Fatal编程技术网
  • java/
  • Java 启用双向SSL的终结点的握手失败

Java 启用双向SSL的终结点的握手失败

java spring ssl

Java 启用双向SSL的终结点的握手失败,java,spring,ssl,Java,Spring,Ssl,我一直在尝试连接到启用了双向SSL的服务端点。我正在使用SpringRESTTemplate。我已将证书添加到密钥库中,但出现以下错误: >org.springframework.web.client.ResourceAccessException: I/O error on POST request for "path":Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLExcept

我一直在尝试连接到启用了双向SSL的服务端点。我正在使用SpringRESTTemplate。我已将证书添加到密钥库中,但出现以下错误:

>org.springframework.web.client.ResourceAccessException: I/O error on POST request for "path":Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLException: Received fatal alert: handshake_failure
I enabled the SSL debus logs and in the logs I can see the warning as well:
<BEA-000000> <Warning: no suitable certificate found - continuing without client authentication>
肥皂:

BindingProvider BindingProvider=(BindingProvider)服务;
bindingProvider.getRequestContext().put(bindingProvider.ENDPOINT\u ADDRESS\u属性,filenetWsUrl);
Map headers=newhashmap();
headers.put(“X-APPCERT”、Arrays.asList(StringUtils.trimToEmpty(PropertyUtil.getProperty(“FILENET\u APP\u CERT”)));
bindingProvider.getRequestContext().put(MessageContext.HTTP_请求_头,头);
bindingProvider.getRequestContext().put(bindingProvider.ENDPOINT\u ADDRESS\u属性,filenetWsUrl);
SSLContext sc=SSLContext.getInstance(StringUtils.trimToEmpty(PropertyUtil.getProperty(“SSL\U上下文”));
KeyManagerFactory=KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore KeyStore=KeyStore.getInstance(KeyStore.getDefaultType());
load(新文件输入流(PropertyUtil.getProperty(“JKS_LOC_值”)),jksPwd);
init(密钥库,jksPwd);
sc.init(factory.getKeyManager(),null,null);
//sc.init(factory.getKeyManager(),null,null);
//端信任存储
((BindingProvider)services.getRequestContext().put(JAXWSProperties.SSL_SOCKET_FACTORY,sc.getSocketFactory());
我检查了密钥库文件的权限,看起来不错。如果我切换到单向SSL端点,那么它也可以正常工作。我的Java运行时间是1.8.0_144,我的应用服务器是WebLogic 12.2.1.3

谁能帮我一下吗?

这里有几件事你需要检查一下

  • 检查您的证书链是否正确创建
  • 将您的证书添加到CACERTS文件,并将weblogic配置为指向CACERTS文件
    这绝对可以解决你的问题

    这是我第一次尝试,但没有运气。另外,如果CACERTS有任何问题,即使REST调用也不应该工作。我正在使用相同的身份验证对同一web服务端点进行REST调用,但使用HTTP GET的REST cal除外。@Sumit您没有使用TLSv1,对吗?如果您这样做了,那么在Java7之后就不支持这样做了。您可能需要升级到最新的TLS版本。我使用的是TLSv1.2,Java版本是1.8.0。有关服务器警报的最佳信息来自服务器。如果你不能得到它,而且因为这显然只发生在“双向”(客户端身份验证)上,如果你得到一个跟踪(使用javax.net.debug=ssl或在线),并且它显示在客户端第二次飞行(Cert、CKX、CVer、CCS、Finished)后发出的警报,那么可能是你客户端的证书链;仔细看看,想象一个服务器可能不喜欢的几十件事情,然后开始经历它们。 
    ObjectMapper mapper = new ObjectMapper();
ServReqRespLogMgr reqRespLogMgr = (ServReqRespLogMgr)UtilityMgr.getBean("servReqRespLogMgr");
SSLContext sc = SSLContext.getInstance(StringUtils.trimToEmpty(PropertyUtil.getProperty("SSL_CONTEXT")));
        PasswordEncryptor pe = new PasswordEncryptor();
KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(PropertyUtil.getProperty("JKS_LOC_VALUE")), pe.decrypt(PropertyUtil.getProperty(IConstants.JKS_PWD_VALUE)).toCharArray());

factory.init(keyStore, pe.decrypt(PropertyUtil.getProperty(IConstants.JKS_PWD_VALUE)).toCharArray());

sc.init(factory.getKeyManagers(), null, null);
CloseableHttpClient httpClient = HttpClients.custom().setSSLContext(sc).build();
        ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);

RestTemplate restTemplate = new RestTemplate(requestFactory);
        HttpHeaders headers = new HttpHeaders();

    BindingProvider bindingProvider = (BindingProvider) services;
bindingProvider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, filenetWsUrl);
Map<String, List<String>> headers = new HashMap<String, List<String>>();
headers.put("X-APPCERT", Arrays.asList(StringUtils.trimToEmpty(PropertyUtil.getProperty("FILENET_APP_CERT"))));
bindingProvider.getRequestContext().put(MessageContext.HTTP_REQUEST_HEADERS,headers);
bindingProvider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, filenetWsUrl); 
SSLContext sc = SSLContext.getInstance(StringUtils.trimToEmpty(PropertyUtil.getProperty("SSL_CONTEXT")));

KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(PropertyUtil.getProperty("JKS_LOC_VALUE")), jksPwd);

factory.init(keyStore, jksPwd);


sc.init(factory.getKeyManagers(), null, null);

//sc.init(factory.getKeyManagers(), null, null);
//End Trust Store

((BindingProvider) services).getRequestContext().put(JAXWSProperties.SSL_SOCKET_FACTORY, sc.getSocketFactory());