SpringBootMutualTLS适用于Postman或SoapUI,但不适用于Java/Springboot
我尝试通过HTTP Post方法调用端点,该方法通过相互TLS进行保护,这意味着我正在使用密钥库/信任库进行身份验证。当我尝试通过SoapUI/Postman时,它工作得很好,当然我必须在我的设置中为这两个工具提供密钥库
但是,通过Springboot应用程序,它不起作用(SpringBootV2.4.4,SpringV5.3.5使用Java14.0.2)。 下面是相应代码的片段(因为类非常大):
@PostConstruct
private void init() {
spKeyStore = FilenameUtils.normalize(spKeyStore, true);
requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(createHttpClient());
insuranceCertificationOutputTemplate = new RestTemplate(requestFactory);
insuranceCertificationOutputTemplate.getMessageConverters().add(0, getMapping());
authTemplate = new RestTemplate(requestFactory);
}
@PreDestroy
private void destroy() {
if (requestFactory != null && requestFactory.getHttpClient() != null) {
try {
CloseableHttpClient httpClient = (CloseableHttpClient) requestFactory.getHttpClient();
httpClient.close();
}
catch (Exception e) {
LogUtil.log(LOGGER, LogLevel.ERROR, "Error closing http client");
throw new NestedException(e);
}
}
}
private HttpClient createHttpClient() {
HttpHost proxy = new HttpHost(proxyHost, proxyPort);
DefaultProxyRoutePlanner routePlanner = new DefaultProxyRoutePlanner(proxy);
CredentialsProvider credentialsProvider = null;
if (adapterTools.isLocalEnvironment()) {
LogUtil.log(LOGGER, LogLevel.INFO,
credentialsProvider = new SystemDefaultCredentialsProvider();
}
else { //not relevant
}
PoolingHttpClientConnectionManager poolingConnManager = new PoolingHttpClientConnectionManager();
poolingConnManager.setDefaultMaxPerRoute(CONNECTION_MANAGER_MAX_PER_ROUTE); //10
poolingConnManager.setMaxTotal(CONNECTION_MANAGER_MAX_TOTAL); //20
CloseableHttpClient httpClient = null;
InputStream fileInputStream = null;
try {
System.setProperty(SYS_PROP_KEY_STORE, spKeyStore);
System.setProperty(SYS_PROP_KEY_STORE_PASSWORD, spKeyStorePassword);
System.setProperty(SYS_PROP_KEY_STORE_TYPE, spKeyStoreType);
KeyStore keystore = KeyStore.getInstance(spKeyStoreType);
fileInputStream = new FileInputStream(spKeyStore);
keystore.load(fileInputStream, spKeyStorePassword.toCharArray());
SSLContext sslContext =
SSLContexts.custom().loadKeyMaterial(keystore, spKeyStorePassword.toCharArray())
// .loadTrustMaterial(new TrustAllStrategy()) //tried this, didnt help
.build();
SSLConnectionSocketFactory sslSocketFactory =
new SSLConnectionSocketFactory(sslContext, SUPPORTED_PROTOCOLS, null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
//tried TLSv1.2 and TLSv1.3
httpClient =
HttpClients.custom().setSSLSocketFactory(sslSocketFactory)
.setDefaultCredentialsProvider(credentialsProvider).disableCookieManagement()
.setConnectionManager(poolingConnManager).setRoutePlanner(routePlanner).build();
}
catch (Exception e) {
LogUtil.log(LOGGER, LogLevel.ERROR, "Error initializing http client ");
throw new NestedException(e);
}
return httpClient;
}
private boolean endpointHttpPostCall() {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
String KeyJson = String.format("{ \"key\": \"%s\" }", Token);
HttpEntity<String> entity = new HttpEntity<>(KeyJson, headers);
String uriString = UriComponentsBuilder.fromHttpUrl(Endpoint).toUriString();
ResponseEntity<String> reply = authTemplate.exchange(uriString, HttpMethod.POST, entity, String.class);
...
