我在通过https实现客户端到wcf服务(在IIS上运行)时遇到问题,客户端应该由证书识别。
如果客户端在C#中实现 - 它工作正常。但是如果尝试在java中实现它,我会有一些soapfaultexception。
我的步骤是: 1.通过不安全的wsdl生成所有需要的实体
获取证书以识别我的并将其添加到密钥库:
“C:\ Program Files \ Java \ jre7 \ bin \ keytool.exe”-importkeystore -srckeystore STSTestCert.pfx -srcstoretype PKCS12 -srcstorepass STSTestCert -deststorepass STSTestCert -destkeystore STSTestCert.jks
从服务器获取证书(通过浏览器)并将其添加到信任库:
“C:\ Program Files \ Java \ jre7 \ bin \ keytool.exe”-import -alias ststrust -file DEVWEB01.dev.qns.local.cer -destkeystore STSTestCert.jks
运行java应用程序:
“java -Djava.protocol.handler.pkgs = com.sun.net.ssl.internal.www.protocol - Djavax.net.debug = ssl -Djavax.net.ssl.trustStore = STSTestCert.jks -Djavax。 net.ssl.trustStorePassword = STSTestCert -Djavax.net.ssl.keyStore = STSTestCert.jks -Djavax.net.ssl.keyStorePassword = STSTestCert -jar QuanisTest.jar https://XXX/XXX?wsdl“
我得到以下日志:
C:\Users\1\workspace\wsfexample\target>java -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -Djavax.net.debug=ssl -Djavax.net.ssl.trustStore=STSTestCert.jks -Djavax.net.ssl.trustStorePassword=STSTestCert -Djavax.net.ssl.keyStore=STSTestCert.jks -Djavax.net.ssl.keyStorePassword=STSTestCert -jar QuanisTest.jar https://XXX/XXX?wsdl
keyStore is : STSTestCert.jks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : ststestcert42d35222-95bb-4742-903b-b937c8d8799c
chain [0] = [
[
Version: V3
Subject: CN=STSTestCert
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 22968449806216710225497752109144878755673370049706550982038300678457357704947360314420538479370135402838232182690844484242628097129341692104140791435633221995214474484611109065339123593363421151991982869173035908895259027546127016671318511742131083747850409847716404435591004194757800222863577805104264933184015790099155606705832788529239312770261387589330421003086069991143116616048171938464442870190252229326206691209916229206809213249289351250819136425144878419918456807600891460332482275409728702056197072576033137510107386677977972112857357731917695194403001057957886262992664403571789554744227741153856152913439
public exponent: 65537
Validity: [From: Fri May 06 13:23:26 EEST 2011,
To: Sat May 05 19:23:26 EEST 2012]
Issuer: CN=STSTestCert
SerialNumber: [ 7d5c807d c7c059b3 45ff03f8 60162db9]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A6 AA 21 FF 43 6E 90 CB 2A 1F 5D 90 DF EC 79 A5 ..!.Cn..*.]...y.
0010: 3B CD 8A 7D ;...
]
]
[2]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 4E 38 10 74 2A 9B 88 12 C9 DE F4 ED 67 95 70 6D N8.t*.......g.pm
0010: 2E 65 56 E9 67 43 5F B8 A6 64 11 97 81 AF 95 29 .eV.gC_..d.....)
0020: EF DF 92 EE B4 34 FE FF 8C 65 D1 03 EA 68 E3 01 .....4...e...h..
0030: DA 80 DE D6 60 34 C4 DE CD 66 DD E2 3A 2D B5 BA ....`4...f..:-..
0040: C0 E9 21 42 F2 25 92 9D 5E BA 23 54 25 04 97 9D ..!B.%..^.#T%...
0050: 59 76 E2 33 AC 03 90 88 9E 36 71 04 75 DD 7E F0 Yv.3.....6q.u...
0060: 82 75 3B CB 18 CE BE FD D9 AD F5 5D A1 F7 C1 17 .u;........]....
