密钥库PKCS12 Merlin异常

时间:2016-09-13 09:38:54

标签: java ssl-certificate keystore

我尝试使用认证进行SOAP客户端,但我遇到了问题: http://wklej.to/c3v59 这是我的代码(它的副本 - 粘贴代码,我不了解很多功能)     公共课EETClient     {         private static final ExtendedLogger logger = ExtendedLogger.getLogger(ClientKey.class); 

    private static final EETService WEBSERVICE  = new EETService(EETClient.class.getResource("EETServiceSOAP.wsdl"));

    private static final long   RECEIVE_TIMEOUT = 10000;

    private static final String CRYPTO_INSTANCE_KEY = "eetCryptoInstance";

    private static final String SUBJECT_CERT_CONSTRAINTS = ".*O=Česká republika - Generální finanční ředitelství.*CN=Elektronická evidence tržeb.*";

    private static final String JAVAX_NET_SSL_KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";

    private final ClientKey clientKey;

   private final ServerKey serverRootCa;


    public EETClient(
        final ClientKey clientKey,
        final ServerKey serverKey)
    {
        this.clientKey = clientKey;
        serverRootCa = serverKey;
    }

    public EET run()
    {
        final EET port = WEBSERVICE.getEETServiceSOAP();
        final Client clientProxy = ClientProxy.getClient(port);
        ensureHTTPSKeystorePassword();
        configureEndpointUrl(port, "https://pg.eet.cz:443/eet/services/EETServiceSOAP/v3");
        configureSchemaValidation(port);
        configureTimeout(clientProxy);
        configureLogging(clientProxy);
        configureSigning(clientProxy, false);
        return port;
    }

    private void ensureHTTPSKeystorePassword() {
      if(System.getProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD) == null) {
          // there is not set keystore password (needed for HTTPS communication handshake), set the usual default one
          // TODO: is this assumption ok?
          System.setProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD, "changeit");
      }
  }

    private static void configureEndpointUrl(
        final EET remote,
        final String webserviceUrl)
    {
        final Map<String, Object> requestContext = ((BindingProvider)remote).getRequestContext();
        requestContext.put(
            BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
            webserviceUrl);
    }

    private static void configureSchemaValidation(final EET remote)
    {
        final Map<String, Object> requestContext = ((BindingProvider)remote).getRequestContext();
      requestContext.put("schema-validation-enabled", "true");
    }

    private static void configureLogging(final Client clientProxy)
    {
        clientProxy.getInInterceptors().add(WebserviceLogging.LOGGING_IN_INTERCEPTOR);
        clientProxy.getOutInterceptors().add(WebserviceLogging.LOGGING_OUT_INTERCEPTOR);
    }

    private static void configureTimeout(final Client clientProxy)
    {
        final HTTPConduit conduit = (HTTPConduit)clientProxy.getConduit();
        final HTTPClientPolicy policy = new HTTPClientPolicy();
        policy.setReceiveTimeout(RECEIVE_TIMEOUT);
        policy.setConnectionTimeout(10000);
        conduit.setClient(policy);
    }

    private void configureSigning(final Client clientProxy, final boolean mode)
    {
         final WSS4JOutInterceptor wssOut = createSigningInterceptor();
       clientProxy.getOutInterceptors().add(wssOut);
       final WSS4JInInterceptor wssIn = createValidatingInterceptor(mode);
       clientProxy.getInInterceptors().add(wssIn);
   }

    private WSS4JOutInterceptor createSigningInterceptor()
    {
      final Map<String,Object> signingProperties = new HashMap<>();
      signingProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); // only sign, do not encrypt

      signingProperties.put(WSHandlerConstants.PW_CALLBACK_REF, this.clientKey.getClientPasswordCallback());
      signingProperties.put(WSHandlerConstants.SIGNATURE_USER, this.clientKey.getAlias()); // provides client keys to signing
      signingProperties.put(CRYPTO_INSTANCE_KEY, clientKey.getCrypto());
      signingProperties.put(WSHandlerConstants.SIG_PROP_REF_ID, CRYPTO_INSTANCE_KEY);

      signingProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); // embed the public cert into requests
      signingProperties.put(WSHandlerConstants.SIG_ALGO, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
      signingProperties.put(WSHandlerConstants.SIG_DIGEST_ALGO, "http://www.w3.org/2001/04/xmlenc#sha256");
      return new WSS4JOutInterceptor(signingProperties);
  }

    private WSS4JInInterceptor createValidatingInterceptor(final boolean mode)
    {
        final Map<String,Object> inProps = new HashMap<>();
        inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); // only sign, do not encrypt

        inProps.put(CRYPTO_INSTANCE_KEY, serverRootCa.getCrypto());  // provides I.CA root CA certificate
        inProps.put(WSHandlerConstants.SIG_PROP_REF_ID, CRYPTO_INSTANCE_KEY);

        inProps.put(WSHandlerConstants.SIG_SUBJECT_CERT_CONSTRAINTS, SUBJECT_CERT_CONSTRAINTS); // regex validation of the cert.
        inProps.put(WSHandlerConstants.ENABLE_REVOCATION, "true"); // activate CRL checks

        return new WSS4JInInterceptor(inProps);
    }

public class ClientKey
{
    private final KeyStore                      keyStore;
    private final String                            password;
    private final String                            alias;
    private final ClientPasswordCallback    clientPasswordCallback;
}

主:

        final InputStream clientKeyStream = Main.class.getClass().getResourceAsStream("/keys/01000005.p12");
        final InputStream serverCertificate = Main.class.getClass().getResourceAsStream("/keys/qica.der");
        final ClientKey clientKey = new ClientKey(clientKeyStream, "eet");
        final ServerKey serverKey = new ServerKey(serverCertificate);
        final EETClient client = new EETClient(clientKey, serverKey);
        final EET port = client.run();

来自密钥库的屏幕: https://i.imgsafe.org/7c8ea7b922.png

有人可以解释我做错了什么吗?

0 个答案:

没有答案
相关问题
最新问题