WSDL 客户端身份验证和多个证书
因此,我在 wsdls 和在 java 中选择多个证书方面遇到了一些问题。例如,智能卡上有多个证书,用于签名、加密、识别。我有一个 WSDL,可以生成客户端身份验证连接的代码,但据我所知,您可以通过设置属性为 wsdl 提供密钥库的路径,就像这样
System.setProperty("javax.net.ssl.keyStore",
keyStore);
System.setProperty("javax.net.ssl.keyStorePassword",
keyStorePassword);
我正在遵循这个 教程。 现在,对于密钥库中的多个证书(例如智能卡中的多个证书),这会出现问题,因为无法指定要在该智能卡上使用哪个证书。看起来 wsdl 选择了密钥库中的第一个证书,这可能是用于身份验证的错误证书。
我的问题有两个:
除了执行 System.setProperty 之外,还有其他方法来告诉 wsdl 使用哪个证书吗?由于大部分代码是由 wsdl 使用
wsconsume生成的,我可以做什么来指定哪个证书?System.setProperty()只允许您指定路径。有没有办法指定一个对象?我从智能卡获取证书的方法是使用 SunPKCS11 类(如 此处)。但是,这会返回给我一个密钥库对象,并且据我所知System.setProperty()需要一条路径。
感谢您的帮助!
So I'm running into a bit of an issue here with wsdls and selecting multiple certs in java. A smartcard, for example, has multiple certs on it, for signing, encryption, identification. I have a WSDL that generates the code for the client auth connection but as far as I can tell, you give the wsdl a path to the keystore by setting the property, like this
System.setProperty("javax.net.ssl.keyStore",
keyStore);
System.setProperty("javax.net.ssl.keyStorePassword",
keyStorePassword);
I'm following this tutorial.
Now, for multiple certs in a keystore, like in a smart card, this presents a problem because there's no way to specify WHICH cert you want to use on that smartcard. It looks like the wsdl selects the first cert in the keystore, which might be the wrong certificate to authenticate with.
My question is 2-fold:
Is there a way other than doing a
System.setPropertyto tell the wsdl which certificate to use? What can I do to specify which cert since most of the code is generated by the wsdl usingwsconsume?The
System.setProperty()only allows you to specify a path. Is there a way to specify an object? The way I am getting the certificates off of the smartcard is by using SunPKCS11 class (as found here). However, this returns to me a keystore object, and as far as I knowSystem.setProperty()wants a path.
Thanks for your help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我终于找到了我的问题的答案。请记住,我正在使用 CXF。
因此,当我在 wsdl 上调用 wsdl2java 时,我会得到一堆生成的代码。有两个特别处理授权的部分,恰当地命名为 Authorization 和 AuthorizationService。在我的代码中,为了调用这些链接,我执行以下操作
此时,您需要通过从所选证书创建新的密钥库来构建您自己的 keyManager 和 trustmanager。一个很好的起点是 this
然后你需要构造 TLSClientParameters
然后创建你的 HTTPConduit。
然后您可以将您的网络服务与您的用户选择的证书一起使用。
I finally found the answer to my question. Keep in mind I'm using CXF.
So when I call wsdl2java on the wsdl, I get a bunch of generated code. There are two pieces in particular that handle authorization aptly named Authorization and AuthorizationService. In my code, in order to call these links, I do the following
At this point, you'll need to construct your own keyManager and trustmanager by creating a new keystore from the chosen certificate. A good place to get started is this
Then you need to construct TLSClientParameters
Then create your HTTPConduit.
And then you can use your web service with the cert that your user has selected.