UOS下使用Spring RestTemplate，添加如下依賴：

    @Bean
    public RestTemplate restTemplate(RestTemplateBuilder restTemplateBuilder) {
        return restTemplateBuilder
                .setConnectTimeout(Duration.ofMillis(5000L))
                .setReadTimeout(Duration.ofMillis(30000L))
                .build();
    }

在啟動(dòng)的時(shí)候會(huì)遇到如下報(bào)錯(cuò)：

Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.web.client.RestTemplate]: Factory method 'restTemplate' threw exception; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.http.client.OkHttp3ClientHttpRequestFactory]: Constructor threw exception; nested exception is java.lang.AssertionError: No System TLS

原因

究其原因，是因?yàn)閁OS自帶了國密證書，國密證書使用了自有的橢圓曲線，所以無法使用JDK自帶的java.security解析證書。

比如運(yùn)行如下命令：

sudo update-ca-certificates

會(huì)有如下報(bào)錯(cuò)：

Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

Exception in thread "main" java.security.cert.CertificateParsingException: java.io.IOException: Unknown named curve: 1.2.156.10197.1.301
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1804)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:760)
at sun.security.provider.JavaKeyStoreDualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.debian.security.KeyStoreHandler.load(KeyStoreHandler.java:66)
at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:52)
at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
Caused by: java.io.IOException: Unknown named curve: 1.2.156.10197.1.301
at sun.security.ec.ECParameters.engineInit(ECParameters.java:143)
at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132)
at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372)
at sun.security.x509.X509Key.parse(X509Key.java:168)
at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:667)
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:167)
... 13 more
E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
done.

解決方案

方案一（推薦）

修改$JAVA_HOME/jre/lib/security/java.security，去掉SunEC，替換成BouncyCastleProvider：

#security.provider.3=sun.security.ec.SunEC
security.provider.3=org.bouncycastle.jce.provider.BouncyCastleProvider

方案二

參考 https://blog.csdn.net/zhangji261/article/details/107723719

    static {
       Security.removeProvider("SunEC");
   }

方案三

參考 https://blog.csdn.net/SkyChaserYu/article/details/109157266
參考 http://people.eecs.berkeley.edu/~jonah/bc/org/bouncycastle/jce/provider/BouncyCastleProvider.html

要在運(yùn)行時(shí)添加提供程序，請(qǐng)使用：

        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15on</artifactId>
            <version>1.61</version>
        </dependency>

 import java.security.Security;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;

 Security.addProvider(new BouncyCastleProvider());

2023年3月30日更新：

貌似最新版UOS不出現(xiàn)這個(gè)問題了。