无法调用 jboss 中的 api.backblaze.com

Unable to call api.backblaze.com out of jboss

我正在尝试将图像上传到 backblaze 在线存储。我使用 backblaze java-sdk 进行调用。尝试上传图片时出现以下错误:

2020-04-25 11:19:45,443 ERROR [stderr] (default task-10) <B2Exception 904 io_exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target talking to https://api.backblazeb2.com/b2api/v2/b2_authorize_account>

我在 backblaze 网站上找不到关于添加任何证书的必要性的任何信息。

在互联网上进行了一些研究后,我发现我应该这样做?将 backblaze 证书添加到我的 java 安装的信任库中。所以我使用 chrome 从 https://www.backblaze.com/ 下载证书(保存为 .cer 文件)并使用此命令将其安装到我的 java:

keytool -import -alias backblaze -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass <password> -keypass changeit -file .../backblaze.cer -noprompt

我在执行这条命令的时候也能看到:

keytool -list -v -keystore "%JAVA_HOME%/jre/lib/security/cacerts"

有一个别名为 backblaze 的条目

在我的 jboss 启动期间使用 VM 选项 -Djavax.net.debug=ssl 我可以看到 java 使用正确的信任库并找到一个带有 backblaze 别名的条目:

2020-04-25 10:46:52,483 INFO  [stdout] (default task-2) trustStore is: C:\Program Files\Java\jdk1.8.0_77\jre\lib\security\cacerts
2020-04-25 10:46:52,483 INFO  [stdout] (default task-2) trustStore type is : jks
2020-04-25 10:46:52,483 INFO  [stdout] (default task-2) trustStore provider is : 
2020-04-25 10:46:52,484 INFO  [stdout] (default task-2) init truststore
...
2020-04-25 10:46:52,564 INFO  [stdout] (default task-2) adding as trusted cert:
2020-04-25 10:46:52,739 INFO  [stdout] (default task-2)   Subject: CN=backblaze.com, O="Backblaze, Inc.", L=San Mateo, ST=California, C=US, SERIALNUMBER=4337553, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization
2020-04-25 10:46:52,739 INFO  [stdout] (default task-2)   Issuer:  CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
...

所以我认为 java 进程可以找到正确的证书,但是当我无法访问 api.backblaze 端点时,我得到了握手异常:

2020-04-25 11:19:45,443 ERROR [stderr] (default task-10) <B2Exception 904 io_exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target talking to https://api.backblazeb2.com/b2api/v2/b2_authorize_account>

2020-04-25 11:19:45,444 ERROR [stderr] (default task-10)    at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.translateToB2Exception(B2WebApiHttpClientImpl.java:256)

2020-04-25 11:19:45,445 ERROR [stderr] (default task-10)    at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.postAndReturnString(B2WebApiHttpClientImpl.java:223)

2020-04-25 11:19:45,445 ERROR [stderr] (default task-10)    at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.postJsonAndReturnString(B2WebApiHttpClientImpl.java:185)

2020-04-25 11:19:45,445 ERROR [stderr] (default task-10)    at com.backblaze.b2.client.webApiHttpClient.B2WebApiHttpClientImpl.postJsonReturnJson(B2WebApiHttpClientImpl.java:71)

2020-04-25 11:19:45,445 ERROR [stderr] (default task-10)    at com.backblaze.b2.client.B2StorageClientWebifierImpl.authorizeAccount(B2StorageClientWebifierImpl.java:141)

2020-04-25 11:19:45,445 ERROR [stderr] (default task-10)    at com.backblaze.b2.client.B2AccountAuthorizerSimpleImpl.authorize(B2AccountAuthorizerSimpleImpl.java:38)

2020-04-25 11:19:45,446 ERROR [stderr] (default task-10)    at com.backblaze.b2.client.B2AccountAuthorizationCache.get(B2AccountAuthorizationCache.java:50)

2020-04-25 11:19:45,446 ERROR [stderr] (default task-10)    at com.backblaze.b2.client.B2UploadUrlCache.get(B2UploadUrlCache.java:87)

2020-04-25 11:19:45,446 ERROR [stderr] (default task-10)    at com.backblaze.b2.client.B2StorageClientImpl.lambda$uploadSmallFile(B2StorageClientImpl.java:207)

2020-04-25 11:19:45,446 ERROR [stderr] (default task-10)    at com.backblaze.b2.client.B2Retryer.doRetry(B2Retryer.java:85)

2020-04-25 11:19:45,446 ERROR [stderr] (default task-10)    at com.backblaze.b2.client.B2StorageClientImpl.uploadSmallFile(B2StorageClientImpl.java:204)

我是 SSL 的新手,我不明白我做错了什么。要么我下载了错误的证书(并且 api.backblaze 有一个我必须安装的额外证书),要么我配置了我的 java 信任库错误。

好吧,经过一番折腾,我发现我用错了证书。我必须从 api.backblazeb2.com 下载证书并安装它:

下载:

keytool -printcert -sslserver api.backblazeb2.com:443 -rfc > api.backblazeb2.cer

安装:

keytool -import -alias api.backblazeb2 -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit -keypass changeit -file api.backblazeb2.cer -nopro
mpt

确保在那之后重新启动您的 java 进程。