azure - 无法通过 Curity 访问 Azure 服务
问题描述
我最近开始使用 Curity 并且仍在学习,我已经设法创建了一个需要访问 Azure 中的机密的身份验证器。
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId("").tenantId("").clientSecret("").build();
TokenCredential credential = new ClientSecretCredentialBuilder()
.clientId("").tenantId("").clientSecret("").build();
然后,当我尝试获取实际秘密时,我收到以下消息。
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[?:?]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[?:?]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[?:?]
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) ~[?:?]
at io.netty.channel.epoll.AbstractEpollChannel$AbstractEpollUnsafe$1.run(AbstractEpollChannel.java:425) ~[?:?]
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164) ~[?:?]
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472) ~[?:?]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:384) ~[?:?]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) ~[?:?]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_282]
Caused by: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshakeException(ReferenceCountedOpenSslEngine.java:1860) ~[?:?]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.wrap(ReferenceCountedOpenSslEngine.java:815) ~[?:?]
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:514) ~[?:1.8.0_282]
at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1059) ~[?:?]
at io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:944) ~[?:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1421) ~[?:?]
at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1265) ~[?:?]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1302) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) ~[?:?]
... 17 more
Caused by: java.lang.ClassCastException: io.netty.handler.ssl.OpenSslEngine cannot be cast to org.openjsse.javax.net.ssl.SSLEngine
at org.openjsse.sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:273) ~[openjsse.jar:1.1.5]
at org.openjsse.sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:147) ~[openjsse.jar:1.1.5]
at io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:234) ~[?:?]
at io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:717) ~[?:?]
at io.netty.internal.tcnative.SSL.readFromSSL(Native Method) ~[?:?]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.readPlaintextData(ReferenceCountedOpenSslEngine.java:634) ~[?:?]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1258) ~[?:?]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1384) ~[?:?]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1427) ~[?:?]
at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:208) ~[?:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1358) ~[?:?]
at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1265) ~[?:?]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1302) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) ~[?:?]
... 17 more
Suppressed: javax.net.ssl.SSLHandshakeException: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1347) ~[?:?]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1308) ~[?:?]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1384) ~[?:?]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1427) ~[?:?]
at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:208) ~[?:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1358) ~[?:?]
at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1265) ~[?:?]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1302) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[?:?]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[?:?]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[?:?]
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) ~[?:?]
at io.netty.channel.epoll.AbstractEpollChannel$AbstractEpollUnsafe$1.run(AbstractEpollChannel.java:425) ~[?:?]
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164) ~[?:?]
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472) ~[?:?]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:384) ~[?:?]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) ~[?:?]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_282]
我试图将 Azure 的所有证书颁发机构添加到 Curity 的服务器信任库中,但没有成功。关于如何从这里取得任何进展的任何想法?
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/certificate-authorities https://www.microsoft.com/pkiops/Docs/Repository.htm https://docs.microsoft。 com/en-us/azure/security/fundamentals/tls-certificate-changes
解决方案
这是由 JSSE 提供程序中的错误引起的。https://github.com/openjsse/openjsse/issues/22
即将发布的 6.3 版本将 JRE 升级到包含此修复程序的版本。
推荐阅读
- android - 如何通过 ViewModel 中的绑定变量更改 UI 组件的值
- swift - 如何从 UserDefaults 获取更新的值?
- javascript - 在 JavaScript 中响应大量计算的代码
- python - Maya窗口用python动态添加一行
- reactjs - React-Bootstrap 表单验证 - 每个字段需要一个函数吗?
- android-studio - 选择什么apk?
- angular - 如何在 Angular 中显示这个 console.log 数据?
- javascript - 如何在使用 JavaScript 的第一个文本元素之后的链接中附加一个元素?
- nix - 错误:value 是一个函数,而在 stage.nix:189:8 中需要一个列表
- javascript - 如何使我的函数同步,在 Node js 中有循环