Axis2 / Rampart客户端自签名证书

时间:2012-06-21 10:48:20

标签: java ssl certificate axis2 rampart

我正在尝试使用安全客户端访问Web服务。

我生成了两个文件:

nb19200.pkcs12

server.jks

我将服务器密钥库粘贴到tomcat中并将pkcs12上传到我的浏览器,一切正常。

现在,在我的客户端应用程序中,我尝试了以下内容:

首先,导出服务器证书,我使用了以下命令:

keytool -exportcert -alias servercert -file servercert.cer -keystore server.jks -storepass * *

然后将其导入到没有任何内容的密钥库中:

keytool -importcert -keystore truststore.jks -alias servercert -file servercert.cer -v trustcacerts -noprompt -storepass * **

我的代码如下:

    System.setProperty("javax.net.ssl.trustStore","servertrust.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");

    //To be able to load the client configuration from axis2.xml
    ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("client-repo", null);

    SecureServiceStub stub = new SecureServiceStub(ctx,"https://localhost:8443/axis2/services/SecureService");

    ServiceClient sc = stub._getServiceClient();

    sc.engageModule("rampart");

    //call the service etc.

好的,使用此配置我收到以下错误:

引起:java.net.SocketException:远程主机关闭连接

如果我评论前两行,我得到的错误是:

引起:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径

那么我做错了什么?

我完全失去了。

更新完整代码:

http://pastebin.com/8xTYK3tY

堆栈追踪:

Exception in thread "main" org.apache.axis2.AxisFault: Connection refused: connect
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:197)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at tutorial.rampart.client.SecureServiceStub.add(SecureServiceStub.java:191)
at tutorial.rampart.client.SecureServiceCGClient.main(SecureServiceCGClient.java:36)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:564)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)

3 个答案:

答案 0 :(得分:1)

查看定义密钥库路径的行:

System.setProperty("javax.net.ssl.trustStore","servertrust.jks");

但是你提到文件名是 server.jks 。因此,如果是这种情况,则代码无法找到正确的证书文件。

更新:

使用ssl(https)时,服务器会搜索符合“CN”的正确证书。 CN必须等于主机的名称。根据您发布的URL,我发现您使用的是localhost,因此您必须使CN等于您的计算机名称(您可以通过右键单击我的计算机 - > propeties来查看它。)

答案 1 :(得分:0)

请确保该服务正在侦听端口8443.检查URL https://localhost:8443/axis2/services/SecureService是否存在。您可以尝试此URL https://localhost:8443/axis2/services/SecureService?wsdl,看看是否可以从该URL获取服务的WSDL

答案 2 :(得分:0)

我找到了解决方案。

我错过了这个:

System.setProperty("javax.net.ssl.keyStore","keys/client.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");