0070: 2C AD FA 6A C4 EC FE BE 9D A1 FC 0D 14 C2 90 75 ,..j...........u
0080: 71 0D 37 B1 01 4B 6A DA 9C B1 AE 71 56 5A 65 4C q.7..Kj....qVZeL
0090: 7F 0A F1 21 A4 7A 12 E6 80 AF 37 A7 92 84 14 C0 ...!.z....7.....
00A0: F7 C6 02 E4 79 CA 09 1B 91 A5 DF C8 FA BC D1 55 ....y..........U
00B0: 23 1A 1E CE 5D 19 86 13 83 F2 63 F2 B4 B3 E8 2A #...].....c....*
00C0: D7 FB 08 29 BD 9A 8A CF 7C 50 48 45 D4 78 F2 AC ...).....PHE.x..
00D0: C3 0D 4A 8A 7D 09 71 5F C0 DA FD 19 56 9C 76 69 ..J...q_....V.vi
00E0: 5B B5 62 14 F0 F7 D8 AA 06 7B 93 82 FA 68 2A E4 [.b..........h*.
00F0: 61 F2 68 E8 A6 C9 35 49 CE ED A0 45 12 19 AF FD a.h...5I...E....
]
***
trustStore is: STSTestCert.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=DEVWEB01.dev.qns.local
Issuer: CN=Quanis02, DC=qns, DC=local
Algorithm: RSA; Serial number: 0x526f1800000100000bf5
Valid from Mon Feb 06 17:25:02 EET 2012 until Tue Feb 05 17:25:02 EET 2013
adding as trusted cert:
Subject: CN=STSTestCert
Issuer: CN=STSTestCert
Algorithm: RSA; Serial number: 0x7d5c807dc7c059b345ff03f860162db9
Valid from Fri May 06 13:23:26 EEST 2011 until Sat May 05 19:23:26 EEST 2012
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1332157371 bytes = { 63, 18, 25, 165, 142, 14, 244, 1, 14, 227, 50, 29, 78, 35, 156, 115, 191, 74, 174, 193, 209, 185, 147, 7, 127, 71, 106, 211 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 75
main, WRITE: SSLv2 client hello message, length = 101
main, READ: TLSv1 Handshake, length = 1669
*** ServerHello, TLSv1
RandomCookie: GMT: 1332157370 bytes = { 81, 138, 253, 187, 72, 162, 134, 221, 201, 198, 164, 174, 32, 82, 109, 245, 193, 253, 168, 204, 215, 75, 59, 113, 201, 1, 129, 13 }
Session ID: {103, 11, 0, 0, 210, 24, 89, 173, 235, 231, 153, 201, 209, 49, 14, 218, 226, 97, 83, 240, 16, 87, 171, 51, 79, 1, 61, 167, 86, 172, 5, 120}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Created: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=DEVWEB01.dev.qns.local
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 29424055442845100182950951585266127271921631119207852754022075382787715172423620759537480268531045831954620744099925778194145634066616862948861198661434224521747367480278853560135499066656353446473559007565450005358532786609676496384676754155589981649336076267751671656823332565466578060186500487885045277359237588131927310598032787808691595385530991095301637928904893952834743639035619583227127919434683665665359351285689260454499341943979506916974721470673454442099937197908223853100048736048404871663325953313860300437264643072804179816474287746350000127287179889675938899658794833379770139642801001487662781678747
public exponent: 65537
Validity: [From: Mon Feb 06 17:25:02 EET 2012,
To: Tue Feb 05 17:25:02 EET 2013]
Issuer: CN=Quanis02, DC=qns, DC=local
SerialNumber: [ 526f1800 00010000 0bf5]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 10 1E 0E 00 4D 00 61 00 63 00 68 00 69 00 6E .....M.a.c.h.i.n
0010: 00 65 .e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D4 C3 AA 32 8C 6B BA AB 41 E7 AB E1 3B C7 B0 84 ...2.k..A...;...
