从worklight加载Java中的特定证书

Question

我有一个worklight项目，它有一个连接到服务的适配器来获取响应。

它使用我们为项目创建的worklight密钥库，该项目具有连接到后端所需的证书（证书名称：* .company.com），密钥库（myproject.p12）中包含证书：< / p>

ssl.keystore.path =  /was85/.../myproject.p12.
ssl.keystore.pass = Pass
ssl.keytore.type = PKCS12

一旦我从适配器获得响应，在其中我有我需要使用的URI从Web服务中获取图像并将其转换为base64。

我使用自定义Java代码来完成此任务：

package com.company.myProject;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.MalformedInputException;
import java.security.Security;
import java.util.logging.Logger;

public class ImageEncoder {
    public final static Logger logger = Logger.getLogger(ImageEncoder.class.getName());
    public static String getImage(String imageUrl)
            throws MalformedURLException, IOException {
        String imageDataString = "";
        URL url = null;
        URLConnection con = null;
        try {
            url = new URL(imageUrl);
            logger.info("url     "+url);
            con = url.openConnection();
            logger.info("con     "+con);


            InputStream input = con.getInputStream(); 
            logger.info("input   " + input);

            byte[] bytes = org.apache.commons.io.IOUtils.toByteArray(input);
            logger.info("bytes   " + bytes);
            input.close();
            imageDataString = encodeImage(bytes);
            logger.info("imageDataString   " + imageDataString);
            return imageDataString;


        } catch (MalformedInputException malformedInputException) {
            malformedInputException.printStackTrace();
            imageDataString = malformedInputException.toString();
            logger.info("MalformedInputException malformedInputException   " + imageDataString);
            return ("exception while reading the imag <" + imageDataString + ">");
        } catch (IOException ioException) {
            ioException.printStackTrace();
            imageDataString = ioException.toString();
            logger.info("IOException ioException   " + imageDataString);
            return ("exception while reading the imag <" + imageDataString + ">");
        }


    }

    public static String encodeImage(byte[] imageData) {
        // TODO Auto-generated method stub
        org.apache.commons.codec.binary.Base64 base = new org.apache.commons.codec.binary.Base64(
                false);
        return base.encodeToString(imageData);
        // return
        // org.apache.commons.codec.binary.Base64.encodeBase64URLSafeString(imageData);
    }
}

然而，Java代码一旦打开它抱怨认证（* .company.com）的连接并给出了这个错误：

The signer may need to be added to local trust store "/was85/profiles/node1/config/cells/cell_was/ecommerce_trust.p12" located in SSL configuration alias "DefaultSystemProperties" loaded from SSL configuration file "System Properties".  The extended error message from the SSL handshake exception is: "PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
        java.security.cert.CertPathValidatorException: The certificate issued by CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE is not trusted; internal cause is: 
        java.security.cert.CertPathValidatorException: Certificate chaining error".

在调查之后，它正在检查JVM信任存储而不是我们的项目信任存储。

要解决此问题，我有三个选择：

1. 将根证书（AddTrust）添加到myProject.p12而不是my leaf cert（* .company.com），不被接受。
2. 将叶证书（* .company.com）添加到JVM密钥库 （ecommerce_trust.p12）这是不可接受的，因为我们有另一个应用程序 在同一个JVM上运行，它将获得对leaf证书的访问权。

3. 在我的java代码中创建一个trustManager来获取项目p12而不是 JVM包含以下代码：

       try {
           url = new URL(imageUrl);
           logger.info("url     "+url);
   
       KeyStore trustStore = KeyStore.getInstance("PKCS12");
       trustStore.load(new FileInputStream("/was85/resources/security/ecommerce_gr_mobile.p12"), "Pass".toCharArray());
   
       TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
       tmf.init(trustStore);
       TrustManager[] tms = tmf.getTrustManagers();
   
       SSLContext sslContext = null;
       sslContext = SSLContext.getInstance("SSL");
       sslContext.init(null, tms, new SecureRandom());
   
       HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
       HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
       logger.info("con     "+con);
       //con.setSSLSocketFactory(sslFactory);
   
       InputStream input = con.getInputStream(); 
       logger.info("input   " + input);
   
       byte[] bytes = org.apache.commons.io.IOUtils.toByteArray(input);
       logger.info("bytes   " + bytes);
       input.close();
       imageDataString = encodeImage(bytes);
       logger.info("imageDataString   " + imageDataString);
       //return imageDataString;
   
