Java 和 Tomcat Web 服务中的 SSL 握手问题

发布于 2024-10-17 11:51:35 字数 2163 浏览 8 评论 0原文

我必须使用我的 Java Web 应用程序（在 Tomcat 上运行）在 Axis 中完成的 Web 服务。制作 Web 服务的公司使用 HTTPS 和自签名证书进行测试。

我已经运行 Netbeans 向导来生成基于 WSDL 的 Web 服务，并且操作正确。如果我使用浏览器进入 Web 服务的网站，我会因为 SSL 证书而收到警告，并且我必须创建例外。

当尝试运行我的代码时，在建立 SSL 连接时出现异常。例外情况是：

com.sun.xml.ws.client.ClientTransportException：HTTP 传输错误：javax.net.ssl.SSLHandshakeException：收到致命警报：handshake_failure

和有时（不更改代码）

2。

com.sun.xml.ws.client.ClientTransportException：HTTP 传输错误：javax.net.ssl.SSLHandshakeException：sun.security.validator.ValidatorException：PKIX 路径构建失败：sun.security.provider.certpath.SunCertPathBuilderException：无法找到请求目标的有效认证路径

我想我必须将证书合并到 Java VM 和/或 Tomcat 中，并且还告诉忽略该证书不是受信任的来源。

如何做到这一点？如何正确使用这个安全的网络服务？

如果我提供的信息不够，请询问更多。

谢谢

Ezequiel

更新：

我已经尝试过这两件事，但都没有成功，例外情况是相同的。

选项 1)

System.setProperty("javax.net.ssl.trustStore","/home/serverapp/BSS-cert.p12");
System.setProperty("javax.net.ssl.trustStorePassword","password");
System.setProperty("javax.net.ssl.trustStoreType","PKCS12");

选项 2) KeyStore ks = KeyStore.getInstance( "pkcs12" ); ks.load( new FileInputStream("/home/serverapp/BSS-cert.p12"), "密码".toCharArray() );

    KeyStore jks = KeyStore.getInstance( "JKS" );
    jks.load( null );


    KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
    kmf.init( ks, "f0p6k9n2".toCharArray() );

    TrustManagerFactory tmf = TrustManagerFactory.getInstance( "SunX509" );
    tmf.init( jks );

    SSLContext ctx = SSLContext.getInstance( "TLS" );
    ctx.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null );

另外，我认为问题可能出在 Web 服务上，因此我尝试建立 HTTPS 连接，但在打开输入流时失败并出现相同的错误。

   String httpsURL = "https://serverurl:443/theservice?wsdl";
   URL myurl = new URL(httpsURL);
   HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
   InputStream ins = con.getInputStream();   //Exception here!
   InputStreamReader isr = new InputStreamReader(ins);
   BufferedReader in = new BufferedReader(isr);

原文

I have to consume a webservice done in Axis with my Java web application (that runs on Tomcat). The company that made the webservice uses HTTPS and a certificate self signed for testing.

I have run a Netbeans wizzard to generate a Webservice based on the WSDL, and that is done correctly. If I enter to the website of the webservice using a browser, I get a warning because of the SSL certificate, and I have to create an exception.

When trying to run my code, I get exceptions when the SSL connection is made. The exceptions are:

com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

and some times (without changing the code)

com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I imagine that I have to incorporate a certificate into the Java VM and/or Tomcat, and also tells to ignore that is not a trusted source.

How to do this? How to consume this secure webservice correctly?

If the information I provide is not enough, please ask for more.

Thanks

Ezequiel

UPDATE:

I have tried this two things, both without success, the exceptions are the same.

Option 1)

System.setProperty("javax.net.ssl.trustStore","/home/serverapp/BSS-cert.p12");
System.setProperty("javax.net.ssl.trustStorePassword","password");
System.setProperty("javax.net.ssl.trustStoreType","PKCS12");

Option 2)
KeyStore ks = KeyStore.getInstance( "pkcs12" );
ks.load( new FileInputStream("/home/serverapp/BSS-cert.p12"), "password".toCharArray() );

    KeyStore jks = KeyStore.getInstance( "JKS" );
    jks.load( null );


    KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
    kmf.init( ks, "f0p6k9n2".toCharArray() );

    TrustManagerFactory tmf = TrustManagerFactory.getInstance( "SunX509" );
    tmf.init( jks );

    SSLContext ctx = SSLContext.getInstance( "TLS" );
    ctx.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null );

Also, as I thought that may be the problem was the web service, I tried to stablish an HTTPS connection, and it fails with the same error when openning an input stream.

   String httpsURL = "https://serverurl:443/theservice?wsdl";
   URL myurl = new URL(httpsURL);
   HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
   InputStream ins = con.getInputStream();   //Exception here!
   InputStreamReader isr = new InputStreamReader(ins);
   BufferedReader in = new BufferedReader(isr);

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

攒一口袋星星 2024-10-24 11:51:35

这里有两种常见的方法：
http://ws.apache.org/xmlrpc/ssl.html
WebLogic 有自己的东西：
http://download.oracle.com/docs /cd/E12840_01/wls/docs103/security/SSL_client.html#wp1029670

回复收藏 0 原文

流云如水 2024-10-24 11:51:35

我认为您必须进行配置，使未签名的证书可以被信任。也许

回复收藏 0 原文

往事风中埋 2024-10-24 11:51:35

为了信任证书，您必须告诉 java 您信任签署该证书的证书颁发机构。对于自签名证书，即是证书本身。您需要将 javax.net.ssl.trustStore 系统属性设置为包含您要连接的服务器的证书的 CA 的密钥库。

当您获取证书以解决不受信任的连接错误时，您也许能够从浏览器获取证书。尝试找到一个选项以 PKCS12 格式导出证书，保存该文件。运行代码时，将 javax.net.ssl.trustStore 属性设置为刚刚保存的文件，并将 javax.net.ssl.trustStoreType 设置为 PKCS12。

回复收藏 0 原文