SpringCXF管道SSL客户端指向Soap UI模拟服务_Spring_Web Services_Ssl_Cxf_Soapui

SpringCXF管道SSL客户端指向Soap UI模拟服务

spring web-services ssl

SpringCXF管道SSL客户端指向Soap UI模拟服务,spring,web-services,ssl,cxf,soapui,Spring,Web Services,Ssl,Cxf,Soapui,我目前正在开发一个Web服务客户端，它将使用SSL连接到第三方Web服务 Web服务客户端是使用Spring和ApacheCXF开发的我目前无法访问第三方web服务，因此我使用Soap UI提供模拟服务当我不尝试实现任何安全性时，客户端可以愉快地向模拟服务发送请求我的问题是当我尝试使用SSL保护客户端和服务器（服务器是模拟服务）之间的连接时这是我第一次尝试实现任何类型的安全连接，因此，如果我遗漏了一些基本内容，我深表歉意。但是，我花了数小时围绕该主题进行搜索，但都无济于事为了确保连接的

我目前正在开发一个Web服务客户端，它将使用SSL连接到第三方Web服务

Web服务客户端是使用Spring和ApacheCXF开发的

我目前无法访问第三方web服务，因此我使用Soap UI提供模拟服务

当我不尝试实现任何安全性时，客户端可以愉快地向模拟服务发送请求

我的问题是当我尝试使用SSL保护客户端和服务器（服务器是模拟服务）之间的连接时

这是我第一次尝试实现任何类型的安全连接，因此，如果我遗漏了一些基本内容，我深表歉意。但是，我花了数小时围绕该主题进行搜索，但都无济于事

为了确保连接的安全，我使用Java keytool实用程序为客户端和服务器创建了私钥、自签名证书和信任库：

keytool -genkey -alias clientKey -keyalg RSA -keypass changeit -storepass changeit -keystore clientKeyStore.jks

keytool -export -alias clientKey -storepass changeit -file client.cer -keystore clientKeyStore.jks

keytool -genkey -alias serverKey -keyalg RSA -keypass changeit -storepass changeit -keystore serverKeyStore.jks

keytool -export -alias serverKey -storepass changeit -file server.cer -keystore serverKeyStore.jks

我已将两个密钥中的证书添加到两个信任存储：

keytool -import -v -trustcacerts -alias clientKey -file client.cer -keystore serverCaCerts.jks -keypass changeit

keytool -import -v -trustcacerts -alias clientKey -file client.cer -keystore clientCaCerts.jks -keypass changeit

keytool -import -v -trustcacerts -alias serverKey -file server.cer -keystore serverCaCerts.jks -keypass changeit

keytool -import -v -trustcacerts -alias serverKey -file server.cer -keystore clientCaCerts.jks -keypass changeit

然后，我在soapui中配置了模拟服务以使用SSL安全性

KeyStore: C:\javaSecurity\serverKeyStore.jks
KeyStore Password: changeit
Enable Mock SSL: True (enable SSL for Mock Services)
Mock Port: 8443
Mock KeyStore: C:\javaSecurity\serverKeyStore.jks
Mock Password: changeit
Mock Key Password: changeit
Mock TrustStore: C:\javaSecurity\serverCaCerts.jks
Mock TrustStore Password: changeit
Client Authentication: false(does not require client authentication)

然后，我在客户端的applicationContext.xml中设置了以下配置：

<http:conduit name="*.http-conduit">
    <http:tlsClientParameters secureSocketProtocol="SSL" disableCNCheck="true">
        <sec:keyManagers keyPassword="changeit">
            <sec:keyStore type="JKS" password="changeit"
                          file="C:\\javaSecurity\\clientKeyStore.jks"/>
        </sec:keyManagers>
        <sec:trustManagers>
            <sec:keyStore type="JKS" password="changeit"
                          file="C:\\javaSecurity\\clientCaCerts.jks"/>
        </sec:trustManagers>
    </http:tlsClientParameters>

