Java HTTPS Apache CFX上的Soap,用户证书身份验证不起作用
我们有一个在Tomcat上运行的服务器。此服务器连接到多个第三方服务 我开发并测试了与SOAP服务的连接。此服务要求客户端使用证书进行标识。第一个版本设置了以下属性:Java HTTPS Apache CFX上的Soap,用户证书身份验证不起作用,java,tomcat,ssl,soap,Java,Tomcat,Ssl,Soap,我们有一个在Tomcat上运行的服务器。此服务器连接到多个第三方服务 我开发并测试了与SOAP服务的连接。此服务要求客户端使用证书进行标识。第一个版本设置了以下属性: javax.net.ssl.trustStore javax.net.ssl.trustStorePassword javax.net.ssl.keyStore javax.net.ssl.keystrepassword javax.net.ssl.keyStoreType 我的代码在单独测试时可以工作,但是当我的代码集成到我
- javax.net.ssl.trustStore
- javax.net.ssl.trustStorePassword
- javax.net.ssl.keyStore
- javax.net.ssl.keystrepassword
- javax.net.ssl.keyStoreType
public NotaFiscalServiceSoap getNotaFiscalServiceSoap() throws IOException, GeneralSecurityException {
if(notaFiscalServiceSoap==null){
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean() ;
factory.setWsdlURL(municipio.getUrlWsdl().toString());
factory.setServiceClass(NotaFiscalServiceSoap.class);
factory.setServiceName(Q_NAME);
factory.setConduitSelector(getConduitSelector());
notaFiscalServiceSoap = factory.create(NotaFiscalServiceSoap.class);
}
return notaFiscalServiceSoap;
}
private ConduitSelector getConduitSelector() throws IOException, GeneralSecurityException {
ServiceInfo serviceInfo = new ServiceInfo();
serviceInfo.setTargetNamespace(NAMESPACE);
EndpointInfo endpointInfo = new EndpointInfo();
endpointInfo.setService(serviceInfo);
endpointInfo.setName(Q_NAME);
endpointInfo.setAddress(municipio.getUrlWsdl().toString());
URLConnectionHTTPConduit conduit = new URLConnectionHTTPConduit(null, endpointInfo);
conduit.setTlsClientParameters(getTLSClientParameters());
ConduitSelector selector = new UpfrontConduitSelector(conduit);
return selector;
}
private TLSClientParameters getTLSClientParameters() throws GeneralSecurityException, IOException{
KeyStoreType trustKeyStore = new KeyStoreType();
trustKeyStore.setFile(pathCertWsdl);
trustKeyStore.setPassword(passCertWsdl);
trustKeyStore.setType("jks");
TrustManagersType trustManagerType = new TrustManagersType();
trustManagerType.setKeyStore(trustKeyStore);
KeyStoreType keyStoreType = new KeyStoreType();
keyStoreType.setFile(pathCertA1);
keyStoreType.setPassword(passCertA1);
keyStoreType.setType("pkcs12");
KeyManagersType keyManagerType = new KeyManagersType();
keyManagerType.setKeyStore(keyStoreType);
keyManagerType.setKeyPassword(passCertA1);
TLSClientParametersType clientParametersType = new TLSClientParametersType();
clientParametersType.setTrustManagers(trustManagerType);
clientParametersType.setKeyManagers(keyManagerType);
clientParametersType.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
clientParametersType.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
return TLSClientParametersConfig.createTLSClientParametersFromType(clientParametersType);
}
例外情况
java.security.UnrecoverableKeyException: Password must not be null
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:132)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
...
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:87)
at org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean.buildServiceFromWSDL(ReflectionServiceFactoryBean.java:394)
...
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://issonline.vilavelha.es.gov.br/SistemaIss/WebService/NotaFiscalService.asmx?WSDL'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
...
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
...
java.security.UnrecoverableKeyException:密码不能为null
位于sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:132)
位于sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
位于sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
...
org.apache.cxf.service.factory.ServiceConstructionException:未能创建服务。
位于org.apache.cxf.wsdl11.WSDLServiceFactory.(WSDLServiceFactory.java:87)
位于org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean.buildServiceFromWSDL(ReflectionServiceFactoryBean.java:394)
...
原因:javax.wsdl.WSDLException:WSDLException:faultCode=PARSER\u错误:解析问题'https://issonline.vilavelha.es.gov.br/SistemaIss/WebService/NotaFiscalService.asmx?WSDL“:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径
位于com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
位于com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
位于com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
...
原因:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径
位于sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
位于sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
位于sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
...
原因:sun.security.validator.validator异常:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径
位于sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
位于sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
位于sun.security.validator.validator.validate(validator.java:260)
...
原因:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径
位于sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
位于sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
位于java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
...
我找到了解决问题的方法
我使用此URL作为参考: