缺少它......
我有一个使用SSL驻留在Web服务器上并需要相互身份验证的JAX-WS服务。
首先测试相互身份验证是否正常,我将客户端证书导入浏览器。然后我将浏览器指向受保护的站点,它成功连接并检索内容。
然后我编写了java代码以连接到同一网站上的服务。我将相同的证书导入java密钥库文件(jks),我收到TLSv1警报:致命,handshake_failure。
我做了
-Djavax.net.debug=ssl:handshake
发现 ClientHello 和 ServerHello 是成功的。然后继续执行 ClientKeyExchange ,我看到了SESSION KEYGEN。然后它转到 CertificateVerify ,这是致命的,handshake_failure发生的时候。
我不知道浏览器的工作原理和java应用程序的工作原理。
我正在Java 1.6.0_45上运行,尽管我在Java 7上尝试了相同的代码以获得相同的结果。
有关详细信息,请参见下文。
很长一段时间......
这很长,我包含了加载密钥和信任库的代码,最后我还包含了javax.net.debug输出。
为了支持动态加载密钥库和信任库,我创建了一个Custom SocketFactory。
public abstract class AbstractSSLSocketFactory extends SSLSocketFactory {
private static final Logger logger = Logger.getLogger(AbstractSSLSocketFactory.class);
protected AbstractSocketFactoryAdapter adapter = null;
@Override
public Socket createSocket(Socket arg0, String arg1, int arg2, boolean arg3)
throws IOException {
return this.adapter.getFactory().createSocket(arg0, arg1, arg2, arg3);
}
@Override
public String[] getDefaultCipherSuites() {
String[] cipherSuites = null;
try {
cipherSuites = this.adapter.getFactory().getDefaultCipherSuites();
}
catch (ServiceSecurityException e) {
logger.error("There was an error retrieving the SSLSocketFactory", e);
}
return cipherSuites;
}
@Override
public String[] getSupportedCipherSuites() {
String[] cipherSuites = null;
try {
cipherSuites = this.adapter.getFactory().getSupportedCipherSuites();
}
catch (ServiceSecurityException e) {
logger.error("There was an error retrieving the SSLSocketFactory", e);
}
return cipherSuites;
}
@Override
public Socket createSocket(String arg0, int arg1) throws IOException,
UnknownHostException {
return this.adapter.getFactory().createSocket(arg0, arg1);
}
@Override
public Socket createSocket(InetAddress arg0, int arg1) throws IOException {
return this.adapter.getFactory().createSocket(arg0, arg1);
}
@Override
public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3)
throws IOException, UnknownHostException {
return this.adapter.getFactory().createSocket(arg0, arg1, arg2, arg3);
}
@Override
public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2,
int arg3) throws IOException {
return this.adapter.getFactory().createSocket(arg0, arg1, arg2, arg3);
}
}
抽象的适配器如下:
public abstract class AbstractSocketFactoryAdapter {
private SSLSocketFactory socketFactory = null;
protected abstract String getProtocol() throws ServiceSecurityException;
protected abstract KeyManagerFactory getKeyManagerFactory() throws ServiceSecurityException;
protected abstract TrustManagerFactory getTrustManagerFactory() throws ServiceSecurityException;
public SSLSocketFactory getFactory() throws ServiceSecurityException {
if (this.socketFactory == null ) {
// Create a new socket factory
try {
// Retrieve the KeyManagerFactory from the implementing class
KeyManagerFactory keyManagerFactory = this.getKeyManagerFactory();
// Retrieve the TrustManagerFactory
TrustManagerFactory trustManagerFactory = this.getTrustManagerFactory();
// Retrieve the Protocol
String protocol = this.getProtocol();
// Create the SSL Context to create the Socket Factory
SSLContext context = SSLContext.getInstance(protocol);
KeyManager[] keyManagers = null;
if ( keyManagerFactory != null ) {
keyManagers = keyManagerFactory.getKeyManagers();
}
TrustManager[] trustManagers = null;
if ( trustManagerFactory != null ) {
trustManagers = trustManagerFactory.getTrustManagers();
}
// Associate the KeyManagerFactory with the SSLContext
// if the keyManagers and/or trustManagers are null then
// the jvm default is used for the respective manager
context.init(keyManagers, trustManagers, new SecureRandom());
// cache the socket factory for later use
this.socketFactory = context.getSocketFactory();
} catch (NoSuchAlgorithmException e) {
throw new ServiceSecurityException(e);
} catch (KeyManagementException e) {
throw new ServiceSecurityException(e);
}
}
return this.socketFactory;
}
}
适配器的具体实现是:(在此测试用例中,我从磁盘加载密钥和信任存储,但最终我们计划将它们作为blob存储在数据库中。)
public class SocketFactoryFileAdapter extends AbstractSocketFactoryAdapter {
private static final String DEFAULT_KEY_STORE_TYPE = "JKS";
private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
private static final String DEFAULT_PROTOCOL = "TLS";
private final String keyStoreType;
private final String trustStoreType;
private final String protocol;
private final String keyStoreFileName;
private final String keyStorePassword;
private final String trustStoreFileName;
private final String trustStorePassword;
public SocketFactoryFileAdapter(String keyStoreFileName,
String keyStorePassword,
String trustStoreFileName,
String trustStorePassword) {
this( keyStoreFileName,
keyStorePassword,
SocketFactoryFileAdapter.DEFAULT_KEY_STORE_TYPE,
trustStoreFileName,
trustStorePassword,
SocketFactoryFileAdapter.DEFAULT_TRUST_STORE_TYPE,
SocketFactoryFileAdapter.DEFAULT_PROTOCOL);
}
public SocketFactoryFileAdapter(String keyStoreFileName,
String keyStorePassword,
String keyStoreType,
String trustStoreFileName,
String trustStorePassword,
String trustStoreType,
String protocol) {
this.keyStoreFileName = keyStoreFileName;
this.keyStorePassword = keyStorePassword;
this.keyStoreType = keyStoreType;
this.trustStoreFileName = trustStoreFileName;
this.trustStorePassword = trustStorePassword;
this.trustStoreType = trustStoreType;
this.protocol = protocol;
}
@Override
protected KeyManagerFactory getKeyManagerFactory() throws ServiceSecurityException {
KeyManagerFactory keyManagerFactory = null;
// If the keystore file name is null or 0 length, do not create a new factory
if (this.keyStoreFileName != null && keyStoreFileName.length() > 0) {
try {
// Create a Key Manager Factory
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
// Create the KeyStore
KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
// Load the KeyStore from disk
InputStream keyInput = new FileInputStream(this.keyStoreFileName);
keyStore.load(keyInput, this.keyStorePassword.toCharArray());
keyInput.close();
// Initialize the Key Manager Factory
keyManagerFactory.init(keyStore, this.keyStorePassword.toCharArray());
}
catch (NoSuchAlgorithmException e) {
throw new ServiceSecurityException(e);
}
catch (KeyStoreException e) {
throw new ServiceSecurityException(e);
}
catch (CertificateException e) {
throw new ServiceSecurityException(e);
}
catch (IOException e) {
throw new ServiceSecurityException(e);
}
catch (UnrecoverableKeyException e) {
throw new ServiceSecurityException(e);
}
}
return keyManagerFactory;
}
@Override
protected TrustManagerFactory getTrustManagerFactory() throws ServiceSecurityException {
TrustManagerFactory trustManagerFactory = null;
// If the keystore file name is null or 0 length, do not create a new factory
if (this.trustStoreFileName != null && trustStoreFileName.length() > 0) {
try {
// Create a Trust Manager Factory
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
// Create the KeyStore
KeyStore trustStore = KeyStore.getInstance(this.trustStoreType);
// Load the TrustStore from disk
InputStream trustInput = new FileInputStream(this.trustStoreFileName);
trustStore.load(trustInput, this.trustStorePassword.toCharArray());
trustInput.close();
// Initialize the Trust Manager Factory
trustManagerFactory.init(trustStore);
}
catch (NoSuchAlgorithmException e) {
throw new ServiceSecurityException(e);
}
catch (KeyStoreException e) {
throw new ServiceSecurityException(e);
