Fatal编程技术网
  • java/
  • Java jax ws客户端双向SSL

Java jax ws客户端双向SSL

java web-services ssl soap

Java jax ws客户端双向SSL,java,web-services,ssl,soap,Java,Web Services,Ssl,Soap,我正在尝试创建JAX-WS客户端,以使用具有双向SSL身份验证的Java服务。我有两个.pfx证书,其中一个用于签名,一个用于传输,还有一个公钥.cer用于加密。我用wsdl2java工具创建了客户机,用portecle创建了keystore.jks,我把证书放在其中。我还有CA证书,我把它放在ProgramFiles/Java…/Security/cacerts trust store中的cacerts中。当我运行我的应用程序时,我得到了证书未知的响应,但在SOAP UI中使用相同的密钥库和证

我正在尝试创建JAX-WS客户端,以使用具有双向SSL身份验证的Java服务。我有两个.pfx证书,其中一个用于签名,一个用于传输,还有一个公钥.cer用于加密。我用wsdl2java工具创建了客户机,用portecle创建了keystore.jks,我把证书放在其中。我还有CA证书,我把它放在ProgramFiles/Java…/Security/cacerts trust store中的cacerts中。当我运行我的应用程序时,我得到了证书未知的响应,但在SOAP UI中使用相同的密钥库和证书,一切正常。这是我的密码:

 public static void main(String[] args) {

    System.setProperty("javax.net.ssl.trustStore", "C://Program Files//Java//jdk1.8.0_51//jre//lib//security//cacerts");
    System.setProperty("javax.net.ssl.keyStore", "D://workspace//java-workspace//Client//Certifikati//client.jks");
    System.setProperty("javax.net.ssl.keyStorePassword", "password");
    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
    System.setProperty("javax.net.ssl.keyStoreType", "JKS");
    System.setProperty("javax.net.ssl.trustStoreType", "JKS");
    System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "false");
    //System.setProperty("sun.security.ssl.allowLegacyHelloMessages", "false");
    System.setProperty("javax.net.debug", "ssl");
    System.setProperty("https.protocols", "SSLv3");
    //System.setProperty("com.sun.net.ssl.dhKeyExchangeFix", "true");


    WsService service = getService();

    MboRequest request = createRequest();
    MboResponse mboResponse = service.getUlosciByMbo(request);
    System.out.println(mboResponse);

}



private static MboRequest createRequest() {
    MboRequest request = new MboRequest();
    request.setDohvatiIpovijesnoStanje(Boolean.FALSE);
    request.setMbo("90445066");
    return request;
}

private static WsService getService() {
    WsService_Service serviceImpl = new WsService_Service();
    return serviceImpl.getWsServiceImplPort();
}

}
我得到一个错误:

    javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
        at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
        at org.apache.axis.client.Call.invoke(Call.java:2767)
        at org.apache.axis.client.Call.invoke(Call.java:2443)
        at org.apache.axis.client.Call.invoke(Call.java:2366)
        at org.apache.axis.client.Call.invoke(Call.java:1812)
        at org.springframework.www.schema.beans.WsServiceSoapBindingStub.getUlosciByMbo(WsServiceSoapBindingStub.java:588)
        at RunnerClass.main(RunnerClass.java:43)
    Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
        at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
        at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
        at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
        ... 11 more

Can you help me guys to make this client working please.
下面是来自soapui的图像

pfx密钥(我认为这是eclipse密钥库中的一个问题,但它在SOAP UI中工作?如何在jax ws客户端中实现二进制安全令牌?)

使用.cer公钥进行加密

您在Java代码中使用的证书不是您认为的证书,或者在Java代码中没有正确设置证书。尝试注释掉所有的
System.setProperty()
调用SLL并查看您得到了什么错误。我得到的原因是:javax.net.ssl.SSLHandshakeException:收到致命警报:当我删除注释时证书不正确所有属性但所有内容都在SOAP UI中使用相同的密钥库工作。请尝试检查命令行上的每个JKS文件:
keytool-list-v-keystore client.JKS
My current假设文件的格式是Java代码无法处理的,但SOAP UI可以处理。如果我将.cer公钥用于签名而不是.pfx,则线程“main”中会出现异常com.sun.xml.internal.ws.fault.ServerSOAPFaultException:客户端从服务器接收到SOAP错误:在处理标头时发现错误,前提是您在Java代码中使用的证书与您认为的不同,或者Java代码中的证书设置不正确。尝试注释掉所有的
System.setProperty()
调用SLL并查看您得到了什么错误。我得到的原因是:javax.net.ssl.SSLHandshakeException:收到致命警报:当我删除注释时证书不正确所有属性但所有内容都在SOAP UI中使用相同的密钥库工作。请尝试检查命令行上的每个JKS文件:
keytool-list-v-keystore client.JKS
My current假设文件的格式是Java代码无法处理的,但SOAP UI可以处理。如果我将.cer公钥用于签名而不是.pfx,则线程“main”中会出现异常com.sun.xml.internal.ws.fault.ServerSOAPFaultException:客户端从服务器接收到SOAP错误:处理标头时发现错误