我正在生成一个进行 https 调用的 Graal 本机图像。问题是它在尝试拨打电话时抛出异常:
@Controller("/")
public class ExampleController {
private static final Log LOG = LogFactory.getLog(ExampleController.class);
private ObjectMapper mapper = new ObjectMapper()
.disable(MapperFeature.CAN_OVERRIDE_ACCESS_MODIFIERS)
.disable(MapperFeature.ALLOW_FINAL_FIELDS_AS_MUTATORS)
.enable(JsonParser.Feature.ALLOW_COMMENTS)
.disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
private static final HttpClientFactory<ConnectionManagerAwareHttpClient> httpClientFactory = new
ApacheHttpClientFactory();
private HttpClient httpClient;
public ExampleController() {
this.httpClient = httpClientFactory.create(HttpClientSettings.adapt(new ClientConfiguration()));
}
@Get("/http")
public String httpClient() throws IOException {
String url = "https://www.google.com/search?q=httpClient";
HttpGet request = new HttpGet(url);
// add request header
HttpResponse response = httpClient.execute(request);
System.out.println("Response Code : "
+ response.getStatusLine().getStatusCode());
return "ok";
}
}
痕迹:
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.connectSocket(SdkTLSSocketFactory.java:142)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.amazonaws.http.conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerFactory.java:76)
at com.amazonaws.http.conn.$Proxy225.connect(Unknown Source)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:394)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at com.amazonaws.http.apache.client.impl.SdkHttpClient.execute(SdkHttpClient.java:72)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1297)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1113)
... 49 more
Caused by: java.security.cert.CertificateException: No X509TrustManager implementation available
at sun.security.ssl.DummyX509TrustManager.checkServerTrusted(SSLContextImpl.java:1290)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 73 more
以前我必须手动向 reflect.json 添加一堆类,直到我不知道如何继续:
, {
"name" : "com.sun.crypto.provider.HmacCore",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "com.sun.crypto.provider.HmacCore$HmacSHA256",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "sun.security.provider.X509Factory",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "sun.security.x509.AuthorityKeyIdentifierExtension",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "sun.security.x509.SubjectKeyIdentifierExtension",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "sun.security.x509.SubjectAlternativeNameExtension",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "sun.security.x509.KeyUsageExtension",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "sun.security.x509.CRLDistributionPointsExtension",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "sun.security.x509.ExtendedKeyUsageExtension",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "sun.security.x509.CertificatePoliciesExtension",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "sun.security.x509.AuthorityInfoAccessExtension",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "sun.security.x509.BasicConstraintsExtension",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}, {
"name" : "sun.security.ssl.X509TrustManagerImpl",
"allPublicMethods" : true,
"allDeclaredConstructors" : true
}
Github 上有一个项目:https ://github.com/codependent/graal-app
要测试它运行:
export AWS_DEFAULT_REGION=eu-central-1docker build . -t graap-app./sam-local.sh
更新:
我在https://github.com/oracle/graal/blob/master/substratevm/JCA-SECURITY-SERVICES.md找到了与安全相关的文档
我删除了我添加到 reflect.json 的所有类,而是将--enable-all-security-services标志放入native-image位于build-native-image.sh.
现在错误是:
原因:java.security.InvalidAlgorithmParameterException:trustAnchors 参数必须为非空