0010: 05 8E 12 54 ...T
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 33 42 69 EB 41 93 C7 C5 99 60 B7 AF E8 B2 DF 56 3Bi.A....`.....V
0010: 3A 0F C9 71 :..q
]
]
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: DEVWEB01.dev.qns.local
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap:///CN=Quanis02(1),CN=PQNSOPS02,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=qns,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint]
]]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
[8]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: ldap:///CN=Quanis02,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=qns,DC=local?cACertificate?base?objectClass=certificationAuthority]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 8B 1F CD E4 58 C9 C3 38 E3 09 07 6A E0 C1 06 EA ....X..8...j....
0010: 48 F9 69 A2 B7 4F 58 2F 5E AD 32 38 EA 2C BD 03 H.i..OX/^.28.,..
0020: C8 28 CD 66 6B 1C AE 83 97 E7 C5 C9 6E 8B 5F C5 .(.fk.......n._.
0030: 63 E6 53 A8 41 76 BF 64 C4 B4 F3 2F B9 29 B9 65 c.S.Av.d.../.).e
0040: 9B F8 11 C0 DA 59 83 30 5C A5 5C 99 29 9A 96 CD .....Y.0\.\.)...
0050: 9A B1 40 58 97 EF BC 06 98 FB 6D 00 48 25 21 FA ..@X......m.H%!.
0060: 97 FC BD E1 68 4C 00 A6 21 77 F1 EC 77 72 A6 AC ....hL..!w..wr..
0070: 75 F0 56 9F CA 2A 12 67 CC 74 E2 85 A1 20 6F 6F u.V..*.g.t... oo
0080: 1B AE 98 52 AD 92 6E AB 33 58 25 71 BD 79 53 8D ...R..n.3X%q.yS.
0090: C9 87 32 8B AC 49 B8 59 42 31 F4 BB DD AE CE B6 ..2..I.YB1......
00A0: AE A4 42 46 53 9D FD EE 4F F3 1F 81 26 A6 42 20 ..BFS...O...&.B
00B0: 25 98 00 0F 4B 66 0E A6 0F 6C 0C 39 4F D6 ED C4 %...Kf...l.9O...
00C0: 54 CD 30 A1 83 1C 7A 39 C9 C6 77 F5 84 DB 43 9F T.0...z9..w...C.
00D0: 45 41 88 06 75 EF 84 46 21 B6 01 DE 0D 42 40 63 EA..u..F!....B@c
00E0: 90 8B 6B 86 02 F8 5B 2F FE 68 AC 6E 0B 8A EF 0A ..k...[/.h.n....
00F0: 24 CA 89 0F 40 86 6E 06 B7 02 B9 4E 65 35 63 D9 $...@.n....Ne5c.
0100: 9E CC E3 9D 56 D0 FF F7 3E B9 31 D2 5B D8 A1 F3 ....V...>.1.[...
0110: 96 98 88 49 B6 1E 09 FE 30 68 9C 5E 8D F2 49 95 ...I....0h.^..I.
0120: 85 E1 76 8F B1 0A ED 37 56 2F 1F 0F 23 B2 FD B6 ..v....7V/..#...
0130: 1D 42 C3 DA 61 D3 E3 FF 12 73 7A BF FC 34 39 BD .B..a....sz..49.
0140: E0 F2 4B 84 05 1E 17 53 2F D7 74 DC EB 6D 34 5E ..K....S/.t..m4^
0150: 53 E7 C5 0B A5 36 F1 E0 A9 18 D7 A5 28 09 8D E7 S....6......(...
0160: 0C AD 7E F9 1A BB B7 DB 91 59 CF A9 54 68 88 C9 .........Y..Th..
