我正在编写Java SOAP客户端,通过HTTPS和SSL身份验证连接到SOAP Web服务。我有一个keyStore和一个trustStore来进行SSL身份验证。我使用javax来实现客户端。
我使用以下方法设置证书(keyStore,trustStore):
System.setProperty("javax.net.ssl.keyStore",configuration.getProperty("***"));
System.setProperty("javax.net.ssl.keyStorePassword", configuration.getProperty("***"));
System.setProperty("javax.net.ssl.keyStoreType", configuration.getProperty("***"));
System.setProperty("javax.net.ssl.trustStore",configuration.getProperty("***"));
System.setProperty("javax.net.ssl.trustStorePassword", configuration.getProperty("***"));
System.setProperty("javax.net.ssl.trustStoreType", configuration.getProperty("***"));
制作SOAP连接的代码:
HttpsURLConnection httpsConnection = null;
SSLContext sslContext = SSLContext.getInstance("SSL");
TrustManager[] trustAll = new TrustManager[] {new TrustAllCertificates()};
sslContext.init(null, trustAll, new java.security.SecureRandom());
// Set trust all certificates context to HttpsURLConnection
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
// Open HTTPS connection
URL urlUrl = new URL(url);
httpsConnection = (HttpsURLConnection) urlUrl.openConnection();
// Trust all hosts
httpsConnection.setHostnameVerifier(new TrustAllHosts());
// Connect
httpsConnection.connect();
SOAPMessage soapResponse = soapConnection.call(createSOAPRequest(request), url);
soapConnection.close();
httpsConnection.disconnect();
当我尝试连接时,出现以下错误:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
我已经使用curl connexion测试了证书(和密码)并且它可以工作。问题不是来自keyStore和trustStore。
我认为我的应用程序(javax?)在连接过程中没有使用证书。有什么想法吗?
答案 0 :(得分:0)
看起来你做了双重工作,最后忽略了你的系统属性。为Trust / Key存储设置系统属性时 - 您不需要使用所有SSLContext,TrustManager,HostVerifier。 像简单的HTTP一样做,不关心。
URL urlUrl = new URL(url);
// all of those connections work since they are interfaces. Implementation is HTTPS of course
HttpsURLConnection httpsConnection = (HttpsURLConnection) urlUrl.openConnection();
HttpURLConnection httpConnection = (HttpURLConnection) urlUrl.openConnection();
URLConnection urlConnection = urlUrl.openConnection();