问题:
Spring boot:使用特定别名表单keystore来使用HTTPS SOAP webservice
宗政文彬
server:
port: 8443
sessionTimeout: 30
ssl:
key-store: keystore.jks
key-store-password: 123456
keyAlias: tomcat
key-password: 123456
keyPassword: 123456
trust-store: truststore.jks
trust-store-password: 123456
当我试图调用java soap客户机存根时,我看到下面的异常
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
https-jsse-nio-443-exec-4, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
https-jsse-nio-443-exec-4, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 2E .......
https-jsse-nio-443-exec-4, called closeSocket()
https-jsse-nio-443-exec-4, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2017-04-18 17:15:26.253 ERROR 2360 --- [-nio-443-exec-4] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://tseiod-test.trustweaver.com/ts/svs.asmx?wsdl. It failed with:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.] with root cause
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at java.net.URL.openStream(Unknown Source)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Unknown Source)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unknown Source)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown Source)
at javax.xml.ws.Service.<init>(Unknown Source)
看起来keystore.jks中的client别名不用于HTTPS web服务的身份验证,我是否可以强制Spring Boot使用keystore中的特定别名?或者有没有什么变通办法来实现这一点?
共有1个答案
张啸
尝试使用此代码创建不验证证书链的信任管理器。希望这是一个工作围绕您的问题。
ssltool.java
import javax.net.ssl.*;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
public class SSLTool {
public static void disableCertificateValidation() {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {}
public void checkServerTrusted(X509Certificate[] certs, String authType) {}
}};
// Ignore differences between given hostname and certificate hostname
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) { return true; }
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
} catch (Exception e) {}
}
}
并在使用HTTPS SOAP WebService之前调用该方法。
new SSLTool();
SSLTool.disableCertificateValidation();
类似资料:
-
数据可以进行多次不可变借用,但是在不可变借用的期间,原始数据不可进行可变借用。也就是说,在同一段时间内只允许单独一个可变借用。原始数据在可变引用离开作用域之后可再次被借用。 struct Point { x: i32, y: i32, z: i32 } fn main() { let mut point = Point { x: 0, y: 0, z: 0 }; {
-
我是Quarkus的新手,非常高兴能在我的下一个项目中使用它。我的第一步是配置一个mysql连接,并以一种反应式的方式对其执行查询,如下所示。我不想使用JPA/Hibernate,所以我没有采用华丽的方式。 但是我发现我不能在映射行集时使用表别名。 这确实令人沮丧,因为当列名不明确时(例如id是一个非常常见的列名),包含复杂联接的查询将不可能实现。 有没有办法改变这种行为,还是只是一个bug<代码
-
本文向大家介绍使用MySQL LIKE运算符显示特定的表名,包括了使用MySQL LIKE运算符显示特定的表名的使用技巧和注意事项,需要的朋友参考一下 要使用LIKE运算符显示特定的表名称,语法如下- 让我们实现以上语法,以使用LIKE运算符显示特定的表名: 这将产生以下输出
-
问题内容: 我正在尝试更新所有以’agg%’和column_name=’%userid%’之类的字符串开头的表…但是即使我能够找到选择具有特定列的所有表的选项,我也看不到在线的此类示例名称和表名称我需要执行相同的操作来更新这些表,如下所示: 帮助将不胜感激。 谢谢。 问题答案: 获取您条件的更新查询 执行
-
本章节介绍如何创建一个让用户提交数据的表单页。 该页将显示一个包含 name 输入框和 email 输入框的表单。 当提交这两部分信息后,页面将会显示用户所输入的信息。 为了实现这个目标,除了创建一个操作和两个视图外, 还需要创建一个模型。 通过本教程,你将会学到: 创建一个模型代表用户通过表单输入的数据 声明规则去验证输入的数据 在视图中生成一个 HTML 表单 创建模型 模型类 EntryFo