我正在尝试建立 TLS 连接。我读到为了实现它我应该 initTLS params 并将其设置为管道。
这是一个从消费者端调用以获取 JaxWs 代理的通用方法。你能告诉我我做错了什么吗?
public static <T> T getSvc(String urlWsdl, Class<? extends Service> svcClass,
Class<T> endpointCl) {
Service service = null;
try {
final URL wsdl = new URL(urlWsdl);
service = svcClass.getConstructor(URL.class).newInstance(wsdl);
} catch (Exception ex) {}
final T endPointInterface = service.getPort(endpointCl);
initTls(ClientProxy.getClient(port));
return endPointInterface;
}
private static void initTls(final Client client) {
final HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
final TLSClientParameters tlsClientParameters = new TLSClientParameters();
try {
final KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream("path", "password");
final TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
tlsClientParameters.setTrustManagers(myTrustStoreKeyManagers);
httpConduit.setTlsClientParameters(tlsClientParameters);
} catch (Exception e) {}
}
现在我失败了,在行 (service = svcClass.getConstructor(URL.class).newInstance(wsdl);)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at .....
Caused by: javax.xml.ws.WebServiceException: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:151)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:101)
at javax.xml.ws.Service.<init>(Unknown Source)
at com.selity.service.v1.SelityService.<init>(SelityService.java:40)
... 31 more
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://somehost/SelitySvc?wsdl'.:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:263)
at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:206)
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:98)
最佳答案
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
这意味着客户端在尝试下载 WSDL 文件时不信任服务器提供的证书。该操作先于CXF客户端配置TLS
备选方案:
1) 指向本地 wsdl 文件。
File wsdlFile = new File(wsdlPath);
URL wsdl = wsdlFile.toURI().toURL();
2) 在 JVM 级别配置信任库
System.setProperty("javax.net.ssl.trustStore",pathToYourTruststore);
System.setProperty("javax.net.ssl.trustStorePassword","password");
关于java - TLS 认证。带 CXF 导管的 TLS 参数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41211883/