Certificates do not conform to algorithm constraints

暗香浮动,月黑风高2025-01-15 13:24

这里写自定义目录标题

使用java程序调用HTTPS,在服务器升级后:java版本(1.8.432),openssl(3.2.2),报错Certificates do not conform to algorithm constraints; nested exception is javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraints:org.springframework.web.client.RestTemplate.696,
如上在做服务器升级的时候,升级了java小版本和openssl的版本,但是升级之后,测试发现证书的算法报错,初步怀疑是由升级造成的,但是程序日志中只有这样一个报错,判断不出来具体的算法报错细节

1、通过启动命令脚本的修改,将ssl的握手细节,打印出来,命令如下:

sudo nohup java -Djavax.net.debug=ssl,handshake  -jar -Xms512m -Xmx2048m -XX:CompressedClassSpaceSize=256m -XX:MetaspaceSize=200m -XX:MaxMetaspaceSize=400m controller.jar>/home/lbadmin/service/lbservice/controller/controller_ssl_debug.log 2>&1 &

-Djavax.net.debug=ssl,handshake 表示输出ssl细节命令,/home/lbadmin/service/lbservice/controller/controller_ssl_debug.log标识输出的日志目录

2、通过输出日志判断出证书的签名是

javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.765 CST|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.771 CST|ClientHello.java:564|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "71 BC BD 83 D0 B3 53 5C A6 DC AC 2A 42 DA E9 EE 18 6E 92 23 9E 66 F8 7C D5 BF 89 C8 3D B1 3B CE",
  "session id"          : "71 9D 18 35 CB EF 8F C2 A5 CC 36 73 62 30 F1 A2 AC 0B F4 04 81 FA 85 78 98 EC 2C AB A2 96 AD 1F",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "supported_groups (10)": {
      "versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha224, rsa_sha224]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha224, rsa_sha224]
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [  
        {
          "named group": secp256r1
          "key_exchange": {
            0000: 04 39 F0 AA A5 7A 7A 00   E8 13 3A 1B B4 59 1D 27  .9...zz...:..Y.'

            0020: BA BD F4 EA D8 5F A5 25   C0 AD 79 80 F5 50 09 C1  ....._.%..y..P..
            0030: B4 25 AE F5 62 0B BA A5   89 62 1F 0E AF ED DC A4  .%..b....b......
            0040: 4A 
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.778 CST|ServerHello.java:863|Consuming ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "18 18 E3 FE 94 2D EC EA 33 A2 A2 F8 44 FA 55 97 7A 9D 00 9C 31 DC 67 02 8C A5 51 5E D1 49 FB 51",
  "session id"          : "AC E4 BF 26 96 0E A0 00 00 00 00 00 00 72 D3 D4",
  "cipher suite"        : "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F)",
  "compression methods" : "00",
  "extensions"          : [
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "extended_master_secret (23)": {
      <empty>
    }
  ]
}
)
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.780 CST|SSLExtensions.java:173|Ignore unavailable extension: supported_versions
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.781 CST|ServerHello.java:955|Negotiated protocol version: TLSv1.2
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.782 CST|SSLExtensions.java:192|Consumed extension: renegotiation_info
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.783 CST|SSLExtensions.java:173|Ignore unavailable extension: server_name
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.783 CST|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.784 CST|SSLExtensions.java:173|Ignore unavailable extension: status_request
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.784 CST|SSLExtensions.java:192|Consumed extension: ec_point_formats
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.785 CST|SSLExtensions.java:173|Ignore unavailable extension: status_request_v2
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.785 CST|SSLExtensions.java:192|Consumed extension: extended_master_secret
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.786 CST|SSLExtensions.java:163|Ignore unsupported extension: supported_versions
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.786 CST|SSLExtensions.java:163|Ignore unsupported extension: key_share
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.787 CST|SSLExtensions.java:192|Consumed extension: renegotiation_info
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.787 CST|SSLExtensions.java:163|Ignore unsupported extension: pre_shared_key
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.788 CST|SSLExtensions.java:207|Ignore unavailable extension: server_name
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.789 CST|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.789 CST|SSLExtensions.java:207|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.790 CST|SSLExtensions.java:215|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.790 CST|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.791 CST|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
javax.net.ssl|WARNING|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.791 CST|SSLExtensions.java:215|Ignore impact of unsupported extension: extended_master_secret
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.792 CST|SSLExtensions.java:207|Ignore unavailable extension: supported_versions
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.792 CST|SSLExtensions.java:207|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.793 CST|SSLExtensions.java:215|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.793 CST|SSLExtensions.java:207|Ignore unavailable extension: pre_shared_key
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.808 CST|CertificateMessage.java:366|Consuming server Certificate handshake message (
"Certificates": [
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "5D 9E 43 DD 08 19 30",
    "signature algorithm": "SHA1withRSA",
    "issuer"             : "CN=Skechers CLC, O=Skechers China Logistics Center, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
    "not before"         : "2019-10-09 04:32:29.000 CST",
    "not  after"         : "2025-04-01 04:32:29.000 CST",
    "subject"            : "CN=skxclcwms.skechers.cn, O=Skechers CLC, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
    "subject public key" : "RSA"},
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "5D 9E 3E E6",
    "signature algorithm": "SHA1withRSA",
    "issuer"             : "CN=Skechers CLC, O=Skechers China Logistics Center, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
    "not before"         : "2019-10-09 04:11:18.000 CST",
    "not  after"         : "",
    "subject"            : "CN=Skechers CLC, O=Skechers China Logistics Center, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:true
          PathLen:2147483647
        ]
      }
    ]}
]
)
javax.net.ssl|SEVERE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.817 CST|TransportContext.java:323|Fatal (UNSUPPORTED_CERTIFICATE): Certificates do not conform to algorithm constraints (
"throwable" : {
  java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
  	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1429)
  	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1354)
  	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1298)
  	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
  	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
  	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
  	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
  	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
  	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
  	at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
  	at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
  	at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1401)
  	at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309)
  	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
  	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
  	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
  	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
  	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
  	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:394)
  	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
  	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
  	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
  	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
  	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
  	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
  	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
  	at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:87)
  	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
  	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
  	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:687)
  	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:644)
  	at org.springframework.web.client.RestTemplate.postForEntity(RestTemplate.java:430)
  	at com.amrcan.airrob.data.report.utils.ReportRestUtil.post(ReportRestUtil.java:263)
  	at com.amrcan.airrob.data.report.utils.ReportRestUtil.post(ReportRestUtil.java:78)
  	at com.amrcan.airrob.data.report.utils.ReportRestUtil$$FastClassBySpringCGLIB$$e0cac39.invoke(<generated>)
  	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
  	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)
  	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
  	at org.springframework.retry.interceptor.RetryOperationsInterceptor$1.doWithRetry(RetryOperationsInterceptor.java:91)
  	at org.springframework.retry.support.RetryTemplate.doExecute(RetryTemplate.java:287)
  	at org.springframework.retry.support.RetryTemplate.execute(RetryTemplate.java:164)
  	at org.springframework.retry.interceptor.RetryOperationsInterceptor.invoke(RetryOperationsInterceptor.java:118)
  	at org.springframework.retry.annotation.AnnotationAwareRetryOperationsInterceptor.invoke(AnnotationAwareRetryOperationsInterceptor.java:153)
  	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
  	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
  	at com.amrcan.airrob.data.report.utils.ReportRestUtil$$EnhancerBySpringCGLIB$$e61fd3ac.post(<generated>)
  	at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl.send(ReportLogServiceImpl.java:332)
  	at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl.sendReportLog(ReportLogServiceImpl.java:285)
  	at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl$$FastClassBySpringCGLIB$$35bc1768.invoke(<generated>)
  	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
  	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:684)
  	at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl$$EnhancerBySpringCGLIB$$fe5ebaac.sendReportLog(<generated>)
  	at com.amrcan.airrob.skechers.service.Impl.SkechersInBoundServiceImpl.postInBoundGetGoods(SkechersInBoundServiceImpl.java:58)
  	at com.amrcan.airrob.skechers.controller.SkqInBoundController.postInBoundGetGoods(SkqInBoundController.java:114)
  	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  	at java.lang.reflect.Method.invoke(Method.java:498)
  	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:209)
  	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136)
  	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
  	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:891)
  	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797)
  	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
  	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:991)
  	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)
  	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:981)
  	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:884)
  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
  	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:858)
  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at com.github.xiaoymin.knife4j.spring.filter.ProductionSecurityFilter.doFilter(ProductionSecurityFilter.java:53)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at com.github.xiaoymin.knife4j.spring.filter.SecurityBasicAuthFilter.doFilter(SecurityBasicAuthFilter.java:90)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:90)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
  	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
  	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
  	at com.amrcan.airrob.authority.filter.security.JWTAuthorizationFilter.doFilterInternal(JWTAuthorizationFilter.java:53)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
  	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
  	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
  	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
  	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117)
  	at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
  	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
  	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
  	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
  	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
  	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
  	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
  	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
  	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
  	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)
  	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
  	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
  	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
  	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
  	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
  	at java.lang.Thread.run(Thread.java:750)
  Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA1withRSA
  	at sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:237)
  	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1425)
  	... 165 more}

