Mendapatkan Token Akses Azure untuk Cloud Jerman

Saya memiliki program kecil yang gagal saat mencoba mendapatkan Token Akses untuk Azure German Cloud

public static String generateAccessToken(AzureAccount accountValue) throws MalformedURLException, InterruptedException,
                    ExecutionException, ServiceUnavailableException {
        AuthenticationContext context;
        ExecutorService service = null;
        try {
            String tenantId = accountValue.getTenant();
            String ClientID = accountValue.getClient();
            String secretKey = accountValue.getKey();
            service = Executors.newFixedThreadPool(1);
            context = new AuthenticationContext(
                                                "https://login.microsoftonline.de/" + tenantId
                                                + "/oauth2/authorize", false,
                                                service);

            ClientCredential cred = new ClientCredential(ClientID, secretKey);
            Future<AuthenticationResult> future =
                                                context.acquireToken("https://management.microsoftazure.de", cred,
                                                                     null);
            AuthenticationResult authenticationResult = future.get();
            if (authenticationResult == null) {
                throw new ServiceUnavailableException("authentication result was null");
            }
            System.out.println("Bearer " + authenticationResult.getAccessToken());
            return "Bearer " + authenticationResult.getAccessToken();
        }
        finally {
            service.shutdown();
        }
    }

Kode ini berfungsi dengan benar untuk Azure General Cloud tetapi gagal untuk German Cloud.

Ini adalah stackTrace

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
    at com.microsoft.aad.adal4j.AdalOAuthRequest.configureHeaderAndExecuteOAuthCall(AdalOAuthRequest.java:140)
    at com.microsoft.aad.adal4j.AdalOAuthRequest.send(AdalOAuthRequest.java:83)
    at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:80)
    at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:818)
    at com.microsoft.aad.adal4j.AuthenticationContext.access$100(AuthenticationContext.java:66)
    at com.microsoft.aad.adal4j.AuthenticationContext$1.call(AuthenticationContext.java:174)
    at com.microsoft.aad.adal4j.AuthenticationContext$1.call(AuthenticationContext.java:163)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
    ... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 29 more
java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.util.concurrent.FutureTask.report(FutureTask.java:122)
    at java.util.concurrent.FutureTask.get(FutureTask.java:192)
    at com.vmturbo.mediation.azure.Runner.generateAccessToken(Runner.java:127)
    at com.vmturbo.mediation.azure.Runner.main(Runner.java:79)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
    at com.microsoft.aad.adal4j.AdalOAuthRequest.configureHeaderAndExecuteOAuthCall(AdalOAuthRequest.java:140)
    at com.microsoft.aad.adal4j.AdalOAuthRequest.send(AdalOAuthRequest.java:83)
    at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:80)
    at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:818)
    at com.microsoft.aad.adal4j.AuthenticationContext.access$100(AuthenticationContext.java:66)
    at com.microsoft.aad.adal4j.AuthenticationContext$1.call(AuthenticationContext.java:174)
    at com.microsoft.aad.adal4j.AuthenticationContext$1.call(AuthenticationContext.java:163)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
    ... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

Sepertinya ia sedang mencari beberapa file sertifikat yang saya tidak tahu. Adakah yang tahu tentang ini?

Apakah ada juga cara untuk mendapatkan token Azure Access menggunakan Azure Java SDK sehingga saya tidak perlu melakukan panggilan REST API satu per satu?


azure azure-api-management azure-active-directory azure-sdk
person user1142317    schedule 17.07.2017    source sumber
comment
Saya akan memeriksa semua file di proyek Anda, bahkan yang tidak Anda tulis, dan mencari contoh windows.net atau microsoftonline.com dan memastikan tidak ada konfigurasi di aplikasi Anda yang mengarah ke Azure Cloud yang salah. Saya tidak 100% yakin tentang pesan kesalahan tersebut, tetapi ini mungkin sesederhana program Anda gagal memvalidasi tanda tangan pada token karena Anda mencari titik akhir kunci publik yang salah.   -  person Shawn Tabrizi    schedule 18.07.2017
comment
Tidak ada yang salah dengan kode Anda, saya baru saja mengujinya saat Anda memilikinya dan dapat memperoleh token akses ke API manajemen Azure Jerman. Apakah Anda benar-benar yakin di sinilah pengecualian dilemparkan (Anda kehilangan sebagian dari jejak tumpukan)? Sudahkah Anda melihat pertanyaan lain di StackOverflow mengenai pengecualian itu?   -  person Philippe Signoret    schedule 18.07.2017

Jawaban (1)


arrow_upward
1
arrow_downward

Ini karena Anda menggunakan VM yang tidak berada dalam rentang IP Jerman. Anda memiliki dua opsi:

  1. Terapkan VM di cloud Azure Jerman atau di AWS Frankfurt
  2. Untuk menerapkan dari lokasi non-Jerman: perbarui Java SDK yang Anda miliki (saya punya 1.8.0_92 dan diperbarui ke 1.8.0_144) dan ini akan berfungsi
person Jaimy    schedule 09.08.2017
comment
Hai, apakah sudah diperbaiki? Saya memiliki masalah yang sama dan saya menjalankan VM Azure Jerman menggunakan Java 1.8.144 - person li-raz; 13.10.2017
comment
ya, setelah itu Anda harus mengatur kembali jalur java jvm Anda dan kemudian mencari skrip bash_profile. Apakah kamu melakukan itu? - person Jaimy; 15.10.2017
comment
Anda dapat memeriksanya dengan mengetikkan Java yang mana di terminal - person Jaimy; 15.10.2017
comment
saya menggunakan Java terbaru - 1.8.0.144 - Saya telah menginstal Java di mesin bersih - person li-raz; 16.10.2017