Aws lambda 如何找出什么是可信的CA';是否为AWS Lambda预安装了?
对于我的AWS Lambda,我需要知道什么是可信的CA。我想要一个CA列表,以便lambda尝试访问的服务可以信任它,而无需安装任何新证书。您可以找到自己:Aws lambda 如何找出什么是可信的CA';是否为AWS Lambda预安装了?,aws-lambda,ssl-certificate,Aws Lambda,Ssl Certificate,对于我的AWS Lambda,我需要知道什么是可信的CA。我想要一个CA列表,以便lambda尝试访问的服务可以信任它,而无需安装任何新证书。您可以找到自己: public class PrintCAInfo implements RequestStreamHandler { public void handleRequest(InputStream inputStream, OutputStream outputStream, Context context) throws IOEx
public class PrintCAInfo implements RequestStreamHandler {
public void handleRequest(InputStream inputStream, OutputStream outputStream, Context context) throws IOException {
LambdaLogger logger = context.getLogger();
StringBuilder stringBuilder = new StringBuilder("[");
try {
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
for( TrustManager trustManager: trustManagerFactory.getTrustManagers()) {
X509TrustManager x509TrustManager = (X509TrustManager)trustManager;
for(X509Certificate x509Certificate: x509TrustManager.getAcceptedIssuers() ) {
stringBuilder.append("{");
stringBuilder.append("\"subjectDN\":\"");
stringBuilder.append(x509Certificate.getSubjectDN().toString().replaceAll("\"", ""));
stringBuilder.append("\"},");
}
}
} catch (NoSuchAlgorithmException | KeyStoreException e) {
e.printStackTrace();
}
stringBuilder = new StringBuilder(stringBuilder.substring(0, stringBuilder.length() - 1));
stringBuilder.append("]");
OutputStreamWriter writer = new OutputStreamWriter(outputStream, StandardCharsets.UTF_8);
writer.write(stringBuilder.toString());
logger.log(stringBuilder.toString());
writer.close();
}
}
这将返回(并记录)一个非常简单的JSON主体:
[
{
"subjectDN": "CN=Amazon RDS eu-south-1 CA, OU=Amazon RDS, O=Amazon Web Services, Inc., L=Seattle, ST=Washington, C=US"
},
{
"subjectDN": "CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK"
},
{
"subjectDN": "CN=SecureTrust CA, O=SecureTrust Corporation, C=US"
},
{
"subjectDN": "CN=Entrust Root Certification Authority - EC1, OU=(c) 2012 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US"
},
{
"subjectDN": "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US"
},
{
"subjectDN": "OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP"
},
你会发现自己:
public class PrintCAInfo implements RequestStreamHandler {
public void handleRequest(InputStream inputStream, OutputStream outputStream, Context context) throws IOException {
LambdaLogger logger = context.getLogger();
StringBuilder stringBuilder = new StringBuilder("[");
try {
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
for( TrustManager trustManager: trustManagerFactory.getTrustManagers()) {
X509TrustManager x509TrustManager = (X509TrustManager)trustManager;
for(X509Certificate x509Certificate: x509TrustManager.getAcceptedIssuers() ) {
stringBuilder.append("{");
stringBuilder.append("\"subjectDN\":\"");
stringBuilder.append(x509Certificate.getSubjectDN().toString().replaceAll("\"", ""));
stringBuilder.append("\"},");
}
}
} catch (NoSuchAlgorithmException | KeyStoreException e) {
e.printStackTrace();
}
stringBuilder = new StringBuilder(stringBuilder.substring(0, stringBuilder.length() - 1));
stringBuilder.append("]");
OutputStreamWriter writer = new OutputStreamWriter(outputStream, StandardCharsets.UTF_8);
writer.write(stringBuilder.toString());
logger.log(stringBuilder.toString());
writer.close();
}
}
这将返回(并记录)一个非常简单的JSON主体:
[
{
"subjectDN": "CN=Amazon RDS eu-south-1 CA, OU=Amazon RDS, O=Amazon Web Services, Inc., L=Seattle, ST=Washington, C=US"
},
{
"subjectDN": "CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK"
},
{
"subjectDN": "CN=SecureTrust CA, O=SecureTrust Corporation, C=US"
},
{
"subjectDN": "CN=Entrust Root Certification Authority - EC1, OU=(c) 2012 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US"
},
{
"subjectDN": "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US"
},
{
"subjectDN": "OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP"
},
你为什么要这个?这是基于容器的服务。您使用什么语言开发?例如,Java维护它自己的列表。@aviboy2006这不完全是一个要求,但现在,我想知道什么CA已经存在。@stdunbar我正在使用Java。@sándorBakos是的,lamda是https调用中的客户端,但若要不拒绝服务器,服务使用的证书必须得到lambda的信任。为什么需要这样做?这是基于容器的服务。您使用什么语言开发?例如,Java维护它自己的列表。@aviboy2006这不完全是一个要求,但现在,我想知道CA已经存在。@stdunbar我正在使用Java。@sándorBakos是的,lamda是https调用中的客户端,但要不拒绝服务器,服务使用的证书必须得到lambda的信任。