0170: 28 8B 03 63 7F 8B D1 44 3B 9E 86 09 4E BC EC 2C (..c...D;...N..,
0180: 56 2F D4 BA F9 7D 4C 30 E7 A9 B0 16 FD E2 47 70 V/....L0......Gp
0190: B8 01 42 FF 93 DF 9D 6E 53 1D B4 B0 C4 5E 33 63 ..B....nS....^3c
01A0: 4A 0C 89 E6 64 29 F2 91 12 D3 64 67 4E E1 C6 61 J...d)....dgN..a
01B0: D8 49 9B C5 54 3F 90 58 49 78 F3 21 A5 DF 9A 5A .I..T?.XIx.!...Z
01C0: 06 BD FD A6 B4 91 DD 35 CD D6 FF 2F B4 BC FB 17 .......5.../....
01D0: A6 AB 34 17 38 CD 31 76 B3 A0 36 0E CD 60 EB 7E ..4.8.1v..6..`..
01E0: 72 2C 13 27 B5 D7 8F D0 F4 EE CB CF 07 FB CD A7 r,.'............
01F0: EA 25 86 02 A4 45 87 2C 4F CD 0A 75 EB 14 1C 54 .%...E.,O..u...T
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=DEVWEB01.dev.qns.local
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 29424055442845100182950951585266127271921631119207852754022075382787715172423620759537480268531045831954620744099925778194145634066616862948861198661434224521747367480278853560135499066656353446473559007565450005358532786609676496384676754155589981649336076267751671656823332565466578060186500487885045277359237588131927310598032787808691595385530991095301637928904893952834743639035619583227127919434683665665359351285689260454499341943979506916974721470673454442099937197908223853100048736048404871663325953313860300437264643072804179816474287746350000127287179889675938899658794833379770139642801001487662781678747
public exponent: 65537
Validity: [From: Mon Feb 06 17:25:02 EET 2012,
To: Tue Feb 05 17:25:02 EET 2013]
Issuer: CN=Quanis02, DC=qns, DC=local
SerialNumber: [ 526f1800 00010000 0bf5]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 10 1E 0E 00 4D 00 61 00 63 00 68 00 69 00 6E .....M.a.c.h.i.n
0010: 00 65 .e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D4 C3 AA 32 8C 6B BA AB 41 E7 AB E1 3B C7 B0 84 ...2.k..A...;...
0010: 05 8E 12 54 ...T
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 33 42 69 EB 41 93 C7 C5 99 60 B7 AF E8 B2 DF 56 3Bi.A....`.....V
0010: 3A 0F C9 71 :..q
]
]
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: DEVWEB01.dev.qns.local
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap:///CN=Quanis02(1),CN=PQNSOPS02,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=qns,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint]
]]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
[8]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: ldap:///CN=Quanis02,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=qns,DC=local?cACertificate?base?objectClass=certificationAuthority]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 8B 1F CD E4 58 C9 C3 38 E3 09 07 6A E0 C1 06 EA ....X..8...j....
0010: 48 F9 69 A2 B7 4F 58 2F 5E AD 32 38 EA 2C BD 03 H.i..OX/^.28.,..
0020: C8 28 CD 66 6B 1C AE 83 97 E7 C5 C9 6E 8B 5F C5 .(.fk.......n._.
0030: 63 E6 53 A8 41 76 BF 64 C4 B4 F3 2F B9 29 B9 65 c.S.Av.d.../.).e
0040: 9B F8 11 C0 DA 59 83 30 5C A5 5C 99 29 9A 96 CD .....Y.0\.\.)...
0050: 9A B1 40 58 97 EF BC 06 98 FB 6D 00 48 25 21 FA ..@X......m.H%!.
0060: 97 FC BD E1 68 4C 00 A6 21 77 F1 EC 77 72 A6 AC ....hL..!w..wr..
0070: 75 F0 56 9F CA 2A 12 67 CC 74 E2 85 A1 20 6F 6F u.V..*.g.t... oo
0080: 1B AE 98 52 AD 92 6E AB 33 58 25 71 BD 79 53 8D ...R..n.3X%q.yS.
