Azure的连接无法连接证书错误

问题描述 投票:1回答:2

我有一个很难试图对Azure中的特定租户ID进行身份验证。我使用的代码是以下之一:

public abstract class Azure
{
    private final static String GRAPH = "https://graph.windows.net/";
    private Logger objLogger;
    private String strAccessToken;
    private String strTenantID;
    private String strLogin;
    private String strAuthorize;
    private String strGraph;
    private String strApplicationID;
    private String strUsername;
    private String strPassword;
    public String getAccessToken() throws InvalidKeyException, MalformedURLException, ServiceUnavailableException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InterruptedException, ExecutionException
    {
        if (this.strAccessToken == null)
        {
            this.setAccessToken();
        }
        return this.strAccessToken;
    }
    private void setAccessToken() throws MalformedURLException, InterruptedException, ExecutionException, ServiceUnavailableException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException
    {
        AuthenticationContext objContext;
        AuthenticationResult objToken;
        ExecutorService objService;
        Future<AuthenticationResult> objFuture;
        objService = null;
        objToken = null;
        try
        {
            objService = Executors.newFixedThreadPool(1);
            objContext = new AuthenticationContext(this.getAuthorize(), false, objService);
            objFuture = objContext.acquireToken(GRAPH, this.getApplicationID(), this.getUsername(), this.getPassword(), null);
            objToken = objFuture.get();
            this.getLogger().info("Connection to Azure ".concat(this.getClass().getSimpleName().toLowerCase()).concat(" successfully stablished"));
        }
        finally
        {
            objService.shutdown();
        }
        if (objToken == null)
        {
            throw new ServiceUnavailableException("Authentication Service is not available");
        }
        this.strAccessToken = objToken.getAccessToken();
    }
    public void setGraph()
    {
        this.strGraph = GRAPH.concat(this.getTenantID());
    }
}

public class Connection1 extends Azure
{
    private static Connection1 objInstance;
    private Connection1() throws ParameterException, IOException, ParserConfigurationException, SAXException
    {
        super();
        this.setTenantID(<Tenant ID>);
        this.setLogin("https://login.microsoftonline.com/".concat(this.getTenantID()));
        this.setAuthorize(this.getLogin().concat("/oauth2/authorize"));
        this.setGraph();
        this.setApplicationID(<Application ID>);
        this.setAccessToken(null);
        this.setUsername(<username>);
        this.setPassword(<password>);
        this.setLogger();
    }
    public static Azure getInstance() throws ParameterException, IOException, ParserConfigurationException, SAXException
    {
        if (objInstance == null)
        {
            objInstance = new Connection1();
        }
        return objInstance;
    }
}

我有两个类连接1和连接2。连接2是连接1的副本,我唯一改变的事情是:

1)租户ID

2)应用程序ID

3)用户名

4)密码。

随着连接1我可以没有任何问题的验证和检索数据。这个问题带有连接2,这一个我得到以下错误:

[pool-3-thread-1] ERROR com.microsoft.aad.adal4j.AuthenticationContext - [Correlation ID: 63cc6344-2bc1-4f61-aaa0-a2f07acb172b] Execution of class com.microsoft.aad.adal4j.AcquireTokenCallable failed.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

这似乎是一个证书错误,于是我研究了一点网上,他们建议“DigiCert巴尔的摩根”证书添加到我的证书存储区。该证书已经存在。你有我应该如何面对它的主意?

java azure adal4j
2个回答
1
投票

其实发现这个问题。我用的Firefox插件TamperData和检查每个重定向让所有各自的证书的网站。似乎有在这个特殊的房客这一变化,而不是使用DigiCert巴尔的摩根它Entrust.net根端


0
投票

只是根据你的错误信息,有两个博客低于你可以参考来解决这个问题unable to find valid certification path to requested target

  1. https://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/
  2. http://nodsw.com/blog/leeland/2006/12/06-no-more-unable-find-valid-certification-path-requested-target

上述博客所使用的所有工具InstallCert服务器证书可以添加到本地密钥库。请按照GitHub的库的README。

同时,只有我的猜测,我认为,一个可能的原因是在JVM证书存储资源的竞争。所以,如果你是一个JVM实例中运行的Connection1Connection2,你可以尝试自己独立的JVM实例分开运行,或尝试复制JAVA_HOME目录,并在命令行设置临时JAVA_HOMEPATH环境变量来运行其它没有任何资源Connection2大家一起分享。

© www.soinside.com 2019 - 2024. All rights reserved.