}
如你所见,我最终使用了组织。springframework。网状物客户RestTemplate。交换方法。然而,我试图通过一个小型Java应用程序来复制这种行为,以确保它与Springboot无关,并且也失败了(通过ApacheHttpPost方法)。我收到了403,我也调试了TLS。在比较Soap与Springboot/Java TLS调试时,我发现如下内容:
关键部分似乎是***CertificateRequest部分,因为在这里,当它失败时,我可以看到:警告:找不到合适的证书-在没有客户端身份验证的情况下继续
我读到这意味着服务器信任库是空的,但是为什么它不通过SoapUI失败呢
在比较TLS调试时,另一件突出的事情是,对于Springboot,Cert权限以一种干净的方式列出,如:
Cert Authorities:
<CN=localhost, OU=Dummy, O=OtherComp, L=Frankfurt, ST=Hessen, C=DE>
<CN=myapp.domain.company, O=MyComp, C=DE>
...
而对于SoapUI,它看起来像:
Cert Authorities:
0000: 64 61 74<CN=localhost, OU=Dummy, O=OtherComp, L=Cologne, ST=Hessen, C=DE>
61 3D 57 33 73 69 5A 58 5A 6C 62 6E 51 data=W3siZXZlbnQ
0010: 69 4F 69 4A 54 5A 57 35 6B 55 6D 56 78 64 57 56 iOiJTZW5kUmVxdWV
0020: 7A 64 ...
<;CN=myapp。领域公司,O=mycop,C=DE>; 57 39 vZHVjdF92ZXJzaW9 0090:75 49 6A 6F 69 4E 53 34 4C 6A 41 69 4C 43 4A UIJOINS 41LJAILCJ 00A0:51 63 6D 39 6B 64 57 4E 30 51 58 4A 6C 59 53 49 Qcm9kdWN0QXJlYSI ...
坦率地说,我不知道这两者为什么不同,我希望两者看起来是平等的。当然,SoapUI使用的是另一个Java版本(我也曾尝试在Springboot/Java中使用该版本,但没有帮助,我也没有比较前面提到的部分)
我还读到,这可能意味着我的密钥库没有正确创建,但这里的问题是,为什么它没有通过SoapUI或Postman失败?还是我做了其他不恰当的事情
下面是为了可读性而修改的SSL调试,也是为了删除所有私有信息:
javax。网ssl | DEBUG | 01 | main | 2021-06-10 14:10:15.471 CEST | X509TrustManagerImpl。java:79 |添加为可信证书( “证书”:。。。很多证书
然后:
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.212 CEST|SignatureScheme.java:294|Signature algorithm, ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.212 CEST|SignatureScheme.java:294|Signature algorithm, ed448, is not supported by the underlying providers
javax.net.ssl|INFO|7A|myFunction-step-db|2021-06-10 14:10:52.217 CEST|AlpnExtension.java:161|No available application protocols
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.218 CEST|SSLExtensions.java:257|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.218 CEST|SSLExtensions.java:257|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.241 CEST|SSLExtensions.java:257|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.241 CEST|PreSharedKeyExtension.java:633|No session to resume.
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.241 CEST|SSLExtensions.java:257|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.242 CEST|ClientHello.java:653|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "0....",
"cipher suites" : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302),....]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=api.marketplace.syncier.com
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256...]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256...]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": secp256r1
"key_exchange": {
0000: 04 ..
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.354 CEST|ServerHello.java:871|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "9B ...,
"cipher suite" : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
},
"server_name (0)": {
<empty extension_data field>
},
"ec_point_formats (11)": {
"formats": [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
},
"extended_master_secret (23)": {
<empty>
}
]
}
)
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.354 CEST|SSLExtensions.java:170|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.355 CEST|ServerHello.java:967|Negotiated protocol version: TLSv1.2
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.355 CEST|SSLExtensions.java:189|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.356 CEST|SSLExtensions.java:189|Consumed extension: server_name
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.356 CEST|SSLExtensions.java:170|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.356 CEST|SSLExtensions.java:170|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.356 CEST|SSLExtensions.java:189|Consumed extension: ec_point_formats
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.356 CEST|SSLExtensions.java:170|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.356 CEST|SSLExtensions.java:189|Consumed extension: extended_master_secret
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.356 CEST|SSLExtensions.java:160|Ignore unsupported extension: supported_versions
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.356 CEST|SSLExtensions.java:160|Ignore unsupported extension: key_share
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.356 CEST|SSLExtensions.java:189|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.356 CEST|SSLExtensions.java:160|Ignore unsupported extension: pre_shared_key
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.357 CEST|SSLExtensions.java:212|Ignore impact of unsupported extension: server_name
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.357 CEST|SSLExtensions.java:204|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.357 CEST|SSLExtensions.java:204|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.357 CEST|SSLExtensions.java:212|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.357 CEST|SSLExtensions.java:204|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.357 CEST|SSLExtensions.java:204|Ignore unavailable extension: status_request_v2
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.357 CEST|SSLExtensions.java:212|Ignore impact of unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.357 CEST|SSLExtensions.java:204|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.358 CEST|SSLExtensions.java:204|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.358 CEST|SSLExtensions.java:212|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.358 CEST|SSLExtensions.java:204|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.363 CEST|CertificateMessage.java:357|Consuming server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "04 EF A8 05 97 22 6F 87 E2 5A FC 22 7E 89 BB 1F CC 81",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=R3, O=Let's Encrypt, C=US",
"not before" : "2021-03-12 15:31:23.000 CET",
"not after" : "2021-06-10 16:31:23.000 CEST",
"subject" : "CN=api.marketplace.syncier.com",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
},
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://r3.o.lencr.org
,
accessMethod: caIssuers
accessLocation: URIName: http://r3.i.lencr.org/
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 14 ...