0090: C9 87 32 8B AC 49 B8 59 42 31 F4 BB DD AE CE B6 ..2..I.YB1......
00A0: AE A4 42 46 53 9D FD EE 4F F3 1F 81 26 A6 42 20 ..BFS...O...&.B
00B0: 25 98 00 0F 4B 66 0E A6 0F 6C 0C 39 4F D6 ED C4 %...Kf...l.9O...
00C0: 54 CD 30 A1 83 1C 7A 39 C9 C6 77 F5 84 DB 43 9F T.0...z9..w...C.
00D0: 45 41 88 06 75 EF 84 46 21 B6 01 DE 0D 42 40 63 EA..u..F!....B@c
00E0: 90 8B 6B 86 02 F8 5B 2F FE 68 AC 6E 0B 8A EF 0A ..k...[/.h.n....
00F0: 24 CA 89 0F 40 86 6E 06 B7 02 B9 4E 65 35 63 D9 $...@.n....Ne5c.
0100: 9E CC E3 9D 56 D0 FF F7 3E B9 31 D2 5B D8 A1 F3 ....V...>.1.[...
0110: 96 98 88 49 B6 1E 09 FE 30 68 9C 5E 8D F2 49 95 ...I....0h.^..I.
0120: 85 E1 76 8F B1 0A ED 37 56 2F 1F 0F 23 B2 FD B6 ..v....7V/..#...
0130: 1D 42 C3 DA 61 D3 E3 FF 12 73 7A BF FC 34 39 BD .B..a....sz..49.
0140: E0 F2 4B 84 05 1E 17 53 2F D7 74 DC EB 6D 34 5E ..K....S/.t..m4^
0150: 53 E7 C5 0B A5 36 F1 E0 A9 18 D7 A5 28 09 8D E7 S....6......(...
0160: 0C AD 7E F9 1A BB B7 DB 91 59 CF A9 54 68 88 C9 .........Y..Th..
0170: 28 8B 03 63 7F 8B D1 44 3B 9E 86 09 4E BC EC 2C (..c...D;...N..,
0180: 56 2F D4 BA F9 7D 4C 30 E7 A9 B0 16 FD E2 47 70 V/....L0......Gp
0190: B8 01 42 FF 93 DF 9D 6E 53 1D B4 B0 C4 5E 33 63 ..B....nS....^3c
01A0: 4A 0C 89 E6 64 29 F2 91 12 D3 64 67 4E E1 C6 61 J...d)....dgN..a
01B0: D8 49 9B C5 54 3F 90 58 49 78 F3 21 A5 DF 9A 5A .I..T?.XIx.!...Z
01C0: 06 BD FD A6 B4 91 DD 35 CD D6 FF 2F B4 BC FB 17 .......5.../....
01D0: A6 AB 34 17 38 CD 31 76 B3 A0 36 0E CD 60 EB 7E ..4.8.1v..6..`..
01E0: 72 2C 13 27 B5 D7 8F D0 F4 EE CB CF 07 FB CD A7 r,.'............
01F0: EA 25 86 02 A4 45 87 2C 4F CD 0A 75 EB 14 1C 54 .%...E.,O..u...T
]
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 95 32 FD BD 0B E5 D2 FA AC 15 86 35 D4 BD ...2.........5..
0010: BB 1E E8 6D D9 D7 70 EE 02 C5 DC 53 0F 88 BA 12 ...m..p....S....
0020: AD FB B4 3A 35 42 AC 49 95 84 03 7C 4B 0E CC C3 ...:5B.I....K...
CONNECTION KEYGEN:
Client Nonce:
0000: 4F 67 1C BB 3F 12 19 A5 8E 0E F4 01 0E E3 32 1D Og..?.........2.
0010: 4E 23 9C 73 BF 4A AE C1 D1 B9 93 07 7F 47 6A D3 N#.s.J.......Gj.
Server Nonce:
0000: 4F 67 1C BA 51 8A FD BB 48 A2 86 DD C9 C6 A4 AE Og..Q...H.......
