Java jax ws客户端双向SSL
我正在尝试创建JAX-WS客户端,以使用具有双向SSL身份验证的Java服务。我有两个.pfx证书,其中一个用于签名,一个用于传输,还有一个公钥.cer用于加密。我用wsdl2java工具创建了客户机,用portecle创建了keystore.jks,我把证书放在其中。我还有CA证书,我把它放在ProgramFiles/Java…/Security/cacerts trust store中的cacerts中。当我运行我的应用程序时,我得到了证书未知的响应,但在SOAP UI中使用相同的密钥库和证书,一切正常。这是我的密码:Java jax ws客户端双向SSL,java,web-services,ssl,soap,Java,Web Services,Ssl,Soap,我正在尝试创建JAX-WS客户端,以使用具有双向SSL身份验证的Java服务。我有两个.pfx证书,其中一个用于签名,一个用于传输,还有一个公钥.cer用于加密。我用wsdl2java工具创建了客户机,用portecle创建了keystore.jks,我把证书放在其中。我还有CA证书,我把它放在ProgramFiles/Java…/Security/cacerts trust store中的cacerts中。当我运行我的应用程序时,我得到了证书未知的响应,但在SOAP UI中使用相同的密钥库和证
public static void main(String[] args) {
System.setProperty("javax.net.ssl.trustStore", "C://Program Files//Java//jdk1.8.0_51//jre//lib//security//cacerts");
System.setProperty("javax.net.ssl.keyStore", "D://workspace//java-workspace//Client//Certifikati//client.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "false");
//System.setProperty("sun.security.ssl.allowLegacyHelloMessages", "false");
System.setProperty("javax.net.debug", "ssl");
System.setProperty("https.protocols", "SSLv3");
//System.setProperty("com.sun.net.ssl.dhKeyExchangeFix", "true");
WsService service = getService();
MboRequest request = createRequest();
MboResponse mboResponse = service.getUlosciByMbo(request);
System.out.println(mboResponse);
}
private static MboRequest createRequest() {
MboRequest request = new MboRequest();
request.setDohvatiIpovijesnoStanje(Boolean.FALSE);
request.setMbo("90445066");
return request;
}
private static WsService getService() {
WsService_Service serviceImpl = new WsService_Service();
return serviceImpl.getWsServiceImplPort();
}
}
我得到一个错误:
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at org.springframework.www.schema.beans.WsServiceSoapBindingStub.getUlosciByMbo(WsServiceSoapBindingStub.java:588)
at RunnerClass.main(RunnerClass.java:43)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
... 11 more
Can you help me guys to make this client working please.
下面是来自soapui的图像
pfx密钥(我认为这是eclipse密钥库中的一个问题,但它在SOAP UI中工作?如何在jax ws客户端中实现二进制安全令牌?)
使用.cer公钥进行加密
您在Java代码中使用的证书不是您认为的证书,或者在Java代码中没有正确设置证书。尝试注释掉所有的
System.setProperty()
调用SLL并查看您得到了什么错误。我得到的原因是:javax.net.ssl.SSLHandshakeException:收到致命警报:当我删除注释时证书不正确所有属性但所有内容都在SOAP UI中使用相同的密钥库工作。请尝试检查命令行上的每个JKS文件:keytool-list-v-keystore client.JKS
My current假设文件的格式是Java代码无法处理的,但SOAP UI可以处理。如果我将.cer公钥用于签名而不是.pfx,则线程“main”中会出现异常com.sun.xml.internal.ws.fault.ServerSOAPFaultException:客户端从服务器接收到SOAP错误:在处理标头时发现错误,前提是您在Java代码中使用的证书与您认为的不同,或者Java代码中的证书设置不正确。尝试注释掉所有的System.setProperty()
调用SLL并查看您得到了什么错误。我得到的原因是:javax.net.ssl.SSLHandshakeException:收到致命警报:当我删除注释时证书不正确所有属性但所有内容都在SOAP UI中使用相同的密钥库工作。请尝试检查命令行上的每个JKS文件:keytool-list-v-keystore client.JKS
My current假设文件的格式是Java代码无法处理的,但SOAP UI可以处理。如果我将.cer公钥用于签名而不是.pfx,则线程“main”中会出现异常com.sun.xml.internal.ws.fault.ServerSOAPFaultException:客户端从服务器接收到SOAP错误:处理标头时发现错误