带有客户端证书的SSL上的Java SOAP服务
[英]Java SOAP service over SSL with client certificates
问题描述
因此,我一直在尝试使用JAX-WS和SSL设置Java SOAP servlet。 我已经在SSL上运行了实际的服务,但是我需要它基于客户端证书进行身份验证,并且现在它正在接受针对它的所有连接。
到目前为止,这是我的代码:
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType)
throws CertificateException {
System.out.println("yay1");
}
public void checkServerTrusted(X509Certificate[] chain,
String authType)
throws CertificateException {
System.out.println("yay2");
}
public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException("Not supported yet.");
}
};
String uri = "http://127.0.0.1:8083/SoapContext/SoapPort";
Object implementor = new Main();
Endpoint endpoint = Endpoint.create(implementor);
SSLContext ssl = SSLContext.getInstance("TLS");
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore store = KeyStore.getInstance("JKS");
store.load(new FileInputStream("serverkeystore"),"123456".toCharArray());
keyFactory.init(store, "123456".toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(store);
ssl.init(keyFactory.getKeyManagers(),
new TrustManager[] { tm }, null);
HttpsConfigurator configurator = new HttpsConfigurator(ssl);
HttpsServer httpsServer = HttpsServer.create(new InetSocketAddress(8083), 8083);
httpsServer.setHttpsConfigurator(configurator);
HttpContext httpContext = httpsServer.createContext("/SoapContext/SoapPort");
httpsServer.start();
endpoint.publish(httpContext);
我正在使用以下PHP代码进行测试:
$soapClient = new SoapClient("https://localhost:8083/SoapContext/SoapPort?wsdl", array('local_cert' => "newcert.pem"));
$soapClient->add(array('i' => '1', 'j' => '2'));
不幸的是,当我包含local_cert时,它会出错:
SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://localhost:8083/SoapContext/SoapPort?wsdl' : failed to load external entity "https://localhost:8083/SoapContext/SoapPort?wsdl"
如果我不包括local_cert,它确实可以成功连接,但是它从不调用我的自定义TrustManager,因此它接受所有传入的连接。
我究竟做错了什么? 谢谢!
1 个解决方案
解决方案1
0 2011-11-30 22:14:44
我不知道PHP,但是您在Web服务中的TrustManager没有进行任何身份验证。
因此,不应由于客户端身份验证问题而拒绝连接。
您在客户端中引用的new_cert.pem是否包含私钥?
如果没有,那就可能是问题所在。
我建议您绕线并查看通讯内容。
我怀疑您不会看到来自服务器的拒绝。
故障应该在您的客户端上是本地的
通过SSL的Java SOAP Web服务,具有基本身份验证,连接被拒绝
[英]Java SOAP web service over SSL with basic authentication, connection refused
在Java中通过HTTP Web服务在SOAP中调用Amazon S3客户端时失败
[英]Amazon S3 client fails when invoked within SOAP over HTTP web service in Java
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.