如何配置 Oracle 云证书?
How to config Oracle cloud certificate?
我尝试通过Aws-java-sdk-s3-1.11.116连接到oracle云。
当我编写主要方法时。每件事都运作良好。但是当我把方法放到 tomcat 时。它会出错。我不知道为什么。见代码。
运行main方法时,下面是正确的。
public static void main(String[] args) {
// TODO Auto-generated method stub
AmazonS3 client = getAwsClient2();
List<Bucket> listRes = client.listBuckets();
for(int i=0; i< listRes.size();i++)
{
System.out.println(listRes.get(i).getName());
}
}
private static AmazonS3 getAwsClient2() {
BasicAWSCredentials awsCreds = new BasicAWSCredentials("xxxxxxxxxxxxxxxx","xxxxxxxxxxxxxxxxxxxxxx");
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(awsCreds))
.withClientConfiguration(Init())
.withPathStyleAccessEnabled(true)
.withEndpointConfiguration(
new AwsClientBuilder.EndpointConfiguration("xxxx.compat.objectstorage.us-ashburn-1.oraclecloud.com", Region.getRegion(amzRegion).toString()))
.build();
return s3Client;
}
return 是正确的。
16:18:47.776 [main] DEBUG com.amazonaws.requestId - AWS Request ID:
975a50c6-a52b-c0e6-33b3-05d8d8ed44e5
FirstBucket
xxxxx-css-test
as-dev-xxxx-xxx-2dnav
as-dev-xxxx-xxprxxxxoxy-2dvxx
Process finished with exit code 0
但是当我把它放到 tomcat 时。证书会出错。
@GET
@Path("/users/testamazon")
public Response testAmazon() {
AmazonClient.testGetowner();
return Response.ok().build();
}
//the method same as main method.
public static void testGetowner(){
AmazonS3 client = getAwsClient2();
List<Bucket> listRes = client.listBuckets();
for(int i=0; i< listRes.size();i++)
{
System.out.println(listRes.get(i).getName());
}
}
当我调用 restful api 时。 /users/testamazon
com.amazonaws.SdkClientException: Unable to execute HTTP request: Certificate for <xxxx.compat.objectstorage.us-ashburn-1.oraclecloud.com> doesn't match any of the subject alternative names: [swiftobjectstorage.us-ashburn-1.oraclecloud.com]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1069)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1035)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access0(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4187)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4134)
我不知道为什么当我从 restful api 调用方法时,我得到的证书是 'swiftobjectstorage.us-ashburn-1.oraclecloud.com'。
但是当我从 main 方法调用时,证书是'*.compat.objectstorage.us-ashburn-1.oraclecloud.com'。我调试代码,来自 AbstractVerifier.class
的证书链
@Override
public final boolean verify(final String host, final SSLSession session) {
try {
final Certificate[] certs = session.getPeerCertificates();
final X509Certificate x509 = (X509Certificate) certs[0];
当我从 restful api 呼叫时。证书不正确。它是 'swiftobjectstorage.us-ashburn-1.oraclecloud.com'.
我不知道为什么行为不一样。我需要配置什么吗?
为了使用 OCI 对象存储端点,您的客户端需要支持 "Server Name Indication" (SNI)。当客户端不支持 SNI 时,您将获得默认证书,即 "swiftobjectstorage.[region-identifier].oraclecloud.com"。这似乎是这里发生的事情。
有了 Java,SNI 支持就有了 numerous caveats。您在这两个测试中使用相同的 Java 版本吗?
我尝试通过Aws-java-sdk-s3-1.11.116连接到oracle云。 当我编写主要方法时。每件事都运作良好。但是当我把方法放到 tomcat 时。它会出错。我不知道为什么。见代码。 运行main方法时,下面是正确的。
public static void main(String[] args) {
// TODO Auto-generated method stub
AmazonS3 client = getAwsClient2();
List<Bucket> listRes = client.listBuckets();
for(int i=0; i< listRes.size();i++)
{
System.out.println(listRes.get(i).getName());
}
}
private static AmazonS3 getAwsClient2() {
BasicAWSCredentials awsCreds = new BasicAWSCredentials("xxxxxxxxxxxxxxxx","xxxxxxxxxxxxxxxxxxxxxx");
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(awsCreds))
.withClientConfiguration(Init())
.withPathStyleAccessEnabled(true)
.withEndpointConfiguration(
new AwsClientBuilder.EndpointConfiguration("xxxx.compat.objectstorage.us-ashburn-1.oraclecloud.com", Region.getRegion(amzRegion).toString()))
.build();
return s3Client;
}
return 是正确的。
16:18:47.776 [main] DEBUG com.amazonaws.requestId - AWS Request ID:
975a50c6-a52b-c0e6-33b3-05d8d8ed44e5
FirstBucket
xxxxx-css-test
as-dev-xxxx-xxx-2dnav
as-dev-xxxx-xxprxxxxoxy-2dvxx
Process finished with exit code 0
但是当我把它放到 tomcat 时。证书会出错。
@GET
@Path("/users/testamazon")
public Response testAmazon() {
AmazonClient.testGetowner();
return Response.ok().build();
}
//the method same as main method.
public static void testGetowner(){
AmazonS3 client = getAwsClient2();
List<Bucket> listRes = client.listBuckets();
for(int i=0; i< listRes.size();i++)
{
System.out.println(listRes.get(i).getName());
}
}
当我调用 restful api 时。 /users/testamazon
com.amazonaws.SdkClientException: Unable to execute HTTP request: Certificate for <xxxx.compat.objectstorage.us-ashburn-1.oraclecloud.com> doesn't match any of the subject alternative names: [swiftobjectstorage.us-ashburn-1.oraclecloud.com]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1069)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1035)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access0(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4187)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4134)
我不知道为什么当我从 restful api 调用方法时,我得到的证书是 'swiftobjectstorage.us-ashburn-1.oraclecloud.com'。 但是当我从 main 方法调用时,证书是'*.compat.objectstorage.us-ashburn-1.oraclecloud.com'。我调试代码,来自 AbstractVerifier.class
的证书链 @Override
public final boolean verify(final String host, final SSLSession session) {
try {
final Certificate[] certs = session.getPeerCertificates();
final X509Certificate x509 = (X509Certificate) certs[0];
当我从 restful api 呼叫时。证书不正确。它是 'swiftobjectstorage.us-ashburn-1.oraclecloud.com'.
我不知道为什么行为不一样。我需要配置什么吗?
为了使用 OCI 对象存储端点,您的客户端需要支持 "Server Name Indication" (SNI)。当客户端不支持 SNI 时,您将获得默认证书,即 "swiftobjectstorage.[region-identifier].oraclecloud.com"。这似乎是这里发生的事情。
有了 Java,SNI 支持就有了 numerous caveats。您在这两个测试中使用相同的 Java 版本吗?