I try to connect to oracle cloud through Aws-java-sdk-s3-1.11.116. When i code a main method. every thing works well. But when i put the method to tomcat. it will wrong. I don't know why. see code. the follow is right when runing main method.
public static void main(String[] args) {
// TODO Auto-generated method stub
AmazonS3 client = getAwsClient2();
List<Bucket> listRes = client.listBuckets();
for(int i=0; i< listRes.size();i++)
{
System.out.println(listRes.get(i).getName());
}
}
private static AmazonS3 getAwsClient2() {
BasicAWSCredentials awsCreds = new BasicAWSCredentials("xxxxxxxxxxxxxxxx","xxxxxxxxxxxxxxxxxxxxxx");
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(awsCreds))
.withClientConfiguration(Init())
.withPathStyleAccessEnabled(true)
.withEndpointConfiguration(
new AwsClientBuilder.EndpointConfiguration("xxxx.compat.objectstorage.us-ashburn-1.oraclecloud.com", Region.getRegion(amzRegion).toString()))
.build();
return s3Client;
}
the return is correct.
16:18:47.776 [main] DEBUG com.amazonaws.requestId - AWS Request ID:
975a50c6-a52b-c0e6-33b3-05d8d8ed44e5
FirstBucket
xxxxx-css-test
as-dev-xxxx-xxx-2dnav
as-dev-xxxx-xxprxxxxoxy-2dvxx
Process finished with exit code 0
But when i put it to tomcat. the certificate will error.
@GET
@Path("/users/testamazon")
public Response testAmazon() {
AmazonClient.testGetowner();
return Response.ok().build();
}
//the method same as main method.
public static void testGetowner(){
AmazonS3 client = getAwsClient2();
List<Bucket> listRes = client.listBuckets();
for(int i=0; i< listRes.size();i++)
{
System.out.println(listRes.get(i).getName());
}
}
When i call the restful api. /users/testamazon
com.amazonaws.SdkClientException: Unable to execute HTTP request: Certificate for <xxxx.compat.objectstorage.us-ashburn-1.oraclecloud.com> doesn't match any of the subject alternative names: [swiftobjectstorage.us-ashburn-1.oraclecloud.com]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1069)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1035)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4187)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4134)
I don't know why when i call the method from restful api, i get the certificate is 'swiftobjectstorage.us-ashburn-1.oraclecloud.com'. But when i call from main method, the certificate is '*.compat.objectstorage.us-ashburn-1.oraclecloud.com'. I debug the code, the certificate chain from AbstractVerifier.class
@Override
public final boolean verify(final String host, final SSLSession session) {
try {
final Certificate[] certs = session.getPeerCertificates();
final X509Certificate x509 = (X509Certificate) certs[0];
when i call from restful api. the certs is incorrect. it is 'swiftobjectstorage.us-ashburn-1.oraclecloud.com'.
I don't know why the behavior is not same. Do i need config something?
In order to use OCI Object Storage endpoints, your client needs to support "Server Name Indication" (SNI). When the client does not support SNI, you will get the default certificate, which is "swiftobjectstorage.[region-identifier].oraclecloud.com". It seems to be what is happening here.
With Java, SNI support has numerous caveats. Are you using the same Java version in these two tests?