从Jenkins插件调用API时,获取"java.net.SocketException:使用(SSL自签名证书)重置连接"
问题描述:
我有一个示例Java程序,该程序连接到特定的URL并调用使用自签名证书的API.
I have a sample Java Program which connects to a particular URL and calls an API that Use Self-Signed Certificate.
被调用的代码如下:
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URI;
import javax.ws.rs.core.UriBuilder;
public class test {
public static void main(String[] args) throws MalformedURLException, IOException {
URI uri = UriBuilder.fromPath("https://test1.com/").path("test/AuthorizedUser").queryParam("userName", "abc@test.com").queryParam("Password", "Password1").build();
HttpURLConnection connection = (HttpURLConnection) uri.toURL().openConnection();
connection.setRequestMethod("GET");
connection.setRequestProperty("Authorization", "NoAuth ");
connection.setRequestProperty("Accept", "application/json");
connection.connect();
int responseCode = connection.getResponseCode();
if (responseCode == HttpURLConnection.HTTP_OK)
{
BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
String result = response.toString();
System.out.println(result);
}
}
上面提到的程序正在使用Java运行,当我使用以下命令在JVM的信任库中安装SSL证书时:
Above mentioned program is working with Java When I installed SSL Certificate in JVM's trust store using these commands:
C:\Program Files\Java\jre1.8.0_131\bin\keytool.exe" -import -file "C:\Users\user1\Desktop\test1.cer" -keystore "C:\Program Files\Java\jre1.8.0_131\lib\security\cacerts" -alias "Test1_certificate
C:\Program Files\Java\jdk1.8.0_131\bin\keytool.exe" -import -file "C:\Users\user1\Desktop\test1.cer" -keystore "C:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts" -alias "Test1_certificate
问题是,当从Jenkins插件运行相同的代码时,出现此错误:
The problem is that when same code is running from Jenkins Plugin, I am getting this error :
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:210)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at com.ssts.restcalls.HTTPClientRestCall.GetInputStream(HTTPClientRestCall.java:92)
at com.test.restcalls.HTTPClientRestCall.Get(HTTPClientRestCall.java:20)
at com.test.restcalls.HttpRestCalls.authenticateUser(JerseyRestCalls.java:59)
at com.test.cloud.aCloud.CloudBuilder$DescriptorImpl.AuthenticateUser(CloudBuilder.java:798)
at com.test.cloud.acloud.CloudBuilder$DescriptorImpl.checkCredentials(CloudBuilder.java:1060)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
at org.kohsuke.stapler.MetaClass$JavaScriptProxyMethodDispatcher.doDispatch(MetaClass.java:490)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
at org.kohsuke.stapler.MetaClass$13.dispatch(MetaClass.java:411)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:813)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
at org.kohsuke.stapler.Stapler.service(Stapler.java:199)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:123)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:748)
我无法找出问题所在.Jenkins是否需要进行任何配置更改.
I am unable to figure out what's the problem. Is there is any configuration changes which need to be done in Jenkins.
我该怎么做才能解决问题?TIA
What can I do to solve the problem? TIA
答
创建自定义信任库,添加证书,然后通过 -Djavax.net将信任库传递给Jenkins.ssl.trustStore =/path/to/store (请参阅
Create a custom trust store, add your certificate, and pass that trust store to Jenkins via -Djavax.net.ssl.trustStore=/path/to/store (see this help for details).
这应该解决有关是否修改了正确的系统信任库的任何歧义.另外,您将避免修改系统信任库带来的所有风险.
This should resolve any ambiguity about whether you modified the proper system trust store or not. Also, you'll avoid all the risks that come with modifying the system trust store.