无法调用 jboss 中的 api.backblaze.com
Unable to call api.backblaze.com out of jboss
我正在尝试将图像上传到 backblaze 在线存储。我使用 backblaze java-sdk 进行调用。尝试上传图片时出现以下错误:
2020-04-25 11:19:45,443 ERROR [stderr] (default task-10) <B2Exception 904 io_exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target talking to https://api.backblazeb2.com/b2api/v2/b2_authorize_account>
我在 backblaze 网站上找不到关于添加任何证书的必要性的任何信息。
在互联网上进行了一些研究后,我发现我应该这样做?将 backblaze 证书添加到我的 java 安装的信任库中。所以我使用 chrome 从 https://www.backblaze.com/ 下载证书(保存为 .cer 文件)并使用此命令将其安装到我的 java:
keytool -import -alias backblaze -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass <password> -keypass changeit -file .../backblaze.cer -noprompt
我在执行这条命令的时候也能看到:
keytool -list -v -keystore "%JAVA_HOME%/jre/lib/security/cacerts"
有一个别名为 backblaze 的条目
在我的 jboss 启动期间使用 VM 选项 -Djavax.net.debug=ssl 我可以看到 java 使用正确的信任库并找到一个带有 backblaze 别名的条目:
2020-04-25 10:46:52,483 INFO [stdout] (default task-2) trustStore is: C:\Program Files\Java\jdk1.8.0_77\jre\lib\security\cacerts
2020-04-25 10:46:52,483 INFO [stdout] (default task-2) trustStore type is : jks
2020-04-25 10:46:52,483 INFO [stdout] (default task-2) trustStore provider is :
2020-04-25 10:46:52,484 INFO [stdout] (default task-2) init truststore
...
2020-04-25 10:46:52,564 INFO [stdout] (default task-2) adding as trusted cert:
2020-04-25 10:46:52,739 INFO [stdout] (default task-2) Subject: CN=backblaze.com, O="Backblaze, Inc.", L=San Mateo, ST=California, C=US, SERIALNUMBER=4337553, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization
2020-04-25 10:46:52,739 INFO [stdout] (default task-2) Issuer: CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
...
所以我认为 java 进程可以找到正确的证书,但是当我无法访问 api.backblaze 端点时,我得到了握手异常:
2020-04-25 11:19:45,443 ERROR [stderr] (default task-10) <B2Exception 904 io_exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target talking to https://api.backblazeb2.com/b2api/v2/b2_authorize_account>
2020-04-25 11:19:45,444 ERROR [stderr] (default task-10) at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.translateToB2Exception(B2WebApiHttpClientImpl.java:256)
2020-04-25 11:19:45,445 ERROR [stderr] (default task-10) at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.postAndReturnString(B2WebApiHttpClientImpl.java:223)
2020-04-25 11:19:45,445 ERROR [stderr] (default task-10) at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.postJsonAndReturnString(B2WebApiHttpClientImpl.java:185)
2020-04-25 11:19:45,445 ERROR [stderr] (default task-10) at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.postJsonReturnJson(B2WebApiHttpClientImpl.java:71)
2020-04-25 11:19:45,445 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2StorageClientWebifierImpl.authorizeAccount(B2StorageClientWebifierImpl.java:141)
2020-04-25 11:19:45,445 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2AccountAuthorizerSimpleImpl.authorize(B2AccountAuthorizerSimpleImpl.java:38)
2020-04-25 11:19:45,446 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2AccountAuthorizationCache.get(B2AccountAuthorizationCache.java:50)
2020-04-25 11:19:45,446 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2UploadUrlCache.get(B2UploadUrlCache.java:87)
2020-04-25 11:19:45,446 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2StorageClientImpl.lambda$uploadSmallFile(B2StorageClientImpl.java:207)
2020-04-25 11:19:45,446 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2Retryer.doRetry(B2Retryer.java:85)
2020-04-25 11:19:45,446 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2StorageClientImpl.uploadSmallFile(B2StorageClientImpl.java:204)
我是 SSL 的新手,我不明白我做错了什么。要么我下载了错误的证书(并且 api.backblaze 有一个我必须安装的额外证书),要么我配置了我的 java 信任库错误。
好吧,经过一番折腾,我发现我用错了证书。我必须从 api.backblazeb2.com 下载证书并安装它:
下载:
keytool -printcert -sslserver api.backblazeb2.com:443 -rfc > api.backblazeb2.cer
安装:
keytool -import -alias api.backblazeb2 -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit -keypass changeit -file api.backblazeb2.cer -nopro
