没有可用的X509TrustManager实现[SOAP Node IIB 10]

时间:2019-04-10 07:53:04

标签: soap-client ibm-integration-bus

我正在尝试使用带有ssl ws的soap请求节点,就我而言,我将certif .cer下载到了文件夹(E:\ truststore)中,并且尝试了一些思考:

class Exam:

    # COMMENT: set a default importance of False...
    def __init__(self, day, importance=False):
        self.day = day
        self.importance = importance

    # COMMENT: since you provide the day when the object is created,
    #     use that value (ie, self.day) in the input function call
    #     and overwrite the existing self.importance value.
    def is_important(self):
        answer = input("Ìs " + self.day + " Important?")
        if answer == "True":
            self.importance = True
        elif answer == "False":
            self.importance = False

# COMMENT: When you call the Class, you can provide it with the day 
#     and immediately provide it with an importance level.

mon = Exam("Monday", True)
tue = Exam("Tuesday", False)

# COMMENT: but you also have the flexibility to call the class and accept
#     the default importance OR overwrite it later by calling the 
#     is_important() method
wed = Exam("Wednesday")
wed.is_important()

print(mon.importance)
print(tue.importance)
print(wed.importance)

但是我有这个错误:

  

文本:CHARACTER:javax.net.ssl.SSLHandshakeException:   java.security.cert.CertificateException:否X509TrustManager   可以实施

能帮我吗,谢谢

1 个答案:

答案 0 :(得分:0)

您的问题可能有多种原因,所以我将尝试在这里总结一下一切:

您用于设置密钥库的命令未指定密钥库/信任库名称。另外,在我的记忆中,您应该将其设置在BrokerRegistry上,而不是ComIbmJVMManager上(但是它可能会起作用) 有效命令的示例:

mqsichangeproperties $BROKERNAME -o BrokerRegistry -n brokerKeystoreFile -v $KEYSTORE_iib_PATH/iib.jks
mqsichangeproperties $BROKERNAME -o BrokerRegistry -n brokerTruststoreFile -v $KEYSTORE_iibTrust_PATH/iibTrust.jks
mqsisetdbparms $BROKERNAME -n brokerTruststore::password -u $KEYSTORE_USER -p $KEYSTORE_PASSWORD
mqsisetdbparms $BROKERNAME -n brokerKeystore::password -u $KEYSTORE_USER-p $KEYSTORE_PASSWORD

此外,您可能还需要针对HTTP侦听器的以下命令:

mqsichangeproperties $BROKERNAME -b httplistener -o HTTPListener -n enableSSLConnector -v true
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPSConnector -n keystoreFile -v $KEYSTORE_iib_PATH/iib.jks
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPSConnector -n truststoreFile -v $KEYSTORE_iibTrust_PATH/iibTrust.jks
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPSConnector -n keystorePass -v $KEYSTORE_PASSWORD
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPListener  -n startListener -v true

这是集成总线部分的内容。您的第二个错误(可能是最大的错误)是您不知道什么是密钥库/ trustore。将证书放入存储库中不是密钥库。 (搜索有关JKS的信息:Java密钥库)

您可以执行以下操作在Unix上生成您的信任库/密钥库:

keystoreName=iibTrust.jks
KEYSTORE_PASSWORD=123qwerty ## DO NOT USE THAT PLEASE
for certificate in `ls *.cer`;
do
    alias=`echo $certificate | rev | cut -d '.' -f 2- | rev | cut -d '_' -f2`
    keytool -importcert -file $certificate -keystore ${keystoreName}.jks -alias $alias -storepass $KEYSTORE_PASSWORD -noprompt
    if [[ $? -ne 0 ]]; then "Unable to add $certificate in keystore $keystoreName.jks";
done    
keytool -list -keystore ${keystoreName}.jks -storepass $KEYSTORE_PASSWORD

我基本上已经复制/粘贴了所有脚本以在IIB上启用SSL,因此使用所有这些信息,您应该能够使其工作。