Mongo Connection SSL& JAX-WS

时间:2017-06-09 20:17:03

标签: java mongodb ssl jax-ws

我们有一个wsclient使用带有SSL连接的JAX-WS,其中证书的配置是:

lst <- split(df1, df1$`US?`)

但是当我们将Mongo数据库移植到MongoAtlas(只接受TLS / SSL连接)时,JAX-WS中的所有HTTP连接都停止工作,发生的问题是:

System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStore", "/certificate.pfx");
System.setProperty("javax.net.ssl.keyStorePassword", "password");

我们使用Java 8以这种方式连接Mongo:

javax.xml.ws.WebServiceException: Failed to access WSDL in https://homologacao.nfe.fazenda.sp.gov.br/ws/nfeautorizacao.asmx?wsdl. It failed with: 
Server returned HTTP response code: 403 for URL: https://homologacao.nfe.fazenda.sp.gov.br/ws/nfeautorizacao.asmx?wsdl.
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:250)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:231)
...
Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://homologacao.nfe.fazenda.sp.gov.br/ws/nfeautorizacao.asmx?wsdl
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1876)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)

我们不知道因为发生了这个问题,有人可以帮助我们吗?

由于

1 个答案:

答案 0 :(得分:0)

根据wget

$ wget https://homologacao.nfe.fazenda.sp.gov.br/ws/nfeautorizacao.asmx?wsdl
--2017-06-10 03:58:46--  https://homologacao.nfe.fazenda.sp.gov.br/ws/nfeautorizacao.asmx?wsdl
Resolving homologacao.nfe.fazenda.sp.gov.br (homologacao.nfe.fazenda.sp.gov.br)... 201.55.62.10
Connecting to homologacao.nfe.fazenda.sp.gov.br (homologacao.nfe.fazenda.sp.gov.br)|201.55.62.10|:443... connected.
ERROR: The certificate of ‘homologacao.nfe.fazenda.sp.gov.br’ is not trusted.
ERROR: The certificate of ‘homologacao.nfe.fazenda.sp.gov.br’ hasn't got a known issuer.
ERROR: The certificate of ‘homologacao.nfe.fazenda.sp.gov.br’ was signed using an insecure algorithm.

根据openssl x509,您需要信任此证书(或其中一个发行人):

$ openssl s_client -connect homologacao.nfe.fazenda.sp.gov.br:443 -tls1 -servername homologacao.nfe.fazenda.sp.gov.br | openssl x509 -text -noout
depth=2 C = BR, O = ICP-Brasil, OU = Autoridade Certificadora Raiz Brasileira v2, CN = AC Secretaria da Receita Federal do Brasil v3
verify error:num=20:unable to get local issuer certificate
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:1e:eb:ed:b4:dd:f7:00:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=BR, O=ICP-Brasil, OU=Secretaria da Receita Federal do Brasil - RFB, CN=AC Imprensa Oficial SP RFB G4
        Validity
            Not Before: Sep 30 18:11:13 2016 GMT
            Not After : Sep 30 18:11:13 2017 GMT
        Subject: C=BR, O=ICP-Brasil, ST=SP, L=Sao Paulo, OU=Secretaria da Receita Federal do Brasil - RFB, OU=RFB e-Servidor A1, OU=AR IMPRENSA OFICIAL, CN=homologacao.nfe.fazenda.sp.gov.br
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d3:27:0b:cc:79:17:39:6f:ef:ae:13:ec:98:df:
                    0e:ff:04:1f:ee:96:e8:44:f5:79:2b:34:b3:ce:c9:
                    2d:29:c8:d1:a4:cb:fa:8c:b1:41:bb:16:45:e4:f7:
                    50:51:06:00:2d:da:4e:75:a3:c4:f5:19:b5:67:23:
                    cc:58:a5:49:de:54:17:67:5c:cd:fe:1a:56:24:12:
                    72:96:77:80:a9:9c:0a:0a:f3:d5:c3:51:7a:6f:1f:
                    c8:27:83:2d:07:dc:68:1a:d2:da:50:ca:ca:07:fc:
                    7b:11:bc:fd:a9:99:1a:6b:14:19:5c:b3:66:a6:02:
                    16:b1:83:d3:d7:4b:a7:dc:9f:6a:0a:e2:67:bd:84:
                    2f:85:a4:13:45:8a:c6:ef:1b:54:75:06:43:11:e3:
                    9b:a7:0c:ed:37:e5:5a:09:47:11:21:3d:1a:0d:93:
                    0e:89:a6:eb:e7:75:0a:8e:71:54:85:6f:ef:0e:82:
                    bc:5d:98:31:c7:02:2e:58:6f:c5:1d:ef:42:6c:fd:
                    2e:eb:09:38:ad:22:2e:f5:42:3e:57:69:0b:8a:fb:
                    c7:af:24:88:8d:8d:2c:5d:fc:ed:c0:36:62:89:71:
                    fd:b6:cd:d5:bd:60:87:ff:af:52:2d:61:70:36:b9:
                    12:2c:3a:cc:56:a3:6b:f8:46:90:09:3b:06:92:88:
                    a0:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment
            Authority Information Access:
                OCSP - URI:http://io-ocsp-icpbr.imprensaoficial.com.br
                CA Issuers - URI:http://io-com-icpbr.imprensaoficial.com.br/repositorio/IMESPRFB/ACIMESPRFBG4.p7b