}
catch (CertificateException e) {
throw new ServiceSecurityException(e);
}
catch (IOException e) {
throw new ServiceSecurityException(e);
}
}
return trustManagerFactory;
}
public String getKeyStoreType() {
return this.keyStoreType;
}
public String getTrustStoreType() {
return this.trustStoreType;
}
@Override
public String getProtocol() {
return this.protocol;
}
}
然后我有一个类将SSL Socket Factory放入开发人员的JAX-WS上下文中。
public class SecureFileWebServiceProxy extends AbstractSecureWebServiceProxy {
public SecureFileWebServiceProxy(Class<?> serviceImplementationClass,
String keyStoreFileName,
String keyStorePassword,
String trustStoreFileName,
String trustStorePassword) throws InstantiationException, IllegalAccessException {
this(serviceImplementationClass, new FileSSLSocketFactory( keyStoreFileName,
keyStorePassword,
trustStoreFileName,
trustStorePassword));
}
public SecureFileWebServiceProxy(Class<?> serviceImplementationClass,
String keyStoreFileName,
String keyStorePassword,
String keyStoreType,
String trustStoreFileName,
String trustStorePassword,
String trustStoreType,
String protocol) throws InstantiationException, IllegalAccessException {
this(serviceImplementationClass, new FileSSLSocketFactory( keyStoreFileName,
keyStorePassword,
keyStoreType,
trustStoreFileName,
trustStorePassword,
trustStoreType,
protocol));
}
private SecureFileWebServiceProxy(Class<?> serviceImplementationClass, SSLSocketFactory factory) throws InstantiationException,
IllegalAccessException {
super(serviceImplementationClass, factory);
}
}
这是混合服务代理:
public class SecureFileWebServiceProxy extends AbstractSecureWebServiceProxy {
public SecureFileWebServiceProxy(Class<?> serviceImplementationClass,
String keyStoreFileName,
String keyStorePassword,
String trustStoreFileName,
String trustStorePassword) throws InstantiationException, IllegalAccessException {
this(serviceImplementationClass, new FileSSLSocketFactory( keyStoreFileName,
keyStorePassword,
trustStoreFileName,
trustStorePassword));
}
public SecureFileWebServiceProxy(Class<?> serviceImplementationClass,
String keyStoreFileName,
String keyStorePassword,
String keyStoreType,
String trustStoreFileName,
String trustStorePassword,
String trustStoreType,
String protocol) throws InstantiationException, IllegalAccessException {
this(serviceImplementationClass, new FileSSLSocketFactory( keyStoreFileName,
keyStorePassword,
keyStoreType,
trustStoreFileName,
trustStorePassword,
trustStoreType,
protocol));
}
private SecureFileWebServiceProxy(Class<?> serviceImplementationClass, SSLSocketFactory factory) throws InstantiationException,
IllegalAccessException {
super(serviceImplementationClass, factory);
}
}
最后把它们放在一起,我称之为服务......
public static void main(String[] args) {
String keyStoreFileName = "keystores/keystore.jks";
String keyStorePassword = "changeit";
String trustStoreFileName = "keystores/keystore.jks";
String trustStorePassword = "changeit";
SecureFileWebServiceProxy proxy = null;
try {
proxy = new SecureFileWebServiceProxy(SampleWebServiceService.class, keyStoreFileName, keyStorePassword, "JKS", trustStoreFileName, trustStorePassword, "JKS", "TLS");
}
catch ( Throwable th ) {
logger.fatal("There was an error creating the service factory", th);
return;
}
SampleWebService service = null;
try {
service = proxy.getPort(SampleWebService.class);
}
catch ( Throwable th ) {
logger.fatal("There was an error creating the service", th);
return;
}
try {
String rvalue = service.testMethod("test");
logger.debug("The service returned the value: " + rvalue);
}
catch ( Throwable th ) {
logger.fatal("There was an error calling the service", th);
}
}
以下是调试的输出,数据已修改,因为我们使用的是真正的证书而非自签名...
