我正在编写一个 Java SOAP 客户端,以使用 SSL 身份验证通过 HTTPS 连接到 SOAP 网络服务。我有一个 keyStore 和一个 trustStore 来进行 SSL 身份验证。我使用 javax 来实现客户端。
我使用以下方法设置证书(keyStore、trustStore):
System.setProperty("javax.net.ssl.keyStore",configuration.getProperty("***"));
System.setProperty("javax.net.ssl.keyStorePassword", configuration.getProperty("***"));
System.setProperty("javax.net.ssl.keyStoreType", configuration.getProperty("***"));
System.setProperty("javax.net.ssl.trustStore",configuration.getProperty("***"));
System.setProperty("javax.net.ssl.trustStorePassword", configuration.getProperty("***"));
System.setProperty("javax.net.ssl.trustStoreType", configuration.getProperty("***"));
建立 SOAP 连接的代码:
HttpsURLConnection httpsConnection = null;
SSLContext sslContext = SSLContext.getInstance("SSL");
TrustManager[] trustAll = new TrustManager[] {new TrustAllCertificates()};
sslContext.init(null, trustAll, new java.security.SecureRandom());
// Set trust all certificates context to HttpsURLConnection
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
// Open HTTPS connection
URL urlUrl = new URL(url);
httpsConnection = (HttpsURLConnection) urlUrl.openConnection();
// Trust all hosts
httpsConnection.setHostnameVerifier(new TrustAllHosts());
// Connect
httpsConnection.connect();
SOAPMessage soapResponse = soapConnection.call(createSOAPRequest(request), url);
soapConnection.close();
httpsConnection.disconnect();
当我尝试连接时,出现以下错误:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
我已经使用 curl 连接测试了证书(和密码)并且它有效。问题并非来自 keyStore 和 trustStore。
我认为我的应用程序(javax?)在连接期间没有使用证书。有什么想法吗?
最佳答案
看起来你做了双重工作,最后忽略了你的系统属性。当您为信任/ key 存储设置系统属性时 - 您不需要使用所有 SSLContext、TrustManager、HostVerifier 东西。 就像使用简单的 HTTP 一样,不用关心。
URL urlUrl = new URL(url);
// all of those connections work since they are interfaces. Implementation is HTTPS of course
HttpsURLConnection httpsConnection = (HttpsURLConnection) urlUrl.openConnection();
HttpURLConnection httpConnection = (HttpURLConnection) urlUrl.openConnection();
URLConnection urlConnection = urlUrl.openConnection();
关于具有 SSL 身份验证的 Java SOAP 客户端 : bad certificate,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41041039/