Java Azure Key Vault警告okhttp3.OkHttpClient:连接泄漏_Java_Azure_Spring Boot_Encryption_Azure Keyvault

Java Azure Key Vault警告okhttp3.OkHttpClient:连接泄漏

java azure spring-boot encryption

Java Azure Key Vault警告okhttp3.OkHttpClient:连接泄漏,java,azure,spring-boot,encryption,azure-keyvault,Java,Azure,Spring Boot,Encryption,Azure Keyvault,我们正在Spring boot应用程序中使用Azure Key Vault Provider加密SQL Server DB列，一切正常。但是，我们看到正在记录“连接泄漏”警告消息，如下所示： 2019-12-04 16:26:26.332 WARN 1 --- [ ConnectionPool] okhttp3.OkHttpClient : A connection to https://xxxxx.vault.azure.net/ was leaked

我们正在Spring boot应用程序中使用Azure Key Vault Provider加密SQL Server DB列，一切正常。但是，我们看到正在记录“连接泄漏”警告消息，如下所示：

2019-12-04 16:26:26.332  WARN 1 --- [ ConnectionPool] okhttp3.OkHttpClient                     : A connection to https://xxxxx.vault.azure.net/ was leaked. Did you forget to close a response body?  java.lang.Throwable: response.body().close()
at okhttp3.internal.platform.Platform.getStackTraceForCloseable(Platform.java:148)
at okhttp3.RealCall.captureCallStackTrace(RealCall.java:89)
at okhttp3.RealCall.execute(RealCall.java:73)
at retrofit2.OkHttpCall.execute(OkHttpCall.java:180)
at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:40)
at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:24)
at rx.Observable.unsafeSubscribe(Observable.java:10327)
at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48)
at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
at rx.Observable.subscribe(Observable.java:10423)
at rx.Observable.subscribe(Observable.java:10390)
at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:443)
at rx.observables.BlockingObservable.single(BlockingObservable.java:340)
at com.microsoft.azure.keyvault.implementation.KeyVaultClientBaseImpl.getKey(KeyVaultClientBaseImpl.java:1390)
at com.microsoft.azure.keyvault.implementation.KeyVaultClientCustomImpl.getKey(KeyVaultClientCustomImpl.java:627)
at com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider.getAKVKeySize(SQLServerColumnEncryptionAzureKeyVaultProvider.java:565)
at com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider.decryptColumnEncryptionKey(SQLServerColumnEncryptionAzureKeyVaultProvider.java:165)
at com.microsoft.sqlserver.jdbc.SQLServerSymmetricKeyCache.getKey(SQLServerSymmetricKeyCache.java:157)
at com.microsoft.sqlserver.jdbc.SQLServerSecurityUtility.decryptSymmetricKey(SQLServerSecurityUtility.java:136)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.getParameterEncryptionMetadata(SQLServerPreparedStatement.java:940)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.doExecutePreparedStatement(SQLServerPreparedStatement.java:562)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement$PrepStmtExecCmd.doExecute(SQLServerPreparedStatement.java:522)
at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7194)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:2935)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeCommand(SQLServerStatement.java:248)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeStatement(SQLServerStatement.java:223)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.executeUpdate(SQLServerPreparedStatement.java:471)

下面是我们与Azure Key Vault建立连接以启动DB列加密的代码

public void setupEncryption() throws Exception {
    if (alwaysOnEncryptionEnabled) {
        SQLServerColumnEncryptionAzureKeyVaultProvider akvProvider = new SQLServerColumnEncryptionAzureKeyVaultProvider(this.alwaysOnEncryptionClientId, this.alwaysOnEncryptionClientSecret);
        Map<String, SQLServerColumnEncryptionKeyStoreProvider> keyStoreMap = new HashMap<>();
        keyStoreMap.put(akvProvider.getName(), akvProvider);
        SQLServerConnection.registerColumnEncryptionKeyStoreProviders(keyStoreMap);

    }
}

public void setupEncryption（）引发异常{
如果（始终加密启用）{
SQLServerColumnEncryptionAzureKeyVaultProvider akvProvider=新SQLServerColumnCryptionAzureKeyVaultProvider（this.alwaysOnEncryptionClientId，this.alwaysOnEncryptionClientSecret）；
Map keyStoreMap=newhashmap（）；
keystremap.put（akvProvider.getName（），akvProvider）；
SQLServerConnection.RegisterColumEncryptionKeyStoreProviders（keyStoreMap）；
}
}

似乎Azure密钥库中的代码连接未正确关闭

请帮助我处理此警告消息

我们希望处理此消息，因为我们使用Azure Key vault的应用程序非常关键，不希望存在任何漏洞

还想知道如果我们无法处理此连接泄漏会产生什么影响。

您可以尝试在代码中添加这一行：

keyVaultClient.httpClient().connectionPool().evictAll();

是一个类似于您的问题，供您参考。

我无法使用此解决方案，因为我们使用的是SQLServerColumnEncryptionAzureKeyVaultProvider（），并且我们无法控制keyVaultClient对象来关闭连接。