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\jdk1.6.0_45\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
trigger seeding of SecureRandom
done seeding SecureRandom
***
found key for : ALIAS_ONE
chain [0] = [
[
Version: V3
Subject: CN=mycn, OU=myou,
Signature Algorithm: SHA1withRSA, OID = xxxxx
Key: Sun RSA public key, 2048 bits
modulus: xxx
public exponent: xxx
Validity: [From: Tue Jun 25 06:48:52 EDT 2013,
To: Wed Aug 27 05:12:07 EDT 2014]
Issuer: CN=Trusted CA, OU=CA OU, O=CA O, C=US
SerialNumber: [ xxx
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ca.url,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://gtssldv-aia.geotrust.com/gtssldv.crt]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: xxx]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [xxx]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: mycn
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
]
]
]
Algorithm: [SHA1withRSA]
Signature:
]
***
adding as trusted cert:
Subject: CN=mycn, OU=myou,
Issuer: CN=GeoTrust DV SSL CA, OU=Domain Validated SSL, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x6f6aa
Valid from Tue Jun 25 06:48:52 EDT 2013 until Wed Aug 27 05:12:07 EDT 2014
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1373718630 bytes = { 45, 50, 83, 121, 185, 87, 15, 156, 174, 186, 215, 252, 210, 107, 14, 19, 172, 248, 56, 25, 231, 241, 37, 54, 112, 176, 190, 36 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 75
main, WRITE: SSLv2 client hello message, length = 101
main, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
RandomCookie: GMT: -1105040847 bytes = { 16, 23, 184, 87, 110, 87, 29, 130, 248, 27, 222, 32, 33, 115, 97, 142, 220, 156, 82, 25, 208, 181, 219, 152, 205, 115, 123, 184 }
Session ID: {69, 58, 206, 144, 22, 133, 165, 252, 186, 223, 39, 102, 91, 170, 133, 90, 27, 58, 195, 5, 57, 147, 222, 112, 205, 227, 143, 154, 228, 220, 68, 100}
Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
main, READ: TLSv1 Handshake, length = 1406
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=mycn, OU=myou,
Signature Algorithm: SHA1withRSA, OID = xxx
Key: Sun RSA public key, 2048 bits
modulus: xxx
public exponent: xxx
Validity: [From: Tue Jun 25 06:48:52 EDT 2013,
To: Wed Aug 27 05:12:07 EDT 2014]
Issuer: CN=Trusted CA, OU=CA OU, O=CA O, C=US
SerialNumber: [ 06f6aa]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ca.url,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://gtssldv-aia.geotrust.com/gtssldv.crt]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 8C F4 D9 93 0A 47 BC 00 A0 4A CE 4B 75 6E A0 B6 .....G...J.Kun..
0010: B0 B2 7E FC ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: xxx]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: mycn
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
]
]
]
Algorithm: [SHA1withRSA]
Signature:
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=mycn, OU=myou,
Signature Algorithm: SHA1withRSA, OID = xxx
Key: Sun RSA public key, 2048 bits
modulus: xxx
public exponent: 65537
Validity: [From: Tue Jun 25 06:48:52 EDT 2013,
To: Wed Aug 27 05:12:07 EDT 2014]
Issuer: CN=Trusted CA, OU=CA OU, O=CA O, C=US
SerialNumber: [ 06f6aa]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ca.url,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://ca.url/ca.crt]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: xxx]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: mycn
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
]
]
]
Algorithm: [SHA1withRSA]
Signature:
]
main, READ: TLSv1 Handshake, length = 8
*** CertificateRequest
Cert Types: RSA
Cert Authorities:
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
matching alias: ALIAS_ONE
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=mycn, OU=myou,
Signature Algorithm: SHA1withRSA, OID = xxx
Key: Sun RSA public key, 2048 bits
modulus: xxx
public exponent: 65537
Validity: [From: Tue Jun 25 06:48:52 EDT 2013,
To: Wed Aug 27 05:12:07 EDT 2014]
Issuer: CN=Trusted CA, OU=CA OU, O=CA O, C=US
SerialNumber: [ xxx]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ca.url,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://ca.url/ca.crt]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: xxx]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: mycn
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
]
]
]
Algorithm: [SHA1withRSA]
Signature:
]
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 1668
SESSION KEYGEN:
PreMaster Secret:
CONNECTION KEYGEN:
Client Nonce:
Server Nonce:
Master Secret:
Client MAC write Secret:
Server MAC write Secret:
Client write key:
Server write key:
... no IV used for this cipher
*** CertificateVerify
main, WRITE: TLSv1 Handshake, length = 262
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { xxx }
***
main, WRITE: TLSv1 Handshake, length = 36
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2014-01-23 11:50:47,034 FATAL (Main.java:main():70) - There was an error calling the service
com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:134)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:135)
at com.sun.xml.xwss.XWSSClientPipe.process(XWSSClientPipe.java:118)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
at com.sun.xml.ws.client.Stub.process(Stub.java:248)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:135)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
at com.sun.proxy.$Proxy34.testMethod(Unknown Source)
at Main.main(Main.java:66)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1031)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:122)
... 14 more