![](/img/trans.png)
[英]Can communicate a certificate issued by a CA (client) with a certificate Self Signed (server)?
[英]WCF Java client to communicate with a server with wsHttpBinding signed with certificate
我需要在Java中創建一個WCF客戶端,它應該與WCF服務器通信,該服務器使用帶有wsHttpBinding和證書的消息安全性。 目前我只需要簽署消息(因此不需要加密)。 我設法創建一個Java客戶端,以便在沒有實現消息安全性時與服務器通信,即沒有涉及的證書。 我不知道如何告訴客戶端使用哪個證書,但我能夠為Java設置密鑰庫和信任庫。 以下是我執行的步驟,
創建服務:首先,我在Visual Studio中創建了一個WCF服務器。 這是wsHttpBinding
<bindings>
<wsHttpBinding>
<binding name ="wsMessage">
<security mode ="Message">
<message clientCredentialType ="None" negotiateServiceCredential="true"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
使用以下行為配置對服務進行簽名:
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="False"/>
<serviceDebug includeExceptionDetailInFaults="False" />
<serviceCredentials>
<serviceCertificate findValue="mySubjectName" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
然后將該服務部署到Azure。 當我在Visual Studio中創建Web服務客戶端時,一切正常,因此服務本身應該沒有任何問題。
創建客戶端:
1)從以下鏡像下載的Incubator Netbeans二進制文件https://www.apache.org/dyn/closer.cgi/incubator/netbeans/incubating-netbeans/incubating-11.0/incubating-netbeans-11.0-bin.zip
2)我解壓縮所有文件3)將jdk版本更改為1.8,如下所述: 如何設置JDK Netbeans運行? 4)通過incubating-netbeans-11.0-bin \\ netbeans \\ bin \\ netbeans64.exe打開Netbeans 5)通過File / New Project ... / Java Web Application /創建一個新的Web項目。 添加GlashFish服務器,選擇Java EE 7 Web。 然后完成。 6)右鍵單擊項目並選擇New / Other 7)在過濾器中輸入“Web Service Client”。 點擊下一步。 8)在WSDL URL中輸入WSDL。 9)點擊完成。
我創建了一個新的java類並添加了以下代碼:
package MyCode;
import java.io.File;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.xml.ws.BindingProvider;
public class NewClass {
public static void main(String in[]) {
System.out.println("Start");
setTrustStoreAndKeyStores();
MyService.Service1 ss = new MyService.Service1();
MyService.IService1 port = ss.getWSHttpBindingIService1();
BindingProvider bport = (BindingProvider)port;
Map<String, Object> requestContext = bport.getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "...");
int a = port.addNumbers(2, 7);
System.out.println("Result: " + a);
}
private static void setTrustStoreAndKeyStores() {
System.setProperty("javax.net.ssl.keyStore", Credentials.keystorePath);
System.setProperty("javax.net.ssl.keyStorePassword", Credentials.keystorePassword);
System.setProperty("javax.net.ssl.trustStore", Credentials.truststorePath);
System.setProperty("javax.net.ssl.trustStorePassword", Credentials.truststorePassword);
File keystore = new File(Credentials.keystorePath);
File truststore = new File(Credentials.truststorePath);
System.out.println("Keystore exists: " + keystore.exists());
System.out.println("Truststore exists: " + truststore.exists());
PrintVariable("javax.net.ssl.trustStore");
PrintVariable("javax.net.ssl.trustStorePassword");
PrintVariable("javax.net.ssl.keyStore");
PrintVariable("javax.net.ssl.keyStorePassword");
}
private static void PrintVariable(String key) {
String value = System.getProperty(key);
if (value == null) {
System.out.println(key + " is not defined");
} else {
System.out.println(key + ": " + value);
}
}
public static class Credentials {
public static String keystorePath = "C:/temp/prxyclient.jks";
public static String keystorePassword = "password";
public static String keystoreFilename = "prxyclient.jks";
public static String keystoreType = "pkcs12";
public static String keystoreAlias = "password";
public static String truststorePath = "C:/Program Files/Java/jdk1.8.0_161/jre/lib/security/cacerts";
public static String truststorePassword = "changeit";
}
}
當我運行代碼時,我得到以下輸出
Keystore exists: true
Truststore exists: true
javax.net.ssl.trustStore: C:/Program Files/Java/jdk1.8.0_161/jre/lib/security/cacerts
javax.net.ssl.trustStorePassword: changeit
javax.net.ssl.keyStore: C:/temp/prxyclient.jks
javax.net.ssl.keyStorePassword: password
隨后出現以下錯誤:
maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.misc.DefaultCallbackHandler getDefaultCertificateFromTrustStore
SEVERE: WSS1511: An Error occurred while locating PEER Entity certificate in TrustStore.
maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getCertificate
SEVERE: WSS0216: An Error occurred using CallbackHandler for : EncryptionKeyCallback.AliasX509CertificateRequest
maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getCertificate
SEVERE: WSS0217: An Error occurred using CallbackHandler handle() Method.
java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultCertificateFromTrustStore(DefaultCallbackHandler.java:1356)
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:599)
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:390)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:496)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:69)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:248)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:164)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:125)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:359)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
at com.sun.xml.ws.client.Stub.process(Stub.java:433)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
at MyCode.NewClass.main(NewClass.java:32)
maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.filter.SignatureFilter process
SEVERE: WSS1413: Error extracting certificate
com.sun.xml.wss.XWSSecurityException: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:395)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:496)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:69)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:248)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:164)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:125)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:359)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
at com.sun.xml.ws.client.Stub.process(Stub.java:433)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
at MyCode.NewClass.main(NewClass.java:32)
Caused by: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultCertificateFromTrustStore(DefaultCallbackHandler.java:1356)
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:599)
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:390)
... 25 more
maj 24, 2019 3:35:15 EM com.sun.xml.wss.jaxws.impl.SecurityTubeBase secureOutboundMessage
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:502)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:69)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:248)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:164)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:125)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:359)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
at com.sun.xml.ws.client.Stub.process(Stub.java:433)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
at MyCode.NewClass.main(NewClass.java:32)
Caused by: com.sun.xml.wss.XWSSecurityException: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:395)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:496)
... 24 more
Caused by: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultCertificateFromTrustStore(DefaultCallbackHandler.java:1356)
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:599)
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:390)
... 25 more
maj 24, 2019 3:35:15 EM com.sun.xml.wss.jaxws.impl.SecurityClientTube processClientRequestPacket
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header
at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:319)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:365)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
at com.sun.xml.ws.client.Stub.process(Stub.java:433)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
at MyCode.NewClass.main(NewClass.java:32)
Exception in thread "main" javax.xml.ws.WebServiceException: WSSTUBE0024: Error in Securing Outbound Message.
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:301)
at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
at com.sun.xml.ws.client.Stub.process(Stub.java:433)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
at MyCode.NewClass.main(NewClass.java:32)
Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security Header
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:686)
... 19 more
Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header
at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:319)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:365)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
... 18 more
C:\Users\jeslun\AppData\Local\NetBeans\Cache\11.0\executor-snippets\run.xml:111: The following error occurred while executing this line:
C:\Users\jeslun\AppData\Local\NetBeans\Cache\11.0\executor-snippets\run.xml:94: Java returned: 1
BUILD FAILED (total time: 2 seconds)
我認為NetBeans正在使用Metro 2.0和Glashfish。 錯誤似乎是它無法找到正確的證書。
以前我嘗試在Eclipse中使用CXF和Axis2創建Java客戶端,但可能會將其放在另一個線程中。 我花了很多時間試圖讓這個工作,並閱讀了很多文章,博客等。但任何幫助表示贊賞。
經過兩次修改后,我終於開始工作了。
第一件事:Netbeans有點兒馬車。 經過大量點擊后,我發現了以下內容。
1)在左側的項目視圖中,展開“Web服務引用”,
2)右鍵單擊WCF服務,然后選擇“編輯Web服務屬性”。
3)在“服務質量”選項卡下,單擊表示使用默認值的框。
4)我們不想檢查此框,但在我的情況下,這觸發了NetBeans告訴我沒有下載Metro並詢問我是否應該下載它。
5)下載並加載到netbeans后,我可以選擇在“服務質量”下選擇密鑰庫。
第二件事,包含WCF的服務器需要將客戶端證書添加到受信任的人,如下所示:
1)單擊開始並鍵入“mmc”,然后按Enter鍵。 這將啟動Microsoft管理控制台。
2)單擊文件/添加/刪除管理單元...
3)單擊左側的“證書”,然后單擊“添加>”
4)選擇計算機帳戶然后選擇
5)選擇本地計算機,然后完成
6)單擊確定。
7)展開證書(本地計算機)/受信任的人/
8)右鍵單擊“證書”(在“受信任的人”下),選擇“所有任務/導入”
9)按照指南導入客戶端證書
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.