Reputation: 51
Can't access Buckets on S3 using AWS S3 Java API using HTTPS
Trying to access our local S3 storage I first ran into a problem with a missing certificate:
Exception in thread "main" com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Switching the cert checking off:
System.setProperty(SDKGlobalConfiguration.DISABLE_CERT_CHECKING_SYSTEM_PROPERTY, "true");
I managed 'connecting' to the server. But this doesn't yield any results (aka an empty list), using the code below. Pretty simple so far.
Both the endpoint, as well as the bucket name should be correct, as I cut'n'pastedd them out of my (working) S3 browser.
Credentials seem to be correct, too, as I'm running in a 404 when I mess those up. Again - copied those from y S3 broswer.
Using the S3 browser, I can access the bucket, add files an so on.
When running List<Bucket> buckets = s3Client.listBuckets(); it simply returns an empty list - without any exception.
Console output is:
Juli 03, 2019 8:48:07 NACHM. com.amazonaws.http.AmazonHttpClient createSocketFactoryRegistry WARNUNG: SSL Certificate checking for endpoints has been explicitly disabled. Juli 03, 2019 8:48:08 NACHM. com.amazonaws.auth.profile.internal.BasicProfileConfigLoader loadProfiles WARNUNG: Your profile name includes a 'profile ' prefix. This is considered part of the profile name in the Java SDK, so you will need to include this prefix in your profile name when you reference this profile from your Java code. Juli 03, 2019 8:48:08 NACHM. com.amazonaws.auth.profile.internal.BasicProfileConfigLoader loadProfiles WARNUNG: Your profile name includes a 'profile ' prefix. This is considered part of the profile name in the Java SDK, so you will need to include this prefix in your profile name when you reference this profile from your Java code. Juli 03, 2019 8:48:23 NACHM. com.amazonaws.http.AmazonHttpClient createSocketFactoryRegistry WARNUNG: SSL Certificate checking for endpoints has been explicitly disabled.
Any advice?
System.setProperty(SDKGlobalConfiguration.DISABLE_CERT_CHECKING_SYSTEM_PROPERTY, "true");
String accessKey = "myaccess";
String secretKey = "mysecret";
AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
ClientConfiguration clientConfig = new ClientConfiguration();
clientConfig.setProtocol(Protocol.HTTPS);
EndpointConfiguration endpointConfig = new EndpointConfiguration("endpoint.com", Regions.EU_CENTRAL_1.getName());
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(credentials))
//.withRegion(defaultRegion)
.withEndpointConfiguration(endpointConfig)
.build();
List<Bucket> buckets = s3Client.listBuckets();
for (Bucket bucket : buckets) {
System.out.println(
bucket.getName() +
"\t" +
StringUtils.fromDate(bucket.getCreationDate())
);
}
When running List<Bucket> buckets = s3Client.listBuckets(); it simply returns an empty list - without any exception.
There are (according to the S3 browser) 2 files in this bucket's root.
Console output is:
Juli 03, 2019 8:48:07 NACHM. com.amazonaws.http.AmazonHttpClient createSocketFactoryRegistry WARNUNG: SSL Certificate checking for endpoints has been explicitly disabled. Juli 03, 2019 8:48:08 NACHM. com.amazonaws.auth.profile.internal.BasicProfileConfigLoader loadProfiles WARNUNG: Your profile name includes a 'profile ' prefix. This is considered part of the profile name in the Java SDK, so you will need to include this prefix in your profile name when you reference this profile from your Java code. Juli 03, 2019 8:48:08 NACHM. com.amazonaws.auth.profile.internal.BasicProfileConfigLoader loadProfiles WARNUNG: Your profile name includes a 'profile ' prefix. This is considered part of the profile name in the Java SDK, so you will need to include this prefix in your profile name when you reference this profile from your Java code. Juli 03, 2019 8:48:23 NACHM. com.amazonaws.http.AmazonHttpClient createSocketFactoryRegistry WARNUNG: SSL Certificate checking for endpoints has been explicitly disabled.
Any advice?
Upvotes: 1
Views: 8826
Answers (1)
Reputation: 51
so I'm finally answering myself.
Disabling the endpoint verification using
System.setProperty(SDKGlobalConfiguration.DISABLE_CERT_CHECKING_SYSTEM_PROPERTY, "true");
works like a charm. The problem had 2 reasons:
- My account didn't have the permissions listing the buckets (no idea why, won't happen when accessing an AWS S3).
- I didn't supply the bucket name correctly, as I had to add a leading "/" to the bucket name.
Point 1 could be solved accessing an object listing:
ObjectListing objects = conn.listObjects("/my_bucket_name");
Point 2 could obviously solved by adding a leading "/" to the bucket name.
Cheers,
Olli
Upvotes: 4
Related Questions
- Can't use Amazon S3 API over SSL?
- AWS S3 Java Access Denied Service: Amazon S3; Status Code: 403; Error Code: AccessDenied;
- Problems in accessing S3 via AWS Java SDK
- How to resolve AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: null) using java
- SSL problems with S3/AWS using the Java API: "hostname in certificate didn't match"
- s3fs unable to mount bucket
- Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: xxxxxxxxxxxxx)
- Accessing Amazon s3 bucket via Amazon console which is created via java api
- AWS S3 access denied
- AWS S3 peer not authenticated