使用SSL的CXF客户端引发SSLHandshakeException

时间:2013-12-28 09:36:58

标签: ssl cxf sslhandshakeexception

当我尝试使用基于HTTPS连接的CXF客户端使用CXF Web服务时,我遇到了SSLhandshakeException。

Web服务需要SSL连接,因此我有PKCS 12密钥存储区,在java代码中直接用密码引用,如下所示。

java代码中的系统属性配置:

System.setProperty("javax.net.ssl.keyStore", "/home/user/test-client.p12");  
System.setProperty("javax.net.ssl.keyStorePassword", "AbcgfhYgb");
System.setProperty("javax.net.debug", "ssl, handshake");

cxf.xml中的CXF客户端配置

<jaxws:client id="CService" serviceClass="com..cws.CService"
        address="https://developer.webservice.com/test" />

<http-conf:conduit name="*.http-conduit">
    <http-conf:tlsClientParameters disableCNCheck="true">
    </http-conf:tlsClientParameters>
</http-conf:conduit>

异常执行客户端

时抛出 
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://developer.webservice.com/test: Received fatal alert: handshake_failure
                at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
                at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
                at java.lang.reflect.Constructor.newInstance(Constructor.java:534)
                at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1338)
                at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1322)
                at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:50)
                at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:223)
                at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
                at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:622)
                at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
                at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
                at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
                at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
                at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
                at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
                at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
                at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
                ... 53 more
        Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
                at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
                at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
                at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1748)
                at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:991)
                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1175)
                at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1202)
                at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1186)
                at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
                at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
                at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:979)
                at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
                at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168)
                at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1282)
                at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1233)
                at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
                at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
                at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
                at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1295)
                ... 65 more

任何人都可以建议使用带有SSL的CXF客户端访问Web服务的解决方案。

2 个答案:

答案 0 :(得分:0)

将JDK cacerts引用为信任任务管理器,其中包含SSL证书的CA证书。另外,添加由SSL证书组成的密钥库,如下所示。

     <http-conf:conduit name="*.http-conduit">
    <http-conf:tlsClientParameters>
        <sec:keyManagers keyPassword="testkey">
            <sec:keyStore type="JKS" password="changeit"
                file="<keystore path>" />
        </sec:keyManagers>
        <sec:trustManagers>
            <sec:keyStore type="JKS" password="changeit"
                file="<cacert path>" />
        </sec:trustManagers>
    </http-conf:tlsClientParameters>
    <http-conf:client AutoRedirect="true" Connection="Keep-Alive" />
</http-conf:conduit>

答案 1 :(得分:0)

以下配置将使CXF客户端能够通过SSL(https)使用JAXWS服务:

  <http-conf:conduit name="*.http-conduit" >
    <http-conf:tlsClientParameters 
        useHttpsURLConnectionDefaultSslSocketFactory="true"     
    />
  </http-conf:conduit>

检查: 该证书已被生产者用于消费者手中 2.如果您遇到主机名与证书中的主机名不匹配的问题,可以使用disableCNCheck =&#34; true&#34;。但是,这个标志不建议用于Producation

相关问题
最新问题