我正在编写一个示例程序,用于从java应用程序查询供应商的Web服务。我不是从服务器做这个,它是一个java命令行桌面应用程序。编辑:使用Java 7。
我有供应商提供的证书 - 一个包含识别供应商的链,另一个是识别我公司的密钥库。我已将供应商证书导入到cacerts中,并且相信它可以正常工作,因为它消除了我在创建Service对象时遇到的错误。
当我实际尝试运行对webservice的远程调用时,我收到NoSuchAlgorithm错误;这是否意味着pkcs12不是有效类型的密钥库? Keystore Explorer可以读取这个密钥库,让我相信使用pkcs12应该是可能的。
所以我想知道我做错了什么,例如,我是否需要为PKCS12类型密钥做些什么。由于我使用VM命令行选项指定了密钥库,因此我也很困惑为什么SSL调试信息不会列出该密钥库。
我使用以下选项运行它:
-Djavax.net.debug=ssl -Djavax.net.ssl.keystore="S:\Vendor Documentation\9.07\Web Services\MyCompanykickoff\VendorSaaSWebServices-Customer.pfx" -Djavax.net.ssl.keyStorePassword=cX5L9CTj -Djavax.net.ssl.keyStoreType=pkcs12
我得到以下输出:
run:
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync1
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedEncryptedSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
keyStore is :
keyStore type is : pkcs12
keyStore provider is :
init keystore
default context init failed: java.security.KeyStoreException: pkcs12
not found
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:117)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:194)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:122)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:123)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:626)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:585)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:570)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:467)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:308)
all done
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:177)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:203)
at stsclientexample3.STSClientExample3.main(STSClientExample3.java:72)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:198)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:205)
at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:361)
at sun.net.NetworkClient.doConnect(NetworkClient.java:162)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:378)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:473)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:270)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:327)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:974)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:105)
... 11 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.security.Provider$Service.newInstance(Provider.java:1262)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:97)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:121)
at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:333)
at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:291)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:85)
at sun.net.www.protocol.https.Handler.openConnection(Handler.java:62)
at java.net.URL.openConnection(URL.java:1018)
at com.sun.xml.internal.ws.api.EndpointAddress.openConnection(EndpointAddress.java:202)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.createHttpConnection(HttpClientTransport.java:202)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:102)
... 11 more
Caused by: java.security.KeyStoreException: pkcs12
not found
at java.security.KeyStore.getInstance(KeyStore.java:616)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(SSLContextImpl.java:603)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:495)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at java.lang.Class.newInstance0(Class.java:372)
at java.lang.Class.newInstance(Class.java:325)
at java.security.Provider$Service.newInstance(Provider.java:1238)
... 24 more
Caused by: java.security.NoSuchAlgorithmException: pkcs12
KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:613)
... 33 more
BUILD SUCCESSFUL (total time: 0 seconds)
好的'Netbeans,告诉我我的构建成功了......
如果有人仍然想要代码:
package stsclientexample3;
import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Dispatch;
import javax.xml.ws.Service;
import javax.xml.ws.Service.Mode;
import javax.xml.ws.soap.AddressingFeature;
import org.oasis_open.docs.ws_sx.ws_trust._200512.RequestSecurityTokenType;
public class STSClientExample3 {
public static void main(String[] args) {
try
{
final Service service
= Service.create(
new URL("file://\\project\\VendorDemo\\DocumentAPIv22Methods\\EchoSignDocumentService22Demo\\Java\\STSClientExample2\\web\\WEB-INF\\wsdl\\SecurityTokenService.wsdl"),
new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "SecurityTokenService")
);
Iterator<QName> ports = service.getPorts();
while (ports.hasNext()) {
QName port = ports.next();
System.out.println(port.toString());
}
final Dispatch dispatch
= service.createDispatch(new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "CustomBinding_IWSTrust13Sync"),
JAXBContext.newInstance("org.oasis_open.docs.ws_sx.ws_trust._200512"),
Mode.PAYLOAD,
new AddressingFeature()
);
final BindingProvider provider = (BindingProvider) dispatch;
final Map requestContext = provider.getRequestContext();
requestContext.put(BindingProvider.SOAPACTION_URI_PROPERTY, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue");
final RequestSecurityTokenType request = new RequestSecurityTokenType();
dispatch.invoke(new JAXBElement<RequestSecurityTokenType>
(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "RequestSecurityToken"),
RequestSecurityTokenType.class,
request)
);
}
catch (Exception e) { e.printStackTrace(); }
System.out.println("all done");
}
public static void disableCertificates()
{
try {
TrustManager[] trustAllCerts =
{new X509TrustManager()
{
public X509Certificate[] getAcceptedIssuers() { return null; }
public void checkClientTrusted(X509Certificate[] certs, String authType) { }
public void checkServerTrusted(X509Certificate[] certs, String authType) { }
}
};
SSLContext sc = SSLContext.getInstance("SSL");
HostnameVerifier hv
= new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } };
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
catch (Exception localException)
{
System.out.println("Problem disabling SSL certificates: " + localException.getMessage());
}
}
}
答案 0 :(得分:1)
我犯了一个愚蠢的错误,导致NoSuchAlgorithm例外。
如果您(或阅读此帖子的任何人)在使用SpringBoot时收到此错误,请检查您的application.properties并确保您 没有写入密钥库类型值像这样:
server.ssl.key-store-type="PKCS12"
请注意引号 不应该!
删除它们后,异常就消失了。\
我正在使用Java 1.8:
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)
PS 我知道这与问题没有多大关系,但是对NoSuchAlgorithm例外的Google查询引导我访问此页面,所以我认为这将是一个好地方写这个建议。
答案 1 :(得分:0)
确保文件YOUR_JDK/jre/lib/security/java.security中的下一行设置为“true”:
#
# Controls compatibility mode for the JKS keystore type.
#
# When set to 'true', the JKS keystore type supports loading
# keystore files in either JKS or PKCS12 format. When set to 'false'
# it supports loading only JKS keystore files.
#
keystore.type.compat=true