[英]Java SOAP service over SSL with client certificates
因此,我一直在嘗試使用JAX-WS和SSL設置Java SOAP servlet。 我已經在SSL上運行了實際的服務,但是我需要它基於客戶端證書進行身份驗證,並且現在它正在接受針對它的所有連接。
到目前為止,這是我的代碼:
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType)
throws CertificateException {
System.out.println("yay1");
}
public void checkServerTrusted(X509Certificate[] chain,
String authType)
throws CertificateException {
System.out.println("yay2");
}
public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException("Not supported yet.");
}
};
String uri = "http://127.0.0.1:8083/SoapContext/SoapPort";
Object implementor = new Main();
Endpoint endpoint = Endpoint.create(implementor);
SSLContext ssl = SSLContext.getInstance("TLS");
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore store = KeyStore.getInstance("JKS");
store.load(new FileInputStream("serverkeystore"),"123456".toCharArray());
keyFactory.init(store, "123456".toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(store);
ssl.init(keyFactory.getKeyManagers(),
new TrustManager[] { tm }, null);
HttpsConfigurator configurator = new HttpsConfigurator(ssl);
HttpsServer httpsServer = HttpsServer.create(new InetSocketAddress(8083), 8083);
httpsServer.setHttpsConfigurator(configurator);
HttpContext httpContext = httpsServer.createContext("/SoapContext/SoapPort");
httpsServer.start();
endpoint.publish(httpContext);
我正在使用以下PHP代碼進行測試:
$soapClient = new SoapClient("https://localhost:8083/SoapContext/SoapPort?wsdl", array('local_cert' => "newcert.pem"));
$soapClient->add(array('i' => '1', 'j' => '2'));
不幸的是,當我包含local_cert時,它會出錯:
SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://localhost:8083/SoapContext/SoapPort?wsdl' : failed to load external entity "https://localhost:8083/SoapContext/SoapPort?wsdl"
如果我不包括local_cert,它確實可以成功連接,但是它從不調用我的自定義TrustManager,因此它接受所有傳入的連接。
我究竟做錯了什么? 謝謝!
我不知道PHP,但是您在Web服務中的TrustManager
沒有進行任何身份驗證。
因此,不應由於客戶端身份驗證問題而拒絕連接。
您在客戶端中引用的new_cert.pem
是否包含私鑰?
如果沒有,那就可能是問題所在。
我建議您繞線並查看通訊內容。
我懷疑您不會看到來自服務器的拒絕。
故障應該在您的客戶端上是本地的
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.