mpt
确保在那之后重新启动您的 java 进程。
我正在尝试将图像上传到 backblaze 在线存储。我使用 backblaze java-sdk 进行调用。尝试上传图片时出现以下错误:
2020-04-25 11:19:45,443 ERROR [stderr] (default task-10) <B2Exception 904 io_exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target talking to https://api.backblazeb2.com/b2api/v2/b2_authorize_account>
我在 backblaze 网站上找不到关于添加任何证书的必要性的任何信息。
在互联网上进行了一些研究后,我发现我应该这样做?将 backblaze 证书添加到我的 java 安装的信任库中。所以我使用 chrome 从 https://www.backblaze.com/ 下载证书(保存为 .cer 文件)并使用此命令将其安装到我的 java:
keytool -import -alias backblaze -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass <password> -keypass changeit -file .../backblaze.cer -noprompt
我在执行这条命令的时候也能看到:
keytool -list -v -keystore "%JAVA_HOME%/jre/lib/security/cacerts"
有一个别名为 backblaze 的条目
在我的 jboss 启动期间使用 VM 选项 -Djavax.net.debug=ssl 我可以看到 java 使用正确的信任库并找到一个带有 backblaze 别名的条目:
2020-04-25 10:46:52,483 INFO [stdout] (default task-2) trustStore is: C:\Program Files\Java\jdk1.8.0_77\jre\lib\security\cacerts
2020-04-25 10:46:52,483 INFO [stdout] (default task-2) trustStore type is : jks
2020-04-25 10:46:52,483 INFO [stdout] (default task-2) trustStore provider is :
2020-04-25 10:46:52,484 INFO [stdout] (default task-2) init truststore
...
2020-04-25 10:46:52,564 INFO [stdout] (default task-2) adding as trusted cert:
2020-04-25 10:46:52,739 INFO [stdout] (default task-2) Subject: CN=backblaze.com, O="Backblaze, Inc.", L=San Mateo, ST=California, C=US, SERIALNUMBER=4337553, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization
2020-04-25 10:46:52,739 INFO [stdout] (default task-2) Issuer: CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
...
所以我认为 java 进程可以找到正确的证书,但是当我无法访问 api.backblaze 端点时,我得到了握手异常:
2020-04-25 11:19:45,443 ERROR [stderr] (default task-10) <B2Exception 904 io_exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target talking to https://api.backblazeb2.com/b2api/v2/b2_authorize_account>
2020-04-25 11:19:45,444 ERROR [stderr] (default task-10) at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.translateToB2Exception(B2WebApiHttpClientImpl.java:256)
2020-04-25 11:19:45,445 ERROR [stderr] (default task-10) at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.postAndReturnString(B2WebApiHttpClientImpl.java:223)
2020-04-25 11:19:45,445 ERROR [stderr] (default task-10) at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.postJsonAndReturnString(B2WebApiHttpClientImpl.java:185)
2020-04-25 11:19:45,445 ERROR [stderr] (default task-10) at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.postJsonReturnJson(B2WebApiHttpClientImpl.java:71)
2020-04-25 11:19:45,445 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2StorageClientWebifierImpl.authorizeAccount(B2StorageClientWebifierImpl.java:141)
2020-04-25 11:19:45,445 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2AccountAuthorizerSimpleImpl.authorize(B2AccountAuthorizerSimpleImpl.java:38)
2020-04-25 11:19:45,446 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2AccountAuthorizationCache.get(B2AccountAuthorizationCache.java:50)
2020-04-25 11:19:45,446 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2UploadUrlCache.get(B2UploadUrlCache.java:87)
2020-04-25 11:19:45,446 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2StorageClientImpl.lambda$uploadSmallFile(B2StorageClientImpl.java:207)
2020-04-25 11:19:45,446 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2Retryer.doRetry(B2Retryer.java:85)
2020-04-25 11:19:45,446 ERROR [stderr] (default task-10) at com.backblaze.b2.client.B2StorageClientImpl.uploadSmallFile(B2StorageClientImpl.java:204)
我是 SSL 的新手,我不明白我做错了什么。要么我下载了错误的证书(并且 api.backblaze 有一个我必须安装的额外证书),要么我配置了我的 java 信任库错误。
好吧,经过一番折腾,我发现我用错了证书。我必须从 api.backblazeb2.com 下载证书并安装它:
下载:
keytool -printcert -sslserver api.backblazeb2.com:443 -rfc > api.backblazeb2.cer
安装:
keytool -import -alias api.backblazeb2 -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit -keypass changeit -file api.backblazeb2.cer -nopro
mpt
确保在那之后重新启动您的 java 进程。