带有客户端证书的SSL SOAP服务

时间:2011-11-30 21:42:48

标签: java php soap ssl jax-ws

所以我一直在尝试使用JAX-WS和SSL设置Java SOAP servlet。我得到了通过SSL运行的实际服务,但我需要它根据客户端证书进行身份验证,现在它正在接受所有连接。

到目前为止,这是我的代码:

TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
                String authType)
                throws CertificateException {
    System.out.println("yay1");
}



public void checkServerTrusted(X509Certificate[] chain,
                String authType)
                throws CertificateException {
    System.out.println("yay2");
}

public X509Certificate[] getAcceptedIssuers() {
    throw new UnsupportedOperationException("Not supported yet.");
}
};


String uri = "http://127.0.0.1:8083/SoapContext/SoapPort";
Object implementor = new Main();

Endpoint endpoint = Endpoint.create(implementor);

SSLContext ssl = SSLContext.getInstance("TLS");

KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore store = KeyStore.getInstance("JKS");

store.load(new FileInputStream("serverkeystore"),"123456".toCharArray());

keyFactory.init(store, "123456".toCharArray());


TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

trustFactory.init(store);


ssl.init(keyFactory.getKeyManagers(),
new TrustManager[] { tm }, null);

HttpsConfigurator configurator = new HttpsConfigurator(ssl);

HttpsServer httpsServer = HttpsServer.create(new InetSocketAddress(8083), 8083);

httpsServer.setHttpsConfigurator(configurator);

HttpContext httpContext = httpsServer.createContext("/SoapContext/SoapPort");

httpsServer.start();

endpoint.publish(httpContext);

我正在用这个PHP代码测试它:

$soapClient = new SoapClient("https://localhost:8083/SoapContext/SoapPort?wsdl", array('local_cert' => "newcert.pem"));
$soapClient->add(array('i' => '1', 'j' => '2'));

不幸的是,当我包含local_cert:

时,它会出错 
SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://localhost:8083/SoapContext/SoapPort?wsdl' : failed to load external entity "https://localhost:8083/SoapContext/SoapPort?wsdl"

如果我不包含local_cert,它会成功连接,但它从不调用我的自定义TrustManager,因此它接受所有传入连接。

我做错了什么?谢谢!

1 个答案:

答案 0 :(得分:0)

知道PHP,但您在网络服务中的TrustManager没有进行任何身份验证。
因此,由于客户端身份验证问题,不应拒绝连接。

您在客户端中引用的new_cert.pem是否包含私钥?
如果没有那么这可能是问题所在。

我建议你带上一个wirehark,看看沟通 我怀疑你不会看到来自你服务器的拒绝。

失败应该在您的客户端本地

相关问题
最新问题