Certificates do not conform to algorithm constraints

前进之路  金牌会员 | 2025-1-15 11:03:41 | 显示全部楼层 | 阅读模式
打印 上一主题 下一主题
楼主

主题 970|帖子 970|积分 2910

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?立即注册

x
1、通过启动命令脚本的修改,将ssl的握手细节,打印出来,命令如下:
  1. sudo nohup java -Djavax.net.debug=ssl,handshake  -jar -Xms512m -Xmx2048m -XX:CompressedClassSpaceSize=256m -XX:MetaspaceSize=200m -XX:MaxMetaspaceSize=400m controller.jar>/home/lbadmin/service/lbservice/controller/controller_ssl_debug.log 2>&1 &
复制代码
-Djavax.net.debug=ssl,handshake 表现输出ssl细节命令,/home/lbadmin/service/lbservice/controller/controller_ssl_debug.log标识输出的日志目录
2、通过输出日志判断出证书的签名是
  1. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.765 CST|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
  2. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.771 CST|ClientHello.java:564|Produced ClientHello handshake message (
  3. "ClientHello": {
  4.   "client version"      : "TLSv1.2",
  5.   "random"              : "71 BC BD 83 D0 B3 53 5C A6 DC AC 2A 42 DA E9 EE 18 6E 92 23 9E 66 F8 7C D5 BF 89 C8 3D B1 3B CE",
  6.   "session id"          : "71 9D 18 35 CB EF 8F C2 A5 CC 36 73 62 30 F1 A2 AC 0B F4 04 81 FA 85 78 98 EC 2C AB A2 96 AD 1F",
  7.   "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  8.   "compression methods" : "00",
  9.   "extensions"          : [
  10.     "supported_groups (10)": {
  11.       "versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
  12.     },
  13.     "ec_point_formats (11)": {
  14.       "formats": [uncompressed]
  15.     },
  16.     "signature_algorithms (13)": {
  17.       "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha224, rsa_sha224]
  18.     },
  19.     "signature_algorithms_cert (50)": {
  20.       "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha224, rsa_sha224]
  21.     },
  22.     "extended_master_secret (23)": {
  23.       <empty>
  24.     },
  25.     "supported_versions (43)": {
  26.       "versions": [TLSv1.3, TLSv1.2]
  27.     },
  28.     "psk_key_exchange_modes (45)": {
  29.       "ke_modes": [psk_dhe_ke]
  30.     },
  31.     "key_share (51)": {
  32.       "client_shares": [  
  33.         {
  34.           "named group": secp256r1
  35.           "key_exchange": {
  36.             0000: 04 39 F0 AA A5 7A 7A 00   E8 13 3A 1B B4 59 1D 27  .9...zz...:..Y.'
  38.             0020: BA BD F4 EA D8 5F A5 25   C0 AD 79 80 F5 50 09 C1  ....._.%..y..P..
  39.             0030: B4 25 AE F5 62 0B BA A5   89 62 1F 0E AF ED DC A4  .%..b....b......
  40.             0040: 4A
  41.           }
  42.         },
  43.       ]
  44.     }
  45.   ]
  46. }
  47. )
  48. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.778 CST|ServerHello.java:863|Consuming ServerHello handshake message (
  49. "ServerHello": {
  50.   "server version"      : "TLSv1.2",
  51.   "random"              : "18 18 E3 FE 94 2D EC EA 33 A2 A2 F8 44 FA 55 97 7A 9D 00 9C 31 DC 67 02 8C A5 51 5E D1 49 FB 51",
  52.   "session id"          : "AC E4 BF 26 96 0E A0 00 00 00 00 00 00 72 D3 D4",
  53.   "cipher suite"        : "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F)",
  54.   "compression methods" : "00",
  55.   "extensions"          : [
  56.     "renegotiation_info (65,281)": {
  57.       "renegotiated connection": [<no renegotiated connection>]
  58.     },
  59.     "ec_point_formats (11)": {
  60.       "formats": [uncompressed]
  61.     },
  62.     "extended_master_secret (23)": {
  63.       <empty>
  64.     }
  65.   ]
  66. }
  67. )
  68. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.780 CST|SSLExtensions.java:173|Ignore unavailable extension: supported_versions
  69. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.781 CST|ServerHello.java:955|Negotiated protocol version: TLSv1.2
  70. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.782 CST|SSLExtensions.java:192|Consumed extension: renegotiation_info
  71. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.783 CST|SSLExtensions.java:173|Ignore unavailable extension: server_name
  72. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.783 CST|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
  73. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.784 CST|SSLExtensions.java:173|Ignore unavailable extension: status_request
  74. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.784 CST|SSLExtensions.java:192|Consumed extension: ec_point_formats
  75. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.785 CST|SSLExtensions.java:173|Ignore unavailable extension: status_request_v2
  76. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.785 CST|SSLExtensions.java:192|Consumed extension: extended_master_secret
  77. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.786 CST|SSLExtensions.java:163|Ignore unsupported extension: supported_versions
  78. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.786 CST|SSLExtensions.java:163|Ignore unsupported extension: key_share
  79. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.787 CST|SSLExtensions.java:192|Consumed extension: renegotiation_info
  80. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.787 CST|SSLExtensions.java:163|Ignore unsupported extension: pre_shared_key
  81. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.788 CST|SSLExtensions.java:207|Ignore unavailable extension: server_name
  82. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.789 CST|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
  83. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.789 CST|SSLExtensions.java:207|Ignore unavailable extension: status_request
  84. javax.net.ssl|WARNING|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.790 CST|SSLExtensions.java:215|Ignore impact of unsupported extension: ec_point_formats
  85. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.790 CST|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
  86. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.791 CST|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
  87. javax.net.ssl|WARNING|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.791 CST|SSLExtensions.java:215|Ignore impact of unsupported extension: extended_master_secret
  88. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.792 CST|SSLExtensions.java:207|Ignore unavailable extension: supported_versions
  89. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.792 CST|SSLExtensions.java:207|Ignore unavailable extension: key_share
  90. javax.net.ssl|WARNING|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.793 CST|SSLExtensions.java:215|Ignore impact of unsupported extension: renegotiation_info
  91. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.793 CST|SSLExtensions.java:207|Ignore unavailable extension: pre_shared_key
  92. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.808 CST|CertificateMessage.java:366|Consuming server Certificate handshake message (
  93. "Certificates": [
  94.   "certificate" : {
  95.     "version"            : "v3",
  96.     "serial number"      : "5D 9E 43 DD 08 19 30",
  97.     "signature algorithm": "SHA1withRSA",
  98.     "issuer"             : "CN=Skechers CLC, O=Skechers China Logistics Center, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
  99.     "not before"         : "2019-10-09 04:32:29.000 CST",
  100.     "not  after"         : "2025-04-01 04:32:29.000 CST",
  101.     "subject"            : "CN=skxclcwms.skechers.cn, O=Skechers CLC, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
  102.     "subject public key" : "RSA"},
  103.   "certificate" : {
