FutureTask.report(FutureTask.java:122)
cdb-be_1 | at java.util.concurrent.FutureTask.get(FutureTask.java:206)
cdb-be_1 | at com.microsoft.azure.utils.AADAuthUtil.getToken(AADAuthUtil.java:29)
cdb-be_1 | ... 59 common frames omitted
cdb-be_1 | Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
cdb-be_1 | at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
cdb-be_1 | at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967)
cdb-be_1 | at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:331)
cdb-be_1 | at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)
cdb-be_1 | at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688)
cdb-be_1 | at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
cdb-be_1 | at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082)
cdb-be_1 | at sun.security.ssl.Handshaker.process_record(Handshaker.java:1010)
cdb-be_1 | at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079)
cdb-be_1 | at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388)
cdb-be_1 | at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416)
cdb-be_1 | at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1400)
cdb-be_1 | at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
cdb-be_1 | at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
cdb-be_1 | at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340)
cdb-be_1 | at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315)
cdb-be_1 | at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264)
cdb-be_1 | at com.microsoft.aad.adal4j.AdalOAuthRequest.configureHeaderAndExecuteOAuthCall(AdalOAuthRequest.java:145)
cdb-be_1 | at com.microsoft.aad.adal4j.AdalOAuthRequest.send(AdalOAuthRequest.java:83)
cdb-be_1 | at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:87)
cdb-be_1 | at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:930)
cdb-be_1 | at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:70)
cdb-be_1 | at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:38)
cdb-be_1 | at com.microsoft.aad.adal4j.AdalCallable.call(AdalCallable.java:47)
cdb-be_1 | at java.util.concurrent.FutureTask.run(FutureTask.java:266)
cdb-be_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
cdb-be_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
cdb-be_1 | at java.lang.Thread.run(Thread.java:748)
cdb-be_1 | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
cdb-be_1 | at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:450)
cdb-be_1 | at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:317)
cdb-be_1 | at sun.security.validator.Validator.validate(Validator.java:262)
cdb-be_1 | at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
cdb-be_1 | at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
cdb-be_1 | at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
cdb-be_1 | at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1670)
cdb-be_1 | ... 23 common frames omitted
cdb-be_1 | Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
cdb-be_1 | at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
cdb-be_1 | at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
cdb-be_1 | at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
cdb-be_1 | at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:445)
cdb-be_1 | ... 29 common frames omitted
我们检查的内容:
- 用户名和密码
- 防火墙
- https://MyAzureVault.vault.azure.net
的证书
没有任何帮助。
升级到 azure-keyvault-secrets-spring-boot-starter 2.3.5 后
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-keyvault-secrets-spring-boot-starter</artifactId>
<version>2.3.5</version>
</dependency>
日志显示了额外的信息:
Caused by: java.lang.RuntimeException: Max retries 3 times exceeded. Error Details: java.lang.RuntimeException: Max retries 3 times exceeded. Error Details: connection timed out: login.microsofto nline.com/20.190.129.133:443
这给了我们一个提示,问题出在 https://login.microsoftonline.com - 我们根本不知道那里也有一个连接来获取不记名令牌。
解决方法:
也为 https://login.microsoftonline.com 添加证书。
感谢 Oleg Ruchin 找到了解决方案。
使用 azure-keyvault-secrets-spring-boot-starter 2.2.1 我们收到以下错误,没有任何提示为什么当我们尝试连接到 azure vault 以选择一些值时会发生。
我们的日志显示:
ERROR org.springframework.boot.SpringApplication - Application run failed
cdb-be_1 | java.lang.IllegalStateException: Failed to configure KeyVault property source
cdb-be_1 | at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessorHelper.addKeyVaultPropertySource(KeyVaultEnvironmentPostProcessorHelper.java:80)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessor.postProcessEnvironment(KeyVaultEnvironmentPostProcessor.java:26)
cdb-be_1 | at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEnvironmentPreparedEvent(ConfigFileApplicationListener.java:177)
cdb-be_1 | at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEvent(ConfigFileApplicationListener.java:165)
cdb-be_1 | at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
cdb-be_1 | at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
cdb-be_1 | at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
cdb-be_1 | at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:127)
cdb-be_1 | at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:76)
cdb-be_1 | at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:53)
cdb-be_1 | at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:342)
cdb-be_1 | at org.springframework.boot.SpringApplication.run(SpringApplication.java:305)
cdb-be_1 | at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215)
cdb-be_1 | at org.springframework.boot.SpringApplication.run(SpringApplication.java:1204)
cdb-be_1 | at com.siemens.sfs.cdb.be.CdbBackendApplication.main(CdbBackendApplication.java:71)
cdb-be_1 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
cdb-be_1 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
cdb-be_1 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
cdb-be_1 | at java.lang.reflect.Method.invoke(Method.java:498)
cdb-be_1 | at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
cdb-be_1 | at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
cdb-be_1 | at org.springframework.boot.loader.Launcher.launch(Launcher.java:51)
cdb-be_1 | at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:52)
cdb-be_1 | Caused by: java.lang.IllegalStateException: Failed to do authentication.
