1. дома
  2. Вопрос и ответ
  3. Ошибка HTTP-транспорта: javax.net.ssl.SSLHandshakeException с WSO2 DSS

Ошибка HTTP-транспорта: javax.net.ssl.SSLHandshakeException с WSO2 DSS

2013-06-04 5 views
0

У меня есть созданный клиент веб-службы и прокси из WSO2 DSS с использованием JDeveloper 11.1.2.3.0.Ошибка HTTP-транспорта: javax.net.ssl.SSLHandshakeException с WSO2 DSS

Служба данных My Data защищена с помощью UsernameToken (Basic Scenario).

Это мой код клиента:

package pmis.wsdl2; 

import java.security.cert.X509Certificate; 

import java.util.ArrayList; 
import java.util.List; 
import java.util.Map; 

import javax.annotation.Generated; 

import javax.xml.ws.BindingProvider; 

import weblogic.security.SSL.TrustManager; 

import weblogic.wsee.security.bst.ClientBSTCredentialProvider; 
import weblogic.wsee.security.saml.SAMLTrustCredentialProvider; 
import weblogic.wsee.security.unt.ClientUNTCredentialProvider; 
import weblogic.wsee.security.util.CertUtils; 

import weblogic.xml.crypto.wss.WSSecurityContext; 
import weblogic.xml.crypto.wss.provider.CredentialProvider; 


// This source file is generated by Oracle tools. 
// Contents may be subject to change. 
// For reporting problems, use the following: 
// Generated by Oracle JDeveloper 11g Release 2 11.1.2.3.0.6276 

public class SecureSOAP11EndpointClient { 
    public static void main(String[] args) { 
     IAWSDLREGISTRATIONDataService iAWSDLREGISTRATIONDataService = new IAWSDLREGISTRATIONDataService(); 
     IAWSDLREGISTRATIONDataServicePortType iAWSDLREGISTRATIONDataServicePortType = 
      iAWSDLREGISTRATIONDataService.getSecureSOAP11Endpoint(); 

     String username = "admin"; 
     String password = "admin"; 

     String clientKeyStore = "d:/wso2keystore.jks"; 
     String clientKeyStorePass = "mypkpassword"; 
     String clientKeyAlias = "wso2cert"; 
     String clientKeyPass = "mypkpassword"; 
     String serverCertFile = "d:/wso2cert.cer"; 

     List credProviders = new ArrayList(); 
     //use x509 to secure wssc handshake 
     try { 
      X509Certificate serverCert = (X509Certificate)CertUtils.getCertificate(serverCertFile); 
      CredentialProvider cp = 
       new ClientBSTCredentialProvider(clientKeyStore, clientKeyStorePass, clientKeyAlias, clientKeyPass, 
               "JKS", serverCert); 
      credProviders.add(cp); 
      cp = new ClientUNTCredentialProvider(username.getBytes(), password.getBytes()); 
      credProviders.add(cp); 

      Map<String, Object> rc = ((BindingProvider)iAWSDLREGISTRATIONDataServicePortType).getRequestContext(); 

      rc.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders); 

      rc.put(WSSecurityContext.TRUST_MANAGER, new TrustManager() { 
        public boolean certificateCallback(X509Certificate[] chain, int validateErr) { 
         return true; 
        } 
       }); 

      iAWSDLREGISTRATIONDataServicePortType.selectAllIAWSDLREGISTRATIONOperation(); 
     } catch (Exception ex) { 
      ex.printStackTrace(); 
     } 
    } 
}

Итак, когда я призываю, я получаю следующее сообщение об ошибке:

com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:138) 
    at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:187) 
    at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:124) 
    at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:121) 
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866) 
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815) 
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778) 
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680) 
    at com.sun.xml.ws.client.Stub.process(Stub.java:272) 
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:153) 
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115) 
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95) 
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136) 
    at $Proxy35.selectAllIAWSDLREGISTRATIONOperation(Unknown Source) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
    at java.lang.reflect.Method.invoke(Method.java:597) 
    at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84) 
    at $Proxy36.selectAllIAWSDLREGISTRATIONOperation(Unknown Source) 
    at pmis.wsdl2.SecureSOAP11EndpointClient.main(SecureSOAP11EndpointClient.java:66) 
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649) 
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) 
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136) 
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) 
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149) 
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) 
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) 
    at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:126) 
    ... 20 more 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) 
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217) 
    at sun.security.validator.Validator.validate(Validator.java:218) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185) 
    ... 32 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) 
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) 
    ... 38 more

Я сотворенным свой сертификат следующим образом:

keytool -genkey -alias wso2cert -keyalg RSA -keysize 1024 -keypass mypkpassword -keystore wso2keystore.jks -storepass mypkpassword 

keytool -export -alias wso2cert -keystore wso2keystore.jks -storepass mypkpassword -file wso2cert.cer 

keytool -import -alias wso2newcert -file wso2cert.cer -keystore client-truststore.jks -storepass wso2carbon

Пожалуйста, предложите мне, как я могу вызвать? UsernameToken + SSL. Необходимы ли какие-либо другие шаги?

С уважением, EBA

источник

2013-06-04 Bayaraa Eba

ответ

0

После импорта новых сертификатов, вы должны отредактировать carbon.xml, чтобы указать путь к хранилищу;

<KeyStore> 
      <!-- Keystore file location--> 
      <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>

источник

2013-06-04 15:12:19 Ratha

+0

Да, я уже отредактировал. Но я все равно получаю такую ​​же ошибку. Пожалуйста, предоставьте мне некоторую учебную инструкцию по вызову защищенного DSS из java-клиента в SSL. –

+0

Просьба предоставить мне, как создать клиентское хранилище ключей и файл сертификата сервера. Также как импортировать в серверное хранилище ключей? –

+0

Проверьте этот пост. http://hasini-gunasinghe.blogspot.com/2011/12/installing-new-keystore-into-wso2.html – Ratha

Смежные вопросы

 Смежные вопросы