0010: 8B 14 C2 C6 ....
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
[CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1A 66C 65 74 ..http://cps.let
0010: 73 ... sencrypt.org
]] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: api.marketplace.syncier.com
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1C 2F 4C 87 8A BE 65 82 48 92 B9 44 EE CE 14 FE ./L...e.H..D....
0010: D9 5F 85 7E ._..
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "40 01 75 04 83 14 A4 C8 21 8C 84 A9 0C 16 CD DF",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=DST Root CA X3, O=Digital Signature Trust Co.",
"not before" : "2020-10-07 21:21:40.000 CEST",
"not after" : "2021-09-29 21:21:40.000 CEST",
"subject" : "CN=R3, O=Let's Encrypt, C=US",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://apps.identrust.com/roots/dstrootcax3.p7c
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C4 A7 B1 `...
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.identrust.com/DSTROOTCAX3CRL.crl]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
[CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 22 ... .org
]] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 14 2E B3 1 ....
]
]
}
]}
]
)
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.429 CEST|X509TrustManagerImpl.java:238|Found trusted certificate (
"certificate" : {
"version" : "v3",
"serial number" : "44 AF B0 80 D6 A3 27 BA 89 30 39 86 2E F8 40 6B",
"signature algorithm": "SHA1withRSA",
"issuer" : "CN=DST Root CA X3, O=Digital Signature Trust Co.",
"not before" : "2000-09-30 23:12:19.000 CEST",
"not after" : "2021-09-30 16:01:15.000 CEST",
"subject" : "CN=DST Root CA X3, O=Digital Signature Trust Co.",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C4 A7 B1 A4 7B 2C 71 FA DB E1 4B 90 75 FF C4 15 .....,q...K.u...
0010: 60 85 89 10 `...
]
]
}
]}
)
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.436 CEST|ECDHServerKeyExchange.java:534|Consuming ECDH ServerKeyExchange handshake message (
"ECDH ServerKeyExchange": {
"parameters": {
"named group": "secp256r1"
"ecdh public": {
0000: 04 28 25 ... .
},
},
"digital signature": {
"signature algorithm": "rsa_pss_rsae_sha256"
"signature": {
0000: 7E 37 D2 8...
0070: ...
},
}
}
)
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.438 CEST|CertificateRequest.java:671|Consuming CertificateRequest handshake message (
"CertificateRequest": {
"certificate types": [rsa_sign, dss_sign, ecdsa_sign]
"supported signature algorithms": [...]
