收到HANDSHAKE_FAILURE警报
[英]HANDSHAKE_FAILURE alert received
问题描述
I am writing a Java client (on weblogic 10.3) to invoke a secure web service. 
我正在编写一个Java客户端(在weblogic 10.3上)来调用安全的Web服务。 I have been provided with a client certificate which I have installed in cacerts, DemoIdentity.jks and DemoTrust,jks In my weblogic I have set up keystore as DemoIdentity and DemoTrust. 我已经提供了我在cacerts中安装的客户端证书,DemoIdentity.jks和DemoTrust,jks在我的weblogic中,我已经将密钥库设置为DemoIdentity和DemoTrust。 In weblogic console I have set "Two Way Client Cert Behavior:" as "Client Certs requested but not enforced". 在weblogic控制台中,我将“双向客户端证书行为:”设置为“请求但未强制执行的客户端证书”。 and for "SSL Listen Port enabled:" I have checked the checkbox. 并为“启用SSL侦听端口:”我已选中复选框。
I get the below exception while trying to access the web service: 我在尝试访问Web服务时遇到以下异常:
] FaultActor [null] Detail [<detail><bea_fault:stacktrace xmlns:bea_fault="http:
//www.bea.com/servers/wls70/webservice/fault/1.0.0">javax.net.ssl.SSLHandshakeEx
ception: [Security:090497]HANDSHAKE_FAILURE alert received from ************** Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hos
tname verification settings.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Un
known Source)
at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknow
n Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown S
ource)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Sou
rce)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65
)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
ava:158)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.
java:363)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLC
onnection.java:37)
at weblogic.wsee.connection.transport.TransportUtil.getInputStream(Trans
portUtil.java:85)
at weblogic.wsee.connection.transport.http.HTTPClientTransport.receive(H
TTPClientTransport.java:271)
at weblogic.wsee.connection.soap.SoapConnection.receive(SoapConnection.j
ava:485)
at weblogic.wsee.ws.dispatch.client.ConnectionHandler.handleResponse(Con
nectionHandler.java:179)
at weblogic.wsee.handler.HandlerIterator.handleResponse(HandlerIterator.
java:287)
at weblogic.wsee.handler.HandlerIterator.handleResponse(HandlerIterator.
java:271)
at weblogic.wsee.ws.dispatch.client.ClientDispatcher.handleResponse(Clie
ntDispatcher.java:213)
at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDisp
atcher.java:150)
at weblogic.wsee.ws.WsStub.invoke(WsStub.java:87)
at weblogic.wsee.jaxrpc.StubImpl._invoke(StubImpl.java:339)
at sips_cn_contract.PaymentService_Stub.processPaymentWebInit(Unknown So
urce)
at uk.gov.gateway.payments.SipsStartupController.handleRequest(SipsStart
upController.java:73)
at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.ha
ndle(SimpleControllerHandlerAdapter.java:45)
at org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
rServlet.java:485)
at org.springframework.web.servlet.FrameworkServlet.serviceWrapper(Frame
workServlet.java:342)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServl
et.java:318)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
tyHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
a:300)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
a:183)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
n.doIt(WebAppServletContext.java:3686)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
n.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
ervletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
ontext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
ava:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
</bea_fault:stacktrace></detail>]; nested exception is:
However in firefox, i have added the certificate, and when i view the wsdl of the web service.It prompts me with the certificate and after i click ok, it renders the wsdl file for secure web service. 但是在firefox中,我添加了证书,当我查看Web服务的wsdl时,它会提示我使用证书,然后在单击“确定”后,它会呈现wsdl文件以获取安全的Web服务。 Anybody has idea what should I do to make the client working using Java? 任何人都知道如何让客户端使用Java工作?
2 个解决方案
解决方案1
13 2011-09-01 20:33:57
I think that the real problem is that Weblogic is not using standard Sun HTTPS implementation provided by JDK, but rather uses its own, as apparent on this line: 我认为真正的问题是Weblogic没有使用JDK提供的标准Sun HTTPS实现,而是使用它自己的实现,如下所示:
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
The standard Sun implementation class is called javax.net.ssl.HttpsURLConnection . 标准的Sun实现类名为javax.net.ssl.HttpsURLConnection 。
As a result, the certificate policy is different inside Weblogic than in a standalone Java program. 因此,Weblogic中的证书策略与独立Java程序中的证书策略不同。 I just discovered this debugging a similar problem. 我刚刚发现这个调试类似的问题。
This page advises to use a Sun implementation instead of Weblogic: http://webtech-kapil.blogspot.com/2010/06/javalangclasscastexception.html 此页面建议使用Sun实现而不是Weblogic: http : //webtech-kapil.blogspot.com/2010/06/javalangclasscastexception.html
They advice to start WL with the following flag: 他们建议用以下标志启动WL:
-DUseSunHttpHandler=true
which will use standard Sun's implementation of SSL. 这将使用标准的Sun的SSL实现。 However, I personally have not tried this yet. 但是,我个人还没有尝试过这个。
Thanks, 谢谢,
Igor 伊戈尔
解决方案2
2 已采纳 2011-08-18 18:34:31
You have likely not imported your certificate and key correctly. 您可能没有正确导入证书和密钥。 You can test your keystore by adding the following to a JUnit or something similar: 您可以通过将以下内容添加到JUnit或类似的东西来测试您的密钥库:
static {
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12"); // or whatever
System.setProperty("javax.net.ssl.keyStore", "c:/folder/mycert.p12");
System.setProperty("javax.net.ssl.keyStorePassword", "mypassword");
System.setProperty("javax.net.debug", "ssl");
}
The javax.net.debug property set to ssl will print your certificate chain and all other SSL logging, which can be helpful. 设置为ssl的javax.net.debug属性将打印您的证书链和所有其他SSL日志记录,这可能会有所帮助。 You'll want to add the certificate, etc. to your application container like you already have in production. 您需要将证书等添加到应用程序容器中,就像您已经在生产中一样。
Try debugging with SSL and see what comes of that. 尝试使用SSL进行调试,看看会发生什么。 More than likely you just need to configure weblogic correctly. 您可能只需要正确配置weblogic。 Check to see if there are custom SSL endpoint configurations (ie when URI is /test/test use keyStore XYZ). 检查是否存在自定义SSL端点配置(即,当URI为/ test / test时使用keyStore XYZ)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.