带有客户端证书的SSL上的Java SOAP服务
[英]Java SOAP service over SSL with client certificates
问题描述
So I've been trying to setup a Java SOAP servlet with JAX-WS and SSL. 
因此,我一直在尝试使用JAX-WS和SSL设置Java SOAP servlet。 I got the actual service running over SSL, but I need it to authenticate based on the client certificate, and right now it's accepting all connections against it. 我已经在SSL上运行了实际的服务,但是我需要它基于客户端证书进行身份验证,并且现在它正在接受针对它的所有连接。
Here's my code so far: 到目前为止,这是我的代码:
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType)
throws CertificateException {
System.out.println("yay1");
}
public void checkServerTrusted(X509Certificate[] chain,
String authType)
throws CertificateException {
System.out.println("yay2");
}
public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException("Not supported yet.");
}
};
String uri = "http://127.0.0.1:8083/SoapContext/SoapPort";
Object implementor = new Main();
Endpoint endpoint = Endpoint.create(implementor);
SSLContext ssl = SSLContext.getInstance("TLS");
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore store = KeyStore.getInstance("JKS");
store.load(new FileInputStream("serverkeystore"),"123456".toCharArray());
keyFactory.init(store, "123456".toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(store);
ssl.init(keyFactory.getKeyManagers(),
new TrustManager[] { tm }, null);
HttpsConfigurator configurator = new HttpsConfigurator(ssl);
HttpsServer httpsServer = HttpsServer.create(new InetSocketAddress(8083), 8083);
httpsServer.setHttpsConfigurator(configurator);
HttpContext httpContext = httpsServer.createContext("/SoapContext/SoapPort");
httpsServer.start();
endpoint.publish(httpContext);
And I'm testing it with this PHP code: 我正在使用以下PHP代码进行测试:
$soapClient = new SoapClient("https://localhost:8083/SoapContext/SoapPort?wsdl", array('local_cert' => "newcert.pem"));
$soapClient->add(array('i' => '1', 'j' => '2'));
Unfortunately, it errors out with this when I include the local_cert: 不幸的是,当我包含local_cert时,它会出错:
SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://localhost:8083/SoapContext/SoapPort?wsdl' : failed to load external entity "https://localhost:8083/SoapContext/SoapPort?wsdl"
It does connect successfully if I don't include local_cert, but it never calls my custom TrustManager, so it accepts all incoming connections. 如果我不包括local_cert,它确实可以成功连接,但是它从不调用我的自定义TrustManager,因此它接受所有传入的连接。
What am I doing wrong? 我究竟做错了什么? Thanks! 谢谢!
1 个解决方案
解决方案1
0 2011-11-30 22:14:44
I do not know PHP but your TrustManager in the web service is not doing any authentication. 我不知道PHP,但是您在Web服务中的TrustManager没有进行任何身份验证。
So the connection should not be rejected due to client authentication issues. 因此,不应由于客户端身份验证问题而拒绝连接。
Does the new_cert.pem you are referencing in your client, contain the private key? 您在客户端中引用的new_cert.pem是否包含私钥?
If not then this could be the problem. 如果没有,那就可能是问题所在。
I suggest you take a wireshark and see the communication. 我建议您绕线并查看通讯内容。
I suspect you will not see a rejection coming from your server. 我怀疑您不会看到来自服务器的拒绝。
The failure should be local on your client 故障应该在您的客户端上是本地的
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.