我有一个工作的肥皂连接,但我的证书正在结束。所以我只想更改证书。 对于我的肥皂连接,我使用我使用openssl生成的密钥库。
使用我的旧密钥库,它可以正常工作。但是对于我的新手,我得到了这个堆栈跟踪:
Caused by: org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
at org.apache.ws.security.validate.SignatureTrustValidator.validate(SignatureTrustValidator.java:86)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:187)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:835)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1612)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1503)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1310)
at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:50)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:223)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:628)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
所以我猜我的密钥库生成有问题。 虽然我可以发送消息,但接收错误。 这是代码,在最后一行我得到了上面的例子。
AanleverServiceV12_Service service = new AanleverServiceV12_Service();
log.trace("aanleverService created");
AanleverServiceV12 aanleverServicePort = service.getAanleverServicePortV12();
log.trace("aanleverServicePort created");
AanleverRequest aanleverRequest = createAanleverRequest(belastingFormulier);
log.trace("AanleverRequest: {}", aanleverRequest);
AanleverResponse response = aanleverServicePort.aanleveren(aanleverRequest);
这是我的配置文件:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.keystore.password=****
org.apache.ws.security.crypto.merlin.keystore.file=keystore.p12
org.apache.ws.security.crypto.merlin.keystore.alias={csr_request_finished}
欢迎任何帮助!
我试图重新创建有效的密钥库,但我得到了同样的错误。所以我猜错误在于制作密钥库。
我这样做:
openssl pkcs12 -export -out keystore.p12 -inkey server.key -in cert.pem -name "{csr_request_finished}"
我将我的一代更新为此但出现了同样的错误(我将证书拆分为支持证书:
openssl pkcs12 -export -out kdeb5.p12 -inkey key.pem -in cert.pem -name "{csr_request_finished}" -certfile certRest.pem
答案 0 :(得分:1)
org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
所以为了避免至少有一个证书需要一个名称,它甚至可以像这样:
openssl pkcs12 -export -out keystore.p12 -inkey key.pem -in cert.pem -name "{CSR_Request_Finished}" -certfile certRest.pem -caname ""
以上作品,但最好不要做:
openssl pkcs12 -export -out keystore.p12 -inkey key.pem -in cert.pem -name "{CSR_Request_Finished}" -certfile certRest.pem -caname "cert one" -caname "cert intermediate" -caname "cert root" etc....
如果得到这个,差异就没有了。:
Bag Attributes: <No Attributes>
使用emtpy名称即可获得此信息:
Bag Attributes
friendlyName:
您可以使用以下命令查看此信息:
openssl pkcs12 -info -in keystore.p12