spring-boot - 为 Spring Boot 应用程序启用 ssl 在 Windows 上工作但在 centos 7 上失败
问题描述
下面的代码从应用程序 yml 中获取配置设置来配置 ssl:
try {
final String keyStorePassword = Files.toString(Paths.get(appSslConfig.getKeystorePasswordPath()).toFile(), Charsets.UTF_8);
final String keyPassword = Files.toString(Paths.get(appSslConfig.getKeyPasswordPath()).toFile(), Charsets.UTF_8);
factory.addConnectorCustomizers(connector -> {
Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
protocol.setSSLEnabled(true);
connector.setScheme(CONNECTOR_SCHEME);
connector.setSecure(true);
protocol.setKeystoreType(appSslConfig.getKeystoreType());
protocol.setKeystoreFile(appSslConfig.getKeystorePath());
protocol.setKeystorePass(keyStorePassword);
if (StringUtils.isNotBlank(keyPassword)) {
protocol.setKeyPass(keyPassword);
}
if (StringUtils.isNotBlank(appSslConfig.getKeystoreAlias())) {
protocol.setKeyAlias(appSslConfig.getKeystoreAlias());
}
});
} catch (IOException exception) {
LOGGER.error("Error occured while loading keyStore.", exception);
throw exception;
}
application.yml 中的自定义属性如下所示:
app:
response-delay: 10000
ssl:
enabled: true
keystore-type: JKS
keystore-path: C:\Users\me\Downloads\mock\src\main\resources\keystore.jks
keystore-password-path: C:\Users\me\Downloads\mock\src\main\resources\password
key-password-path: C:\Users\me\Downloads\mock\src\main\resources\password
keystore-alias:
我使用以下命令创建密钥库:
keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650
我把它放在“密码”文件中的密码,针对 keystore-password-path
这在 Windows 上运行良好。
但是,当我在 centos 7 VM 上部署它时,出现以下错误:
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-7001]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546) [spring-context-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at com.my.mock.AppSslConfig.main(AppSslConfig.java:13) [classes!/:1.0.0-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_171]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_171]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [mock-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [mock-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [mock-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [mock-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1021) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
... 21 more
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Keystore was tampered with, or password was incorrect
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1150) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
... 21 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) ~[?:1.8.0_171]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[?:1.8.0_171]
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:1.8.0_171]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[?:1.8.0_171]
at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_171]
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:139) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1150) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
... 21 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ~[?:1.8.0_171]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[?:1.8.0_171]
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:1.8.0_171]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[?:1.8.0_171]
at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_171]
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:139) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1150) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
... 21 more
我检查了三次,文件中的密码正确。该文件具有读取权限并且路径正确。
当我在 VM 上部署相同的代码时,我无法弄清楚出了什么问题。有人可以帮忙吗?
解决方案
推荐阅读
- typescript - 从 VS Code 中删除 --downlevelIteration 错误
- c++ - 堆栈帧消失后,分配在堆栈上的对象继续存在
- c# - 为什么使用 Visual Studio 2013 + Microsoft SQL Server 2017 Developer 连接数据库有空白页
- java - Cannto 从linkedhashmap 转换为dummyobject。Java泛型问题
- docker - 尝试添加 docker 容器时出现 SystemD 错误
- java - 获取Spark上同时运行的quereis数
- python - 如何从 python/Django 中的短数字或完整形式数字中获取上一个月份的名称
- node.js - 如何在 mongodb 中运行 2 个销毁查询?
- html - 如何移动hr元素位置?
- visual-studio - 是否可以在 Visual Studio 中编译在 CCS ver8.0 中创建的程序