How to config Oracle cloud certificate?

问题: I try to connect to oracle cloud through Aws-java-sdk-s3-1.11.116. When i code a main method. every thing works well. But when i put the method to tomcat. it will wrong. I...

问题:

I try to connect to oracle cloud through Aws-java-sdk-s3-1.11.116. When i code a main method. every thing works well. But when i put the method to tomcat. it will wrong. I don't know why. see code. the follow is right when runing main method.

 public static void main(String[] args) {
    // TODO Auto-generated method stub
    AmazonS3 client  = getAwsClient2();
    List<Bucket> listRes = client.listBuckets();

    for(int i=0; i< listRes.size();i++)
    {
        System.out.println(listRes.get(i).getName());
    }

}

private static AmazonS3 getAwsClient2() {
    BasicAWSCredentials awsCreds = new BasicAWSCredentials("xxxxxxxxxxxxxxxx","xxxxxxxxxxxxxxxxxxxxxx");
    AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
            .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
            .withClientConfiguration(Init())
            .withPathStyleAccessEnabled(true)
            .withEndpointConfiguration(
                    new AwsClientBuilder.EndpointConfiguration("xxxx.compat.objectstorage.us-ashburn-1.oraclecloud.com", Region.getRegion(amzRegion).toString()))
            .build();

    return s3Client;
}

the return is correct.

16:18:47.776 [main] DEBUG com.amazonaws.requestId - AWS Request ID: 
975a50c6-a52b-c0e6-33b3-05d8d8ed44e5
FirstBucket
xxxxx-css-test
as-dev-xxxx-xxx-2dnav
as-dev-xxxx-xxprxxxxoxy-2dvxx
Process finished with exit code 0

But when i put it to tomcat. the certificate will error.

@GET
@Path("/users/testamazon")
public Response testAmazon() {
    AmazonClient.testGetowner();
    return Response.ok().build();
}

 //the method same as main method.
 public static void testGetowner(){
    AmazonS3 client  = getAwsClient2();
    List<Bucket> listRes = client.listBuckets();

    for(int i=0; i< listRes.size();i++)
    {
        System.out.println(listRes.get(i).getName());
    }
}

When i call the restful api. /users/testamazon

com.amazonaws.SdkClientException: Unable to execute HTTP request: Certificate for <xxxx.compat.objectstorage.us-ashburn-1.oraclecloud.com> doesn't match any of the subject alternative names: [swiftobjectstorage.us-ashburn-1.oraclecloud.com]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1069)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1035)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4187)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4134)

I don't know why when i call the method from restful api, i get the certificate is 'swiftobjectstorage.us-ashburn-1.oraclecloud.com'. But when i call from main method, the certificate is '*.compat.objectstorage.us-ashburn-1.oraclecloud.com'. I debug the code, the certificate chain from AbstractVerifier.class

 @Override
public final boolean verify(final String host, final SSLSession session) {
    try {
        final Certificate[] certs = session.getPeerCertificates();
        final X509Certificate x509 = (X509Certificate) certs[0];

when i call from restful api. the certs is incorrect. it is 'swiftobjectstorage.us-ashburn-1.oraclecloud.com'.

I don't know why the behavior is not same. Do i need config something?


回答1:

In order to use OCI Object Storage endpoints, your client needs to support "Server Name Indication" (SNI). When the client does not support SNI, you will get the default certificate, which is "swiftobjectstorage.[region-identifier].oraclecloud.com". It seems to be what is happening here.

With Java, SNI support has numerous caveats. Are you using the same Java version in these two tests?

  • 发表于 2019-03-20 18:39
  • 阅读 ( 289 )
  • 分类:sof

条评论

请先 登录 后评论
不写代码的码农
小编

篇文章

作家榜 »

  1. 小编 文章
返回顶部
部分文章转自于网络,若有侵权请联系我们删除