ssl-certificate - AWS API 网关 MissingAuthenticationToken
问题描述
我有一个名为 api-gateway-v1 的 api。这个 api 是一个 http_proxy。method_request 授权设置为 NONE。method_execution 设置为直通。
有两个自定义域名调用相同的 api(同一阶段)。custom-domain-name-1 没有mutual_tls 按预期工作。custom-domain-name-2 的mutual_tls 按预期工作。
自定义域 1 卷曲详细 o/p:
curl -v --location --request POST 'https://custom-domain-name-1/v1' --header 'Content-Type: application/json' --data-raw {"email":"email@example.com","password":"mypassword"}'
TCP_NODELAY set
Connected to custom-domain-name-1 (1.2.3.5) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
ALPN, server accepted to use h2
Server certificate:
subject: CN=custom-domain-name-1
start date: Mar 1 00:00:00 2021 GMT
expire date: Mar 30 23:59:59 2022 GMT
subjectAltName: host "custom-domain-name-1" matched cert's "custom-domain-name-1"
issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
SSL certificate verify ok.
Using HTTP2, server supports multi-use
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
Using Stream ID: 1 (easy handle 0x55c4d244ae10)
POST /v1 HTTP/2
Host: custom-domain-name-1
user-agent: curl/7.68.0
accept: */*
content-type: application/json
content-length: 76
Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
We are completely uploaded and fine
HTTP/2 200
date: Tue, 10 Aug 2021 07:56:41 GMT
content-type: application/json
content-length: 1009
x-amzn-requestid: 8997bed9-b2d5-48fe-8cf2-0d9166ec489d
x-amzn-remapped-connection: keep-alive
x-ratelimit-remaining: 999
x-amz-apigw-id: abc=
cache-control: private, must-revalidate
x-amzn-remapped-server: nginx
x-ratelimit-limit: 1000
x-content-type-options: nosniff
expires: -1
pragma: no-cache
x-amzn-remapped-date: Tue, 10 Aug 2021 07:56:41 GMT
Connection #0 to host custom-domain-name-1 left intact
{"success":{"token":"XYZ"}}
自定义域 2 curl 详细 o/p:
curl -v --key form.key --cert cert.pem https://custom-domain-name-2/v1 --header 'Content-Type: application/json' --data-raw '{"email":"email@example.com","password":"mypassword"}'
Note: Unnecessary use of -X or --request, POST is already inferred.
Trying 54.251.193.98:443...
TCP_NODELAY set
Connected to custom-domain-name-2 (1.2.3.4) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Request CERT (13):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Certificate (11):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS handshake, CERT verify (15):
TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
ALPN, server accepted to use h2
Server certificate:
subject: CN=custom-domain-name-2
start date: Aug 5 00:00:00 2021 GMT
expire date: Sep 3 23:59:59 2022 GMT
subjectAltName: host "custom-domain-name-2" matched cert's "custom-domain-name-2"
issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
SSL certificate verify ok.
Using HTTP2, server supports multi-use
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
Using Stream ID: 1 (easy handle 0x555588810e10)
POST /v1 HTTP/2
Host: custom-domain-name-2
user-agent: curl/7.68.0
accept: */*
content-type: application/json
content-length: 66
We are completely uploaded and fine
Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
HTTP/2 403
x-amzn-requestid: abc-123
x-amzn-errortype: MissingAuthenticationTokenException
x-amz-apigw-id: 123-abc
content-type: application/json
content-length: 42
date: Wed, 11 Aug 2021 10:53:59 GMT
Connection #0 to host custom-domain-name-2 left intact {"message":"Missing Authentication Token"}
连接似乎很好,但 HTTP 代码正在改变。
有没有人了解正在发生的事情?
解决方案
我通过启用缺少的 CORS 解决了这个问题。
推荐阅读
- javascript - Fabricjs函数用线连接2个对象
- ansible - 使用ansible从用户那里读取密码
- excel - 如何在 VBA 中使用“长”型颜色
- javascript - 减少高度材料文本字段
- mysql - 将我们的 Google App Engine Python API 连接到 Digital Ocean 上的外部 MySQL 数据库
- python-3.x - IndexError: list index out of range: When try to display digits into English words
- javascript - 我怎么知道我在哪个组件中
- audiokit - 如何在使用振荡器时消除滑行效应?
- java - javax.net.ssl.SSLPeerUnverifiedException:将 Spring Boot 从 2.1.0 升级到 2.2.0.M3 后未通过身份验证
- html - 引导表单:自定义文件按钮工作但不显示上传文件的名称