cdb-be_1 | at com.microsoft.azure.keyvault.spring.AzureKeyVaultCredential.refreshToken(AzureKeyVaultCredential.java:66)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.AzureKeyVaultCredential.doAuthenticate(AzureKeyVaultCredential.java:46)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.doAuthenticate(KeyVaultCredentials.java:420)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.getAuthenticationCredentials(KeyVaultCredentials.java:224)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.buildAuthenticatedRequest(KeyVaultCredentials.java:123)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.buildAuthenticatedRequest(KeyVaultCredentials.java:161)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.access0(KeyVaultCredentials.java:34)
cdb-be_1 | at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.intercept(KeyVaultCredentials.java:76)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
cdb-be_1 | at com.microsoft.rest.interceptors.BaseUrlHandler.intercept(BaseUrlHandler.java:43)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
cdb-be_1 | at com.microsoft.rest.interceptors.RequestIdHeaderInterceptor.intercept(RequestIdHeaderInterceptor.java:29)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
cdb-be_1 | at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
cdb-be_1 | at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:257)
cdb-be_1 | at okhttp3.RealCall.execute(RealCall.java:93)
cdb-be_1 | at retrofit2.OkHttpCall.execute(OkHttpCall.java:186)
cdb-be_1 | at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:40)
cdb-be_1 | at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:24)
cdb-be_1 | at rx.Observable.unsafeSubscribe(Observable.java:10327)
cdb-be_1 | at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48)
cdb-be_1 | at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33)
cdb-be_1 | at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
cdb-be_1 | at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
cdb-be_1 | at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
cdb-be_1 | at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
cdb-be_1 | at rx.Observable.subscribe(Observable.java:10423)
cdb-be_1 | at rx.Observable.subscribe(Observable.java:10390)
cdb-be_1 | at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:443)
cdb-be_1 | at rx.observables.BlockingObservable.single(BlockingObservable.java:340)
cdb-be_1 | at com.microsoft.azure.keyvault.implementation.KeyVaultClientBaseImpl.getSecrets(KeyVaultClientBaseImpl.java:3922)
cdb-be_1 | at com.microsoft.azure.keyvault.implementation.KeyVaultClientCustomImpl.listSecrets(KeyVaultClientCustomImpl.java:1170)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.KeyVaultOperation.fillSecretsList(KeyVaultOperation.java:138)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.KeyVaultOperation.<init>(KeyVaultOperation.java:48)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessorHelper.addKeyVaultPropertySource(KeyVaultEnvironmentPostProcessorHelper.java:69)
cdb-be_1 | ... 22 common frames omitted
cdb-be_1 | Caused by: java.lang.IllegalStateException: Failed to do authentication.
cdb-be_1 | at com.microsoft.azure.utils.AADAuthUtil.getToken(AADAuthUtil.java:31)
cdb-be_1 | at com.microsoft.azure.keyvault.spring.AzureKeyVaultCredential.refreshToken(AzureKeyVaultCredential.java:57)
cdb-be_1 | ... 58 common frames omitted
cdb-be_1 | Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
cdb-be_1 | at java.util.concurrent.FutureTask.report(FutureTask.java:122)
cdb-be_1 | at java.util.concurrent.FutureTask.get(FutureTask.java:206)
cdb-be_1 | at com.microsoft.azure.utils.AADAuthUtil.getToken(AADAuthUtil.java:29)
cdb-be_1 | ... 59 common frames omitted
cdb-be_1 | Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
cdb-be_1 | at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
cdb-be_1 | at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967)
cdb-be_1 | at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:331)
cdb-be_1 | at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)
cdb-be_1 | at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688)
cdb-be_1 | at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
cdb-be_1 | at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082)
cdb-be_1 | at sun.security.ssl.Handshaker.process_record(Handshaker.java:1010)
cdb-be_1 | at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079)
cdb-be_1 | at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388)
cdb-be_1 | at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416)
cdb-be_1 | at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1400)
cdb-be_1 | at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
cdb-be_1 | at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
cdb-be_1 | at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340)
cdb-be_1 | at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315)
cdb-be_1 | at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264)
cdb-be_1 | at com.microsoft.aad.adal4j.AdalOAuthRequest.configureHeaderAndExecuteOAuthCall(AdalOAuthRequest.java:145)
cdb-be_1 | at com.microsoft.aad.adal4j.AdalOAuthRequest.send(AdalOAuthRequest.java:83)
cdb-be_1 | at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:87)
cdb-be_1 | at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:930)
cdb-be_1 | at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:70)
cdb-be_1 | at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:38)
cdb-be_1 | at com.microsoft.aad.adal4j.AdalCallable.call(AdalCallable.java:47)
cdb-be_1 | at java.util.concurrent.FutureTask.run(FutureTask.java:266)
cdb-be_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
cdb-be_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
cdb-be_1 | at java.lang.Thread.run(Thread.java:748)
cdb-be_1 | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
cdb-be_1 | at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:450)
cdb-be_1 | at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:317)
cdb-be_1 | at sun.security.validator.Validator.validate(Validator.java:262)
cdb-be_1 | at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
cdb-be_1 | at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
cdb-be_1 | at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
cdb-be_1 | at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1670)
cdb-be_1 | ... 23 common frames omitted
cdb-be_1 | Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
cdb-be_1 | at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
cdb-be_1 | at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
cdb-be_1 | at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
cdb-be_1 | at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:445)
cdb-be_1 | ... 29 common frames omitted
我们检查的内容:
- 用户名和密码
- 防火墙
- https://MyAzureVault.vault.azure.net 的证书
没有任何帮助。
升级到 azure-keyvault-secrets-spring-boot-starter 2.3.5 后
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-keyvault-secrets-spring-boot-starter</artifactId>
<version>2.3.5</version>
</dependency>
日志显示了额外的信息:
Caused by: java.lang.RuntimeException: Max retries 3 times exceeded. Error Details: java.lang.RuntimeException: Max retries 3 times exceeded. Error Details: connection timed out: login.microsofto nline.com/20.190.129.133:443
这给了我们一个提示,问题出在 https://login.microsoftonline.com - 我们根本不知道那里也有一个连接来获取不记名令牌。
解决方法: 也为 https://login.microsoftonline.com 添加证书。
感谢 Oleg Ruchin 找到了解决方案。