HTTP传输错误:带有WSO2 DSS的javax.net.ssl.SSLHandshakeException

时间:2013-06-04 08:15:10

标签: wso2 wso2dss

我使用JDeveloper 11.1.2.3.0从WSO2 DSS创建了一个Web服务客户端和代理。

使用UsernameToken(基本方案)保护我的数据服务。

这是我的客户代码:

package pmis.wsdl2;

import java.security.cert.X509Certificate;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import javax.annotation.Generated;

import javax.xml.ws.BindingProvider;

import weblogic.security.SSL.TrustManager;

import weblogic.wsee.security.bst.ClientBSTCredentialProvider;
import weblogic.wsee.security.saml.SAMLTrustCredentialProvider;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
import weblogic.wsee.security.util.CertUtils;

import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.provider.CredentialProvider;


// This source file is generated by Oracle tools.
// Contents may be subject to change.
// For reporting problems, use the following:
// Generated by Oracle JDeveloper 11g Release 2 11.1.2.3.0.6276

public class SecureSOAP11EndpointClient {
    public static void main(String[] args) {
        IAWSDLREGISTRATIONDataService iAWSDLREGISTRATIONDataService = new IAWSDLREGISTRATIONDataService();
        IAWSDLREGISTRATIONDataServicePortType iAWSDLREGISTRATIONDataServicePortType =
            iAWSDLREGISTRATIONDataService.getSecureSOAP11Endpoint();

        String username = "admin";
        String password = "admin";

        String clientKeyStore = "d:/wso2keystore.jks";
        String clientKeyStorePass = "mypkpassword";
        String clientKeyAlias = "wso2cert";
        String clientKeyPass = "mypkpassword";
        String serverCertFile = "d:/wso2cert.cer";

        List credProviders = new ArrayList();
        //use x509 to secure wssc handshake
        try {
            X509Certificate serverCert = (X509Certificate)CertUtils.getCertificate(serverCertFile);
            CredentialProvider cp =
                new ClientBSTCredentialProvider(clientKeyStore, clientKeyStorePass, clientKeyAlias, clientKeyPass,
                                                "JKS", serverCert);
            credProviders.add(cp);
            cp = new ClientUNTCredentialProvider(username.getBytes(), password.getBytes());
            credProviders.add(cp);

            Map<String, Object> rc = ((BindingProvider)iAWSDLREGISTRATIONDataServicePortType).getRequestContext();

            rc.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);

            rc.put(WSSecurityContext.TRUST_MANAGER, new TrustManager() {
                    public boolean certificateCallback(X509Certificate[] chain, int validateErr) {
                        return true;
                    }
                });

            iAWSDLREGISTRATIONDataServicePortType.selectAllIAWSDLREGISTRATIONOperation();
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }
}

所以,当我调用时,我遇到了以下错误:

com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:138)
    at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:187)
    at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:124)
    at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:121)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
    at com.sun.xml.ws.client.Stub.process(Stub.java:272)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:153)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
    at $Proxy35.selectAllIAWSDLREGISTRATIONOperation(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
    at $Proxy36.selectAllIAWSDLREGISTRATIONOperation(Unknown Source)
    at pmis.wsdl2.SecureSOAP11EndpointClient.main(SecureSOAP11EndpointClient.java:66)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
    at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:126)
    ... 20 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
    at sun.security.validator.Validator.validate(Validator.java:218)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
    ... 32 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
    ... 38 more

我按照以下方式创建了我的证书:

keytool -genkey -alias wso2cert -keyalg RSA -keysize 1024 -keypass mypkpassword -keystore wso2keystore.jks -storepass mypkpassword

keytool -export -alias wso2cert -keystore wso2keystore.jks -storepass mypkpassword -file wso2cert.cer

keytool -import -alias wso2newcert -file wso2cert.cer -keystore client-truststore.jks -storepass wso2carbon

请建议我,我该如何调用? UsernameToken + SSL。 是否还需要其他步骤?

此致 EBA

1 个答案:

答案 0 :(得分:0)

导入新证书后,您应该编辑carbon.xml以指向密钥库路径;

<KeyStore>
            <!-- Keystore file location-->
            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>