)
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.820 CST|SSLSocketImpl.java:1619|close the underlying socket
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.820 CST|SSLSocketImpl.java:1638|close the SSL connection (initiative)

通过以上可知,证书的算法是SHA1withRSA,但是在新服务器下SHA1的算法为了安全已被禁用,但是由于服务器的证书牵扯过多的程序,更改服务器的证书算法不太现实,那么只有更改java的安全策略了

2、在linux的服务器下,找到java.security文件,一般在目录/etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.432.b06-3.e19.x86 64/lib/security/下,更改里面的jdk.jar.disabledAlgorithms中的去除SHA1,使其支持该算法

更改过之后,发现还是没用,

3、当时想着是不是因为客户端的openssl造成的,所以当时有找到openssl.cnf文件,进行更改,使其支持SHA1算法,但是依旧不能解决问题。

4、直到更改/etc/crypto-policies/back-ends/java.config的java.config文件,使其支持SHA1算法,测试才通过

/etc/crypto-policies 目录包含用于配置系统加密策略的文件。这些策略旨在确保系统组件使用安全的加密算法、协议和密钥长度。

java.config 文件是这些策略的一部分,专门用于配置 Java 运行时环境(JRE)的加密设置。这个文件是由 crypto-policies 包提供的,并且通常与 FIPS(联邦信息处理标准)合规性或其他加密标准有关。

相关推荐
master-dragon6 分钟前
mybatis-spring @MapperScan走读分析
java·spring·mybatis
努力学习java的哈吉米大王33 分钟前
初识JAVA-面向对象的三大特征之多态
java·开发语言
一只小菜鸡1 小时前
python+django+elasticsearch实现自动化部署平台构建日志记录(前端vue-element展示)
前端·python·django
不是二师兄的八戒1 小时前
Python Selenium 库学习指南
python·selenium
KpLn_HJL1 小时前
leetcode - 3223. Minimum Length of String After Operations
java·算法·leetcode
okmacong1 小时前
04.计算机体系三层结构与优化(操作系统、计算机网络、)
java·服务器·计算机网络
网安CILLE1 小时前
2025年——【寒假】自学黑客计划(网络安全)
linux·网络·python·安全·web安全·网络安全·ddos
kikyo哎哟喂1 小时前
Spring&SpringBoot常用注解总结
java·spring boot·spring
立秋67891 小时前
自动化日常任务:使用Python和PyAutoGUI打开记事本并保存文本
python·自动化
玄明Hanko1 小时前
开源AI微调指南:入门级简单训练,初探AI之路
人工智能·python·ai·llma
热门推荐
01(欧拉)openEuler系统添加网卡文件配置流程、(欧拉)openEuler系统手动配置ipv6地址流程、(欧拉)openEuler系统网络管理说明02Dell服务器升级ubuntu 22.04失败解决03半导体应用系统一些小知识收集(strip&wafer mapping,EAP&scada)04玄机平台应急响应—webshell查杀05密码学原理技术-第六章-introduction to pulibc-key cryptography06优化手机性能,解决卡顿问题:关闭这3个微信开关,释放内存空间07go下载依赖提示连接失败08ESP-IDF学习记录(4) ESP-IDF examples目录09渗透测试之SQLMAP工具详解 kali自带SQLmap解释 重点sqlmap --tamper 使用方式详解 搞完你就很nice了10[Docker]使用Docker部署常见的中间件