0010: 20 52 6D F5 C1 FD A8 CC D7 4B 3B 71 C9 01 81 0D Rm......K;q....
Master Secret:
0000: 7E 34 BF B9 97 0A 35 F0 77 82 74 73 A3 6A 07 6E .4....5.w.ts.j.n
0010: C4 A4 27 1B B9 D1 CF AF 6E B7 B0 44 65 B8 68 42 ..'.....n..De.hB
0020: C2 3E 49 AC 41 8C C9 F5 2F CD D7 4B 75 F0 87 29 .>I.A.../..Ku..)
Client MAC write Secret:
0000: B2 95 83 C5 E2 4A E9 9E E5 26 C2 06 91 3E 8F F0 .....J...&...>..
0010: 45 F3 E4 CB E...
Server MAC write Secret:
0000: 16 74 51 FF CC CA 63 18 39 73 DE C8 B6 13 2F BC .tQ...c.9s..../.
0010: 2A B9 2A 2E *.*.
Client write key:
0000: 3C D6 E6 52 BF 30 A0 55 3B F6 E7 3B 78 D2 EB 6B <..R.0.U;..;x..k
Server write key:
0000: D1 38 E1 71 00 B7 0F 50 63 7C E5 BC 1F 5F D7 88 .8.q...Pc...._..
Client write IV:
0000: 05 F6 FA 67 FA 81 33 7C 5B C0 67 4E 78 C9 13 25 ...g..3.[.gNx..%
Server write IV:
0000: DF 93 0A 93 C4 CA 14 83 88 F4 2C 33 16 F1 CA 74 ..........,3...t
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 57, 204, 166, 68, 236, 32, 196, 129, 218, 56, 112, 168 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data: { 54, 177, 61, 73, 91, 252, 28, 165, 103, 97, 17, 35 }
***
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
main, WRITE: TLSv1 Application Data, length = 240
main, READ: TLSv1 Application Data, length = 1936
main, WRITE: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 240
main, READ: TLSv1 Application Data, length = 7104
main, WRITE: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 240
main, READ: TLSv1 Application Data, length = 3344
connection established
service connected
java.xml.ws.soap.SOAPFaultException: an error occured when verifying security for the message.
at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke
at $Proxy36.getVersion
at Main(Main.java:57)
我的java代码是:
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;
import javax.xml.namespace.QName;
public class Main{
private static final String SERVICE_NAME_STR = ...;
private static final QName SERVICE_QNAME = ...
URL wsdlURL = null;
try {
wsdlURL = new URL(args[0]);
System.out.println("using url " + wsdlURL);
NucluesIntakeService ns = new NucluesIntakeService(wsdlURL,
SERVICE_QNAME);
System.out.println("connection established");
INucluesIntakeService service = ns
.getBasicHttpBindingINucluesIntakeService();
System.out.println("service connected");
System.out.println("\nservice version is " + service.getVersion());
} catch (Exception e) {
e.printStackTrace();
}
我还尝试将这些证书添加到java默认密钥库中,但没有成功。
这是wsdl:
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:i0="http://matterhorn.quanis.com/bindings" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" name="NucluesIntakeService" targetNamespace="http://tempuri.org/">
<wsdl:import namespace="http://matterhorn.quanis.com/bindings" location="https://XXX/XXX?wsdl=wsdl1"/>
<wsdl:types/>
<wsdl:service name="NucluesIntakeService">
<wsdl:port name="BasicHttpBinding_INucluesIntakeService" binding="i0:BasicHttpBinding_INucluesIntakeService">
<soap:address location="http://XXX/XXX/NucluesIntakeService.svc/message"/>
</wsdl:port>
<wsdl:port name="BasicHttpBinding_INucluesIntakeService1" binding="i0:BasicHttpBinding_INucluesIntakeService1">
<soap:address location="https://XXX/XXX/NucluesIntakeService.svc/message"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
由于