  104.     "version"            : "v3",
  105.     "serial number"      : "5D 9E 3E E6",
  106.     "signature algorithm": "SHA1withRSA",
  107.     "issuer"             : "CN=Skechers CLC, O=Skechers China Logistics Center, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
  108.     "not before"         : "2019-10-09 04:11:18.000 CST",
  109.     "not  after"         : "",
  110.     "subject"            : "CN=Skechers CLC, O=Skechers China Logistics Center, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
  111.     "subject public key" : "RSA",
  112.     "extensions"         : [
  113.       {
  114.         ObjectId: 2.5.29.19 Criticality=true
  115.         BasicConstraints:[
  116.           CA:true
  117.           PathLen:2147483647
  118.         ]
  119.       }
  120.     ]}
  121. ]
  122. )
  123. javax.net.ssl|SEVERE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.817 CST|TransportContext.java:323|Fatal (UNSUPPORTED_CERTIFICATE): Certificates do not conform to algorithm constraints (
  124. "throwable" : {
  125.   java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
  126.           at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1429)
  127.           at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1354)
  128.           at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1298)
  129.           at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
  130.           at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
  131.           at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
  132.           at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
  133.           at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
  134.           at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
  135.           at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
  136.           at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
  137.           at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1401)
  138.           at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309)
  139.           at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
  140.           at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
  141.           at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
  142.           at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
  143.           at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
  144.           at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:394)
  145.           at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
  146.           at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
  147.           at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
  148.           at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
  149.           at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
  150.           at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
  151.           at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
  152.           at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:87)
  153.           at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
  154.           at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
  155.           at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:687)
  156.           at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:644)
  157.           at org.springframework.web.client.RestTemplate.postForEntity(RestTemplate.java:430)
  158.           at com.amrcan.airrob.data.report.utils.ReportRestUtil.post(ReportRestUtil.java:263)
  159.           at com.amrcan.airrob.data.report.utils.ReportRestUtil.post(ReportRestUtil.java:78)
  160.           at com.amrcan.airrob.data.report.utils.ReportRestUtil$$FastClassBySpringCGLIB$$e0cac39.invoke(<generated>)
  161.           at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
  162.           at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)
  163.           at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
  164.           at org.springframework.retry.interceptor.RetryOperationsInterceptor$1.doWithRetry(RetryOperationsInterceptor.java:91)
  165.           at org.springframework.retry.support.RetryTemplate.doExecute(RetryTemplate.java:287)
  166.           at org.springframework.retry.support.RetryTemplate.execute(RetryTemplate.java:164)
  167.           at org.springframework.retry.interceptor.RetryOperationsInterceptor.invoke(RetryOperationsInterceptor.java:118)
  168.           at org.springframework.retry.annotation.AnnotationAwareRetryOperationsInterceptor.invoke(AnnotationAwareRetryOperationsInterceptor.java:153)
  169.           at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
  170.           at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
  171.           at com.amrcan.airrob.data.report.utils.ReportRestUtil$$EnhancerBySpringCGLIB$$e61fd3ac.post(<generated>)
  172.           at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl.send(ReportLogServiceImpl.java:332)
  173.           at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl.sendReportLog(ReportLogServiceImpl.java:285)
  174.           at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl$$FastClassBySpringCGLIB$$35bc1768.invoke(<generated>)
  175.           at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
  176.           at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:684)
  177.           at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl$$EnhancerBySpringCGLIB$$fe5ebaac.sendReportLog(<generated>)
  178.           at com.amrcan.airrob.skechers.service.Impl.SkechersInBoundServiceImpl.postInBoundGetGoods(SkechersInBoundServiceImpl.java:58)
  179.           at com.amrcan.airrob.skechers.controller.SkqInBoundController.postInBoundGetGoods(SkqInBoundController.java:114)
  180.           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  181.           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  182.           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  183.           at java.lang.reflect.Method.invoke(Method.java:498)
  184.           at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:209)
  185.           at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136)
  186.           at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
  187.           at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:891)
  188.           at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797)
  189.           at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
  190.           at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:991)
  191.           at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)
  192.           at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:981)
  193.           at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:884)
  194.           at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
  195.           at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:858)
  196.           at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
  197.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
  198.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  199.           at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
  200.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  201.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  202.           at com.github.xiaoymin.knife4j.spring.filter.ProductionSecurityFilter.doFilter(ProductionSecurityFilter.java:53)
