我正在尝试建立TLS连接。我读到为了实现它,我应该使用initTLS参数并将其设置为管道。
这是一种从消费者方面调用以获取JaxWs代理的通用方法。你能告诉我我做错了吗?
public static <T> T getSvc(String urlWsdl, Class<? extends Service> svcClass,
Class<T> endpointCl) {
Service service = null;
try {
final URL wsdl = new URL(urlWsdl);
service = svcClass.getConstructor(URL.class).newInstance(wsdl);
} catch (Exception ex) {}
final T endPointInterface = service.getPort(endpointCl);
initTls(ClientProxy.getClient(port));
return endPointInterface;
}
private static void initTls(final Client client) {
final HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
final TLSClientParameters tlsClientParameters = new TLSClientParameters();
try {
final KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream("path", "password");
final TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
tlsClientParameters.setTrustManagers(myTrustStoreKeyManagers);
httpConduit.setTlsClientParameters(tlsClientParameters);
} catch (Exception e) {}
}
现在我在第(service = svcClass.getConstructor(URL.class).newInstance(wsdl);)行
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at .....
Caused by: javax.xml.ws.WebServiceException: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:151)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:101)
at javax.xml.ws.Service.<init>(Unknown Source)
at com.selity.service.v1.SelityService.<init>(SelityService.java:40)
... 31 more
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://somehost/SelitySvc?wsdl'.:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:263)
at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:206)
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:98)
答案 0 :(得分:0)
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径
这意味着客户端在尝试下载WSDL文件时不信任服务器提供的证书。此操作优先于在CXF客户端中配置TLS
替代方案:
1)指向本地wsdl文件。
File wsdlFile = new File(wsdlPath);
URL wsdl = wsdlFile.toURI().toURL();
2)在JVM级别配置信任库
System.setProperty("javax.net.ssl.trustStore",pathToYourTruststore);
System.setProperty("javax.net.ssl.trustStorePassword","password");