Spring Cloud Gateway problem不存在主题备选名称
请帮助解决这个问题与apigateway
我想使用spring cloud gateway将我的请求路由到cluter中的google cloud集群,我有1个微服务,但它不接受我的请求。
请帮助解决此云网关问题没有主题备选名称。
异常
javax.net.ssl.SSLHandshakeException: No subject alternative names present
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130) ~[na:na]
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
Error has been observed at the following site(s):
*__checkpoint ⇢ org.springframework.cloud.gateway.filter.WeightCalculatorWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ HTTP GET "/admin/login?objectType=admin&adminId=A002" [ExceptionHandlingWebHandler]
Original Stack Trace:
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1318) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1195) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1138) ~[na:na]
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393) ~[na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:469) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260) ~[na:na]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:714) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205) ~[na:na]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1559) ~[netty-handler-4.1.91.Final.jar:4.1.91.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1405) ~[netty-handler-4.1.91.Final.jar:4.1.91.Final]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1246) ~[netty-handler-4.1.91.Final.jar:4.1.91.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1295) ~[netty-handler-4.1.91.Final.jar:4.1.91.Final]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[netty-codec-4.1.91.Final.jar:4.1.91.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[netty-codec-4.1.91.Final.jar:4.1.91.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[netty-codec-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[netty-transport-4.1.91.Final.jar:4.1.91.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[netty-common-4.1.91.Final.jar:4.1.91.Final]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.91.Final.jar:4.1.91.Final]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.1.91.Final.jar:4.1.91.Final]
at java.base/java.lang.Thread.run(Thread.java:1623) ~[na:na]
Caused by: java.security.cert.CertificateException: No subject alternative names present
at java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:138) ~[na:na]
at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:101) ~[na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:457) ~[na:na]application.yml
server:
port: 9999
ssl:
enabled: true
key-alias: ***
key-store-password: ***
key-store: classpath:keystore/***.p12
key-store-type: PKCS12
spring:
cloud:
gateway:
routes:
- id: ADMIN-SERVICE
uri: https://google_cloud:8443/v1.0.0/reg
predicates:
- Path=/user/**我已经尝试了这个代码,但不工作
static {
HttpsURLConnection.setDefaultHostnameVerifier(
(hostname,sslSession) -> true
);
}这个解决方案是chatGpt给予我的,但是这个解决方案的一些方法在一些类中是不可用的。
@Bean
public WebClient webClient(GatewayProperties gatewayProperties) throws SSLException {
SslContext sslContext = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build();
HttpClient httpClient = HttpClient.create().secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));
ReactorClientHttpConnector connector = new ReactorClientHttpConnector(httpClient);
WebClient.Builder builder = WebClient.builder().clientConnector(connector);
if (gatewayProperties != null && gatewayProperties.isUseForwardHeaders()) {
builder.filter((request, next) -> {
ServerHttpRequest.Builder mutableReq = request.mutate();
List<String> forwardedHeaders = gatewayProperties.getForwardedHeaders();
for (String header : forwardedHeaders) {
String value = request.getHeaders().getFirst(header);
if (value != null) {
mutableReq.header(header, value);
}
}
return next.exchange(mutableReq.build());
});
}
return builder.build();
}我在stackoverflow中找到了这个解决方案,但那个也不起作用
@Bean
public WebClient.Builder getWebClientBuilder() {
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
return WebClient.builder();
}此解决方案与RestTemplate一起工作,但不适用于Spring Cloud网关
@Bean
public static void disableSslVerification() {
try
{
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}我想使用本地Spring Cloud Gateway将我的请求路由到cluter中的Google Cloud集群,我有1个微服务,但它不接受我的请求。
我正在使用Sping Boot 版本3和Spring Cloud Gateway版本3。
请帮助解决这个云网关问题是-〉javax.net.ssl.SSLHandshakeException:不存在主题备选名称
我有我们多个解决方案,但不工作,所以这就是为什么我发布这个问题,请帮助我和社会解决这个问题。
谢谢你
1条答案
按热度按时间oxiaedzo1#
你的问题似乎与这里发布的问题相似:Certificate for doesn't match any of the subject alternative names我也提供了一个答案和如何解决它在这里:https://stackoverflow.com/a/53822999/6777695
你正在尝试通过spring cloud gateway将请求路由到google cloud cluster,所以我假设你的spring应用程序正在抛出这个异常。您只需要确保微服务的证书在主题替代名称列表中具有正确的IP和DNS列表。因此,任何试图通过
https://foo.bar调用您的微服务的人(假设您的主机在foo.bar上可用),只有在您的微服务证书的主题替代名称列表中也存在时才有可能。因此,请确保生成一个证书,例如foo.bar作为DNS或使用IP(如果您使用IP)来访问您的微服务。链接第二个链接包含如何在使用keytool时包含SAN字段的示例。