  203.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  204.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  205.           at com.github.xiaoymin.knife4j.spring.filter.SecurityBasicAuthFilter.doFilter(SecurityBasicAuthFilter.java:90)
  206.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  207.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  208.           at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
  209.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  210.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  211.           at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)
  212.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  213.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  214.           at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:90)
  215.           at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  216.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  217.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  218.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
  219.           at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
  220.           at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
  221.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  222.           at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
  223.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  224.           at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
  225.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  226.           at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
  227.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  228.           at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
  229.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  230.           at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
  231.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  232.           at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
  233.           at com.amrcan.airrob.authority.filter.security.JWTAuthorizationFilter.doFilterInternal(JWTAuthorizationFilter.java:53)
  234.           at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  235.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  236.           at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
  237.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  238.           at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96)
  239.           at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  240.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  241.           at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)
  242.           at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  243.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  244.           at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
  245.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  246.           at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
  247.           at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  248.           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  249.           at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
  250.           at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
  251.           at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
  252.           at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
  253.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  254.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  255.           at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
  256.           at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  257.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  258.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  259.           at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
  260.           at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  261.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  262.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  263.           at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
  264.           at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  265.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  266.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  267.           at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117)
  268.           at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106)
  269.           at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  270.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  271.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  272.           at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
  273.           at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  274.           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  275.           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  276.           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
  277.           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
  278.           at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
  279.           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
  280.           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
  281.           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
  282.           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
  283.           at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
  284.           at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
  285.           at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)
  286.           at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
  287.           at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
  288.           at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
  289.           at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
  290.           at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
  291.           at java.lang.Thread.run(Thread.java:750)
  292.   Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA1withRSA
  293.           at sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:237)
  294.           at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1425)
  295.           ... 165 more}
  297. )
  298. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.820 CST|SSLSocketImpl.java:1619|close the underlying socket
  299. javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.820 CST|SSLSocketImpl.java:1638|close the SSL connection (initiative)
复制代码
通过以上可知,证书的算法是SHA1withRSA,但是在新服务器下SHA1的算法为了安全已被禁用,但是由于服务器的证书牵扯过多的程序,更改服务器的证书算法不太现实,那么只有更改java的安全战略了
2、在linux的服务器下,找到java.security文件,一般在目录/etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.432.b06-3.e19.x86 64/lib/security/下,更改里面的jdk.jar.disabledAlgorithms中的去除SHA1,使其支持该算法
更改过之后,发现还是没用,
3、当时想着是不是因为客户端的openssl造成的,所以当时有找到openssl.cnf文件,进行更改,使其支持SHA1算法,但是依旧不能解决题目。
4、直到更改/etc/crypto-policies/back-ends/java.config的java.config文件,使其支持SHA1算法,测试才通过
/etc/crypto-policies 目录包罗用于配置系统加密战略的文件。这些战略旨在确保系统组件利用安全的加密算法、协议和密钥长度。
java.config 文件是这些战略的一部分,专门用于配置 Java 运行时环境(JRE)的加密设置。这个文件是由 crypto-policies 包提供的,并且通常与 FIPS(联邦信息处理处罚标准)合规性或其他加密标准有关。

免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
回复

使用道具 举报

0 个回复

倒序浏览
返回列表

快速回复

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 or 立即注册

本版积分规则

前进之路

金牌会员
这个人很懒什么都没写!

楼主热帖

标签云

AI 运维 CIO 存储 服务器
微信订阅号
微信服务号
微信客服
小程序
H5
关于我们 商务合作 网站地图
©Copyright 2022-2024 杭州祥升科技有限公司 版权所有 浙ICP备20004199号
快速回复 返回顶部 返回列表