            X509v3 Authority Key Identifier:
                keyid:7A:54:FC:CC:9D:06:8F:79:E3:0D:44:C9:EE:E5:C3:B7:4D:4D:CB:A2

            X509v3 Certificate Policies:
                Policy: 2.16.76.1.2.1.20
                  CPS: http://io-com-icpbr.imprensaoficial.com.br/repositorio/IMESPRFB

            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://io-com-icpbr.imprensaoficial.com.br/repositorio/IMESPRFB/ACIMESPRFBG4.crl

                Full Name:
                  URI:http://www.digitaltrust.com.br/repositorio/IMESPRFB/ACIMESPRFBG4.crl

                Full Name:
                  URI:http://repositorio.icpbrasil.gov.br/lcr/IMESP/ACIMESPRFBG4.crl

            X509v3 Subject Alternative Name:
                DNS:homologacao.nfe.fazenda.sp.gov.br, othername:<unsupported>, othername:<unsupported>, othername:<unsupported>, othername:<unsupported>
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication
    Signature Algorithm: sha256WithRSAEncryption
         ca:5d:c8:92:b5:73:2d:66:81:11:40:32:86:1d:57:96:f4:84:
         40:72:b9:cf:60:39:1d:c5:ff:97:03:fa:f0:e3:fe:97:c8:98:
         65:ae:ad:3e:e7:f0:66:47:43:63:9a:05:ed:79:93:f7:57:93:
         9f:32:ab:42:ca:0f:63:40:59:b5:b4:46:e3:0b:dd:bc:b7:af:
         ad:9f:5f:75:1c:09:66:e6:e8:66:15:a4:30:46:89:8f:b3:99:
         7e:67:99:b6:35:cd:78:54:b7:a3:13:56:cb:1c:81:9a:fc:33:
         64:50:ac:c2:5a:49:d1:e3:00:ec:49:3a:49:f0:80:fa:7f:f0:
         63:c4:eb:84:8e:f2:9b:29:bd:3e:e9:44:91:eb:2b:f0:83:d4:
         45:7b:0e:c1:5e:c1:e0:e8:c9:68:52:c9:6b:7c:4a:c3:33:67:
         d8:e9:73:ba:51:ad:60:47:e7:15:18:af:7d:52:9a:12:26:73:
         0e:1e:ad:b1:ee:4e:c9:9b:db:5d:ba:16:8e:57:99:a6:84:52:
         8b:bf:b3:de:b0:a0:dc:5c:5d:2c:eb:77:09:5c:e7:ef:8b:7f:
         3d:fa:cc:8c:76:6f:27:5b:b9:ff:4e:a0:c1:a4:96:28:15:4f:
         c1:4c:09:25:7e:c9:f6:ee:6c:05:7d:ad:76:98:dc:f1:92:9f:
         87:12:26:e2:93:d5:a2:bf:93:c0:13:36:7f:43:d4:4b:c0:1d:
         d9:7f:8b:d8:71:35:8c:74:68:fa:bd:7e:b4:b7:86:96:20:e9:
         26:56:8c:80:4c:0d:74:5d:4a:52:aa:7d:71:99:62:a8:b9:6f:
         78:f2:2a:dc:41:ae:cb:ef:06:84:a8:2c:2d:9b:70:60:b3:cf:
         58:1c:bf:82:3f:68:fd:10:db:26:50:d6:c1:c7:d2:7f:1a:15:
         c5:3f:86:92:3c:e3:7d:e1:7d:9d:89:54:c1:df:66:95:9d:e7:
         87:27:39:58:66:14:3e:de:44:9b:0b:64:57:80:df:59:0f:04:
         9d:60:92:0d:c9:77:f5:1d:95:1c:fb:14:60:55:e2:e5:74:38:
         28:b3:d4:87:82:69:1e:73:17:01:0b:b9:e6:cc:01:1c:04:1b:
         ee:f9:4b:9c:89:54:4e:92:e4:9d:45:ae:c2:55:93:53:16:be:
         3c:7c:70:b4:81:30:21:e2:25:7a:bc:b5:5a:92:dd:33:90:73:
         79:66:5a:df:71:bb:50:60:36:42:f8:fd:0c:ea:d5:11:f7:d7:
         1a:6d:d8:4c:ed:61:1a:34:f5:8b:98:ee:60:51:d6:f0:c9:89:
         b3:58:96:fc:c9:44:7b:d7:9d:0b:3d:6b:6a:f5:ff:9d:f6:ad:
         f7:8f:2d:90:32:ae:16:b9

将证书(或其中一个颁发者)添加到您的信任存储区。这是服务器证书的 颁发者 openssl x509告诉你它是:

Issuer: C=BR, O=ICP-Brasil, OU=Secretaria da Receita Federal do Brasil - RFB, CN=AC Imprensa Oficial SP RFB G4

您似乎可以在www.imprensaoficial.com.br找到&#34; AC Imprensa Oficial SP RFB G4&#34; 的颁发者证书。