   
   } catch (MalformedInputException malformedInputException) {
       malformedInputException.printStackTrace();
       imageDataString = malformedInputException.toString();
       logger.info("MalformedInputException malformedInputException   " + imageDataString);
       return ("exception while reading the imag <" + imageDataString + ">");
   } catch (IOException ioException) {
       ioException.printStackTrace();
       imageDataString = ioException.toString();
       logger.info("IOException ioException   " + imageDataString);
       return ("exception while reading the imag <" + imageDataString + ">");
   } catch (KeyStoreException keyStoreException) {
       // TODO Auto-generated catch block
       keyStoreException.printStackTrace();
       imageDataString = keyStoreException.toString();
       logger.info("keyStoreException   " + imageDataString);
   } catch (NoSuchAlgorithmException noSuchAlgorithmException) {
       // TODO Auto-generated catch block
       noSuchAlgorithmException.printStackTrace();
       imageDataString = noSuchAlgorithmException.toString();
       logger.info("noSuchAlgorithmException   " + imageDataString);
   } catch (CertificateException certificateExceptione) {
       // TODO Auto-generated catch block
       certificateExceptione.printStackTrace();
       imageDataString = certificateExceptione.toString();
       logger.info("certificateExceptione   " + imageDataString);
   } catch (KeyManagementException keyManagementException) {
       // TODO Auto-generated catch block
       keyManagementException.printStackTrace();
       imageDataString = keyManagementException.toString();
       logger.info("keyManagementException   " + imageDataString);
   }
   return imageDataString;
   

   }

哪个无效，我收到此错误：

[9/2/15 13:40:09:512 EDT] 0000021d ImageEncoder  I   >>>>>>>>>>>>>>>trustStore loaded <<<<<<<<<<java.security.KeyStore@f1c4b946
[9/2/15 13:40:09:512 EDT] 0000021d ImageEncoder  I   >>>>>>>>>>>>>>>tmf init <<<<<<<<<<javax.net.ssl.TrustManagerFactory@4d3fb9ab
[9/2/15 13:40:09:513 EDT] 0000021d ImageEncoder  I   >>>>>>>>>>>>>>>tms init <<<<<<<<<<[Ljavax.net.ssl.TrustManager;@c76fa980
[9/2/15 13:40:09:513 EDT] 0000021d ImageEncoder  I   >>>>>>>>>>>>>>>sslContext  <<<<<<<<<<
[9/2/15 13:40:09:570 EDT] 0000021d ImageEncoder  I   con     com.ibm.net.ssl.www2.protocol.https.e:https://domain.company.com/wps/wcm/connect/e77f32e8-906f-445f-b198-e3b77cb0e786/logo90x40.gif?MOD=AJPERES&CACHEID=e77f32e8-906f-445f-b198-e3b77cb0e786
[9/2/15 13:40:09:676 EDT] 0000021d ImageEncoder  I   IOException ioException   javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Answer 1

Worklight服务器使用＆＃34; ssl.keystore定义的密钥库。*＆＃34;在适配器的XML文件中配置的适配器和后端服务器之间创建SSL连接，因此如果您有自己的连接的自定义Java代码，您应该像上面的示例中那样设置自己的SSL上下文。这是正确的方式。 错误的原因可能是密钥库＆＃34; /was85/resources/security/ecommerce_gr_mobile.p12"不包含图像服务器的证书。 我建议创建单独的kestore并从适配器的java代码中使用它。将您想要从适配器的java代码中获取的服务器的所有证书放入其中。

Answer 2

我能够通过添加以下内容来解决此问题：

con.connect();

完整的代码将是：

           KeyStore trustStore = KeyStore.getInstance("PKCS12");
            File key = new File ("/was85/resources/security/ecommerce_gr_mobile.p12");
            trustStore.load(new FileInputStream(key), "Pass".toCharArray());
            logger.info(">>>>>>>>>>>>>>>trustStore loaded <<<<<<<<<<" + String.valueOf(trustStore) );



            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(trustStore);
            logger.info(">>>>>>>>>>>>>>>tmf init <<<<<<<<<<" + String.valueOf(tmf));
            TrustManager[] tms = tmf.getTrustManagers();
             logger.info(">>>>>>>>>>>>>>>tms init <<<<<<<<<<" + String.valueOf(tms));
            SSLContext sslContext = null;
            sslContext = SSLContext.getInstance("TLS");
             logger.info(">>>>>>>>>>>>>>>sslContext  <<<<<<<<<<");
            sslContext.init(null, tms, new SecureRandom());

            HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
            HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
            con.connect();
            logger.info("con     "+con);
            //con.setSSLSocketFactory(sslFactory);

            InputStream input = con.getInputStream(); 
            logger.info("input   " + input);

            byte[] bytes = org.apache.commons.io.IOUtils.toByteArray(input);
            logger.info("bytes   " + bytes);
            input.close();