java 使用密钥库文件为 SOAP WS 运行客户端
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17347111/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Use keystore file to run client for a SOAP WS
提问by user1241320
I was given a SOAP WS to work with. They gave me the wsdl file from which I was able to create client stub (I've used wsdl2java utility within cxf).
我得到了一个 SOAP WS 来使用。他们给了我 wsdl 文件,我可以从中创建客户端存根(我在 cxf 中使用了 wsdl2java 实用程序)。
With that wsdl I was also give a .keystore file and the thing is I do know know how to add it to my keytool (is this is even the right way of putting it?).
有了那个 wsdl,我还得到了一个 .keystore 文件,问题是我知道如何将它添加到我的 keytool(这是否是正确的放置方式?)。
I've built a junittest that I run to test my client but I constantly get
我已经建立了一个junit测试,我运行它来测试我的客户端,但我不断得到
HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
HTTP 传输错误:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效认证路径
Where can I find an easy guide on what to do with this .keystore file?
在哪里可以找到有关如何处理此 .keystore 文件的简单指南?
Thanks
谢谢
回答by user1573133
The error means that the server certificate could not be found in your truststore. Check the contents of the .keystore file to see whether it contains the server certificate (listed as trustedEntry in your truststore). If yes, set the following system properties (either using -D JVM parameter or System.setProperty()).
该错误意味着在您的信任库中找不到服务器证书。检查 .keystore 文件的内容以查看它是否包含服务器证书(在您的信任库中列为trustedEntry)。如果是,请设置以下系统属性(使用 -D JVM 参数或 System.setProperty())。
javax.net.ssl.trustStore=<<your .keystore>>
javax.net.ssl.trustStorePassword=<<keystore password>>
If these properties are not set, the default ones will be picked up from your the default location.[$JAVA_HOME/lib/security/jssecacerts, $JAVA_HOME/lib/security/cacerts]
如果未设置这些属性,将从您的默认位置获取默认属性。[$JAVA_HOME/lib/security/jssecacerts, $JAVA_HOME/lib/security/cacerts]
To view the contents of keystore file, use
要查看密钥库文件的内容,请使用
keytool -list -v -keystore file.keystore -storepass mypassword
To debug the ssl handshake process and view the certificates, set the VM parameter -Djavax.net.debug=all
调试ssl握手过程和查看证书,设置VM参数-Djavax.net.debug=all
If the web service requires 2 way SSL, the client needs to send its identity (picked up from your keystore). In this case, your .keystore will contain a privateKeyEntry which will be sent to the server during handshake process. To configure this, set the JVMM properties javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword to point to your keystore.
如果 Web 服务需要 2 路 SSL,则客户端需要发送其身份(从您的密钥库中获取)。在这种情况下,您的 .keystore 将包含一个 privateKeyEntry,它将在握手过程中发送到服务器。要对此进行配置,请将 JVMM 属性 javax.net.ssl.keyStore 和 javax.net.ssl.keyStorePassword 设置为指向您的密钥库。
回答by Gaucho
The next works for me:
下一个对我有用:
Application server configuration. Apache Tomcat/7.0.52. server.xml: set clientAuth="true"in the https connector.
Application server configuration. Apache Tomcat/7.0.52. tomcat-users.xml: crate a user with the DN of the user as it appears in your certificate (subject)
Web service JAX-WS web service eclipse tutorial. Thanks Arpit! Add it a security constraint in the deployment descriptor (web.xml)
Client. Generated with apache-cxf maven plugin.
Main class:
HelloWorldImplService helloWorldImplService = new HelloWorldImplService(); HelloWorld helloWorld = helloWorldImplService.getHelloWorldImplPort(); SayHelloWorld parameters = new SayHelloWorld(); parameters.setArg0("World"); SayHelloWorldResponse helloWorldResponse = helloWorld.sayHelloWorld(parameters); System.out.println(helloWorldResponse.getReturn());Client JVM options:
-Djavax.net.ssl.trustStore=/xxxx/cacerts.jks -Djavax.net.ssl.trustStorePassword=xxxx -Djavax.net.ssl.keyStore=/xxx/user.jks -Djavax.net.ssl.keyStorePassword=xxxx
应用服务器配置。Apache Tomcat/7.0.52。server.xml:在 https 连接器中设置clientAuth="true"。
应用服务器配置。Apache Tomcat/7.0.52。tomcat-users.xml:使用出现在您的证书(主题)中的用户 DN 来创建用户
Web 服务JAX-WS Web 服务 Eclipse 教程。谢谢阿皮特!在部署描述符 (web.xml) 中添加一个安全约束
客户。使用 apache-cxf maven 插件生成。
主类:
HelloWorldImplService helloWorldImplService = new HelloWorldImplService(); HelloWorld helloWorld = helloWorldImplService.getHelloWorldImplPort(); SayHelloWorld parameters = new SayHelloWorld(); parameters.setArg0("World"); SayHelloWorldResponse helloWorldResponse = helloWorld.sayHelloWorld(parameters); System.out.println(helloWorldResponse.getReturn());客户端 JVM 选项:
-Djavax.net.ssl.trustStore=/xxxx/cacerts.jks -Djavax.net.ssl.trustStorePassword=xxxx -Djavax.net.ssl.keyStore=/xxx/user.jks -Djavax.net.ssl.keyStorePassword=xxxx
You can take a look here: Java SOAP client with certificate authentication
回答by Juned Ahsan
An excellent blog to help you understand the keystores and certificates imports required for HTTPS SSL handshake:
一个优秀的博客,可帮助您了解 HTTPS SSL 握手所需的密钥库和证书导入:
http://ruchirawageesha.blogspot.in/2010/07/how-to-create-clientserver-keystores.html
http://ruchirawageesha.blogspot.in/2010/07/how-to-create-clientserver-keystores.html
Hope it helps you to setup ur client keystore correctly in order to call the web services. Good Luck!
希望它可以帮助您正确设置您的客户端密钥库以调用 Web 服务。祝你好运!
