不带https方案的带有.key和.cer的HTTP请求
[英]HTTP Request with .key and .cer without https scheme
问题描述
I am developing a java client where I need to send some soap xml to server. 
我正在开发一个Java客户端,我需要在其中发送一些soap xml到服务器。 Server is running on http scheme but it requires request to be encrypted as is there in case of https. 服务器运行在http方案上,但是它要求对请求进行加密,就像使用https一样。 I have generated .cer and .key files on my server and same has been imported on server side as well. 我已经在服务器上生成了.cer和.key文件,并且这些文件也已经在服务器端导入了。 Now when I tries to execute below command to send request to server, it is not working. 现在,当我尝试执行以下命令向服务器发送请求时,它不起作用。
My soap xml is there in text.txt 我的soap xml在text.txt中
curl -vX POST -d @test.txt http://test.com:98/wcflib-tc/service.svc
--header "Content-Type:application/soap+xml; charset=utf-8;"
--cert /myserver/certs/server.crt
--key /myserver/certs/server.key
* About to connect() to test.com port 98 (#0)
* Trying 172.27.655.65... connected
* Connected to test.com (172.27.655.65) port 98 (#0)
> POST /wcflib-tc/service.svc HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: test.com:98
> Accept: */*
> Content-Type:application/soap+xml; charset=utf-8;
> Content-Length: 962
>
< HTTP/1.1 500 Internal Server Error
< Content-Type: application/soap+xml; charset=utf-8
< Server: Microsoft-IIS/7.0
< X-Powered-By: Programmer's tears
< Date: Mon, 18 Nov 2013 05:26:18 GMT
< Content-Length: 576
<
* Connection #0 to host test.com left intact
* Closing connection #0
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header><a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action></s:Header>
<s:Body><s:Fault><s:Code><s:Value>s:Sender</s:Value>
<s:Subcode><s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
a:InvalidSecurity</s:Value></s:Subcode></s:Code>
<s:Reason><s:Text xml:lang="en-US">
An error occurred when verifying security
for the message.</s:Text></s:Reason>
Please let me know the solution. 请让我知道解决方案。 Otherwise let me know how to handle http request with .key and .cer file using any java api. 否则让我知道如何使用任何Java API使用.key和.cer文件处理http请求。
1 个解决方案
解决方案1
0 已采纳 2013-11-21 19:31:21
The clue is in http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd - you need to use WS-Security. 线索位于http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd -您需要使用WS-Security。 Bore yourself to tears reading the specs here https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss 在这里阅读规格会让您流泪, 请https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.