Java Can'；你不能通过SSL使用AmazonS3API吗？_Java_Amazon Web Services_Ssl_Amazon S3

Java Can'；你不能通过SSL使用AmazonS3API吗？

java amazon-web-services ssl amazon-s3

Java Can'；你不能通过SSL使用AmazonS3API吗？,java,amazon-web-services,ssl,amazon-s3,Java,Amazon Web Services,Ssl,Amazon S3,我正在尝试使用AmazonS3API加密和上传文件 public class AmazonS3 { String KmsId = "my_id_comes_here"; private TransferManager getTransferManager() { AWSCredentials awsCredentials = new ProfileCredentialsProvider().getCredentials(); KMSEncryp

我正在尝试使用AmazonS3API加密和上传文件

public class AmazonS3 {

    String KmsId = "my_id_comes_here";

    private TransferManager getTransferManager() {
        AWSCredentials awsCredentials = new ProfileCredentialsProvider().getCredentials();
        KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(KmsId);
        AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(awsCredentials, materialProvider,
                new CryptoConfiguration().withKmsRegion(Regions.EU_CENTRAL_1)).withRegion(Regions.EU_CENTRAL_1);
        s3Client.setEndpoint("s3.eu-central-1.amazonaws.com");
        TransferManager transferManager = new TransferManager(s3Client);
        return transferManager;
    }

    public void upload(String bucket, String keyName, String filePath)
            throws InterruptedException, NoSuchAlgorithmException, IOException, InvalidKeySpecException {

        TransferManager transferManager = getTransferManager();
        // TransferManager processes all transfers asynchronously, so this call will return immediately.
        Upload upload = transferManager.upload(bucket, keyName, new File(filePath));

        try {
            // Or you can block and wait for the upload to finish
            upload.waitForCompletion();
            System.out.println("Upload complete.");
        } catch (AmazonClientException amazonClientException) {
            System.out.println("Unable to upload file, upload was aborted.");
            amazonClientException.printStackTrace();
        }
    }

如果我不将我的信任方作为参数传递给我的应用程序，那么这项功能就可以正常工作

但是，如果我用信任人初始化应用程序，如下所示：

-Dspring.profiles.active="dev" -Djavax.net.debug=all -Djavax.net.ssl.trustStore=/usr/share/ca-certificates/anevis/java/activemq/client.ts -Djavax.net.ssl.trustStorePassword=changeit
它给了我这个错误：

com.amazonaws.AmazonClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:516) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:317) at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3595) at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:999) at com.amazonaws.services.s3.transfer.TransferManager.doDownload(TransferManager.java:779) at com.amazonaws.services.s3.transfer.TransferManager.download(TransferManager.java:691) at com.anevis.documentengine.configuration.jms.AmazonS3.download(AmazonS3.java:57) at com.anevis.documentengine.configuration.jms.S3UploadTest.testUpload(S3UploadTest.java:25) at com.anevis.documentengine.configuration.jms.S3UploadTest.main(S3UploadTest.java:9) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403) at com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.connectSocket(SdkTLSSocketFactory.java:128) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:749) at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:505) ... 13 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ... 32 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ... 38 more

如何修复此错误？
您的信任存储没有保护AWS API的证书颁发机构。您需要创建一个新的信任存储，它将
client.ts
与AWS所需的信任存储结合起来。最简单的方法是将
client.ts
与JRE中的
cacerts
密钥库合并
例如：

keytool -importkeystore -srckeystore client.ts -destkeystore combined.ts -srcstorepass changeit -deststorepass changeit keytool -importkeystore -srckeystore $JAVA_HOME/jre/lib/security/cacerts -destkeystore combined.ts -srcstorepass changeit -deststorepass changeit

然后使用
combined.ts
而不是
client.ts
谢谢，我们也遇到了类似的问题，但我针对我们的场景稍微调整了响应
我收到此com.amazonaws.AmazonClientException:无法执行HTTP请求：sun.security.validator.validator异常：PKIX路径生成失败：sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
尝试连接到AmazonDynamoDB时出现异常
当我们将应用程序移动到HTTPS时，我们开始收到此错误
因此，解决方案是相同的，唯一的区别是我必须将证书添加到HTTPS迁移期间生成的cacerts中，而不是client.ts
keytool-importkeystore-srckeystore$JAVA_HOME/jre/lib/security/cacerts-destkeystore test.p12-srcstorepass changeit-deststorepass test

谢谢，
你只是个救世主！令人惊叹的。非常感谢。我有一个类似的问题：当我没有ssl存储时，一切正常，但是当我尝试通过服务器访问S3并附加AWS RDS根证书时，我得到了相同的异常。我必须向AWS申请什么类型的证书？我是否将其附加到具有RDS根证书的同一信任库？