"certificate authorities": [CN=localhost, OU=Marketplace, O=Syncier, L=Munich, ST=Bayern, C=DE, CN=myurl.mycomp, O=mycomp, C=DE, CN=myurl.mycomp1, O=mycomp, C=DE, CN=mycomp, O=mycomp, C=DE, CN=myurl.mycomp1, O=mycomp, C=DE, CN=mycomp CA II, O=mycomp, C=DE, CN=mycomp Root CA, O=mycomp, C=DE]
}
)
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.439 CEST|X509Authentication.java:213|No X.509 cert selected for EC
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.440 CEST|CertificateRequest.java:764|Unavailable authentication scheme: ecdsa_secp256r1_sha256
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.440 CEST|X509Authentication.java:213|No X.509 cert selected for EC
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.440 CEST|CertificateRequest.java:764|Unavailable authentication scheme: ecdsa_secp384r1_sha384
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.440 CEST|X509Authentication.java:213|No X.509 cert selected for EC
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.440 CEST|CertificateRequest.java:764|Unavailable authentication scheme: ecdsa_secp521r1_sha512
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.440 CEST|CertificateRequest.java:743|Unable to produce CertificateVerify for signature scheme: ed25519
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.440 CEST|CertificateRequest.java:743|Unable to produce CertificateVerify for signature scheme: ed448
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.440 CEST|X509Authentication.java:213|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.441 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pss_pss_sha256
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.441 CEST|X509Authentication.java:213|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.441 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pss_pss_sha384
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.441 CEST|X509Authentication.java:213|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.441 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pss_pss_sha512
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.441 CEST|X509Authentication.java:213|No X.509 cert selected for RSA
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.442 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pss_rsae_sha256
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.442 CEST|X509Authentication.java:213|No X.509 cert selected for RSA
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.442 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pss_rsae_sha384
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.442 CEST|X509Authentication.java:213|No X.509 cert selected for RSA
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.442 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pss_rsae_sha512
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.442 CEST|X509Authentication.java:213|No X.509 cert selected for RSA
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.442 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pkcs1_sha256
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.442 CEST|X509Authentication.java:213|No X.509 cert selected for RSA
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.442 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pkcs1_sha384
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.443 CEST|X509Authentication.java:213|No X.509 cert selected for RSA
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.443 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pkcs1_sha512
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.443 CEST|X509Authentication.java:213|No X.509 cert selected for EC
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.443 CEST|CertificateRequest.java:764|Unavailable authentication scheme: ecdsa_sha224
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.443 CEST|X509Authentication.java:213|No X.509 cert selected for EC
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.443 CEST|CertificateRequest.java:764|Unavailable authentication scheme: ecdsa_sha1
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.443 CEST|X509Authentication.java:213|No X.509 cert selected for RSA
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.443 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_sha224
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.443 CEST|X509Authentication.java:213|No X.509 cert selected for RSA
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.444 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pkcs1_sha1
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.444 CEST|X509Authentication.java:213|No X.509 cert selected for DSA
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.444 CEST|CertificateRequest.java:764|Unavailable authentication scheme: dsa_sha224
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.444 CEST|X509Authentication.java:213|No X.509 cert selected for DSA
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.444 CEST|CertificateRequest.java:764|Unavailable authentication scheme: dsa_sha1
javax.net.ssl|ALL|7A|myFunction-step-db|2021-06-10 14:10:52.444 CEST|X509Authentication.java:213|No X.509 cert selected for DSA
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.444 CEST|CertificateRequest.java:764|Unavailable authentication scheme: dsa_sha256
javax.net.ssl|WARNING|7A|myFunction-step-db|2021-06-10 14:10:52.444 CEST|CertificateRequest.java:774|No available authentication scheme
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.445 CEST|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message (
<empty>
)
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.445 CEST|CertificateMessage.java:290|No X.509 certificate for client authentication, use empty Certificate message instead
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.445 CEST|CertificateMessage.java:321|Produced client Certificate handshake message (
"Certificates": <empty list>
)
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.452 CEST|ECDHClientKeyExchange.java:396|Produced ECDHE ClientKeyExchange handshake message (
"ECDH ClientKeyExchange": {
"ecdh public": {
0000: 04 53 8E 83F(..
0040: F .
},
}
)
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.473 CEST|ChangeCipherSpec.java:115|Produced ChangeCipherSpec message
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.474 CEST|Finished.java:398|Produced client Finished handshake message (
"Finished": {
"verify data": {
0000: 9...
}'}
)
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.523 CEST|ChangeCipherSpec.java:149|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|7A|myFunction-step-db|2021-06-10 14:10:52.525 CEST|Finished.java:535|Consuming server Finished handshake message (
"Finished": {
"verify data": {
0000: 53 ...
}'}
)
# 1 楼答案
最后,我可以通过添加/替换以下内容来解决此问题:
回顾中真正有帮助的是调试与SSL相关的所有内容,尤其是restTemplate,以备使用。在我的例子中,这个对象路径是需要修复的关键:authTemplate requestFactory httpClient connManager connectionOperator socketFactoryRegistry。在这里,我可以看到一个属性,其值类似于“DummyX509Keymanager”,但尚未设置。在我尝试了几件事之后,钥匙管理器终于设置好了