    <http:client AutoRedirect="true" Connection="Keep-Alive"/>
</http:conduit>

2014-01-28 14:17:36,094 DEBUG [ServiceThread] (LogUtils.java:443) - The SSL_RSA_EXPORT_WITH_DES40_CBC_SHA cipher suite is included by the filter.
2014-01-28 14:17:36,098 DEBUG [ServiceThread] (LogUtils.java:443) - The SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA cipher suite is included by the filter.
2014-01-28 14:17:36,099 DEBUG [ServiceThread] (LogUtils.java:443) - The SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA cipher suite is included by the filter.
2014-01-28 14:17:36,099 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_EMPTY_RENEGOTIATION_INFO_SCSV cipher suite is included by the filter.
2014-01-28 14:17:36,099 DEBUG [ServiceThread] (LogUtils.java:443) - The SSL_RSA_WITH_NULL_MD5 cipher suite is excluded by the filter.
2014-01-28 14:17:36,099 DEBUG [ServiceThread] (LogUtils.java:443) - The SSL_RSA_WITH_NULL_SHA cipher suite is excluded by the filter.
2014-01-28 14:17:36,099 DEBUG [ServiceThread] (LogUtils.java:443) - The SSL_DH_anon_WITH_RC4_128_MD5 cipher suite is excluded by the filter.
2014-01-28 14:17:36,100 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_DH_anon_WITH_AES_128_CBC_SHA cipher suite is excluded by the filter.
2014-01-28 14:17:36,100 DEBUG [ServiceThread] (LogUtils.java:443) - The SSL_DH_anon_WITH_3DES_EDE_CBC_SHA cipher suite is excluded by the filter.
2014-01-28 14:17:36,100 DEBUG [ServiceThread] (LogUtils.java:443) - The SSL_DH_anon_WITH_DES_CBC_SHA cipher suite is excluded by the filter.
2014-01-28 14:17:36,100 DEBUG [ServiceThread] (LogUtils.java:443) - The SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 cipher suite is excluded by the filter.
2014-01-28 14:17:36,101 DEBUG [ServiceThread] (LogUtils.java:443) - The SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA cipher suite is excluded by the filter.
2014-01-28 14:17:36,101 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_KRB5_WITH_RC4_128_SHA cipher suite is included by the filter.
2014-01-28 14:17:36,101 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_KRB5_WITH_RC4_128_MD5 cipher suite is included by the filter.
2014-01-28 14:17:36,101 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_KRB5_WITH_3DES_EDE_CBC_SHA cipher suite is included by the filter.
2014-01-28 14:17:36,102 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_KRB5_WITH_3DES_EDE_CBC_MD5 cipher suite is included by the filter.
2014-01-28 14:17:36,102 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_KRB5_WITH_DES_CBC_SHA cipher suite is included by the filter.
2014-01-28 14:17:36,102 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_KRB5_WITH_DES_CBC_MD5 cipher suite is included by the filter.
2014-01-28 14:17:36,103 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_KRB5_EXPORT_WITH_RC4_40_SHA cipher suite is included by the filter.
2014-01-28 14:17:36,104 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_KRB5_EXPORT_WITH_RC4_40_MD5 cipher suite is included by the filter.
2014-01-28 14:17:36,104 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA cipher suite is included by the filter.
2014-01-28 14:17:36,104 DEBUG [ServiceThread] (LogUtils.java:443) - The TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 cipher suite is included by the filter.
2014-01-28 14:17:36,104 DEBUG [ServiceThread] (LogUtils.java:443) - The enabled cipher suites have been filtered down to [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5].
2014-01-28 14:17:36,105 DEBUG [ServiceThread] (LogUtils.java:443) - The excluded cipher suites have been filtered down to [SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_NULL_SHA, SSL_DH_anon_WITH_RC4_128_MD5, TLS_DH_anon_WITH_AES_128_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA].  
2014-01-28 14:17:36,107 DEBUG [ServiceThread] (LogUtils.java:443) - The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.  
2014-01-28 14:17:36,107 DEBUG [ServiceThread] (Headers.java:257) - Accept: */*
2014-01-28 14:17:36,107 DEBUG [ServiceThread] (HTTPConduit.java:1707) - No Trust Decider for Conduit '{http://cxf.apache.org}TransportURIResolver.http-conduit'. An afirmative Trust Decision is assumed.
2014-01-28 14:17:36,247 DEBUG [ServiceThread] (DefaultResourceManager.java:103) - resolving resource <https://pc-1049:8443/mockServiceSOAPBinding?WSDL> as stream 
2014-01-28 14:17:36,248 DEBUG [ServiceThread] (DefaultResourceManager.java:103) - resolving resource <https://pc-1049:8443/mockServiceSOAPBinding?WSDL> type <class java.net.URL>
2014-01-28 14:17:36,248 DEBUG [ServiceThread] (HTTPConduit.java:895) - Conduit '{http://cxf.apache.org}TransportURIResolver.http-conduit' has been (re)configured for plain http.
2014-01-28 14:17:36,249 DEBUG [ServiceThread] (HTTPConduit.java:361) - No Trust Decider configured for Conduit '{http://cxf.apache.org}TransportURIResolver.http-conduit'
2014-01-28 14:17:36,249 DEBUG [ServiceThread] (HTTPConduit.java:374) - No Auth Supplier configured for Conduit '{http://cxf.apache.org}TransportURIResolver.http-conduit'
2014-01-28 14:17:36,249 DEBUG [ServiceThread] (HTTPConduit.java:393) - Conduit '{http://cxf.apache.org}TransportURIResolver.http-conduit' has been configured for plain http.
2014-01-28 14:17:36,249 DEBUG [ServiceThread] (AbstractObservable.java:46) - registering incoming observer: org.apache.cxf.transport.TransportURIResolver$1@76e1db

有人能帮我指出我可能遗漏了什么吗

正如我前面提到的，我在这方面没有太多的经验，所以请不要认为有什么太基本的东西不值得一提——如果我没有提到，我很可能会错过它

提前感谢所有回复的人。

这个问题的原因原来是我定义http:conduct设置的地方

我在applicationContext.xml中包含了http管道定义

事实上，它需要在类路径上的一个单独的cxf.xml文件中定义。

我一直在尝试进行此操作，并尝试完全按照此处所示重新创建密钥：我仍然得到相同的行为-这让我认为问题不在于密钥，而在于管道配置？错误“No Trust Decider”和“No Auth Supplier”看起来可能是由于未注意applicationContext.xml引起的。

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)