当我尝试使用 JBOSS RestEasyClient 向 AWS API Gateway 中的 API 发出简单的 GET 请求时,出现 SSLHandShakeException。这是我的代码:
public static void main(String[] args){
ResteasyClient client = new ResteasyClientBuilder().build();
ResteasyWebTarget target = client.target( "https://MYAPI_ID.execute-api.us-east-1.amazonaws.com/prod/proxy" );
Response response = target.request().get();
String value = response.readEntity( String. class );
System.out.println( value );
response.close();
}
我明白了:
Exception in thread "main" javax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request
at org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:287)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:436)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocationBuilder.get(ClientInvocationBuilder.java:159)
at com.contaazul.gov.core.TesteSimples.main(TesteSimples.java:20)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
at org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:283)
... 3 more
此代码适用于其他网站,例如 https://google.com/我的 API 的 URL 可与 cURL、Python urllib2 以及 Java 中的类似内容一起使用:System.out.println(org.apache.commons.io.IOUtils.toString(new URL("https://MYAPI_ID.execute-api.us-east-1.amazonaws.com/prod/proxy")));
我已经尝试将证书添加到 keystore (很多次,很多方式),我认为如果证书是问题我无法得到 IOUtils 的响应,对吗?
谢谢!
最佳答案
我在 API Gateway 中见过的每个 SSLHandShakeException 都是由客户端不支持 SNI 引起的。 API Gateway 使用服务器名称指示 (SNI) 来支持许多使用一小组 IP 地址的自定义域名,以避免为每个名称分配专用 IP 地址。因此,客户端必须支持SNI才能调用API网关托管的API。
关于java - 使用 ResteasyClient 时 AWS API Gateway 出现 SSLHandShakeException,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34780354/