java - Axis2/Rampart 客户端自签名证书

Question

我正在尝试使用安全客户端访问 Web 服务。

我生成了两个文件：

nb19200.pkcs12

服务器.jks

我将服务器密钥库粘贴到 tomcat 并将 pkcs12 上传到我的浏览器，一切正常。

现在，在我的客户端应用程序中，我尝试了以下操作：

首先，导出服务器证书，我使用了以下命令：

keytool -exportcert -alias servercert -file servercert.cer -keystore server.jks -storepass * *

然后将其导入到没有任何内容的密钥库中：

keytool -importcert -keystore truststore.jks -alias servercert -file servercert.cer -v trustcacerts -noprompt -storepass * **

我的代码如下：

    System.setProperty("javax.net.ssl.trustStore","servertrust.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");

    //To be able to load the client configuration from axis2.xml
    ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("client-repo", null);

    SecureServiceStub stub = new SecureServiceStub(ctx,"https://localhost:8443/axis2/services/SecureService");

    ServiceClient sc = stub._getServiceClient();

    sc.engageModule("rampart");

    //call the service etc.

好的，使用此配置，我收到以下错误：

引起：java.net.SocketException：连接被远程主机关闭

如果我评论前两行，我得到的错误是：

原因：sun.security.provider.certpath.SunCertPathBuilderException：无法找到请求目标的有效证书路径

那么我做错了什么？

我完全迷路了。

更新完整代码：

http://pastebin.com/8xTYK3tY

堆栈跟踪：

Exception in thread "main" org.apache.axis2.AxisFault: Connection refused: connect
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:197)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at tutorial.rampart.client.SecureServiceStub.add(SecureServiceStub.java:191)
at tutorial.rampart.client.SecureServiceCGClient.main(SecureServiceCGClient.java:36)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:564)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)

Answer 1

查看定义密钥库路径的行：

System.setProperty("javax.net.ssl.trustStore","servertrust.jks");

但是您提到文件名是server.jks。因此，如果是这种情况，这就是代码找不到正确证书文件的原因。

更新：

使用 ssl (https) 时，服务器会根据“CN”搜索正确的证书。CN 必须等于主机的名称。根据您发布的 URL，我看到您正在使用 localhost，因此您必须使 CN 等于您的机器名称（您可以通过右键单击我的电脑 -> 属性来查看它）。

Answer 2

请确保服务正在侦听端口 8443。检查 URL 是否https://localhost:8443/axis2/services/SecureService存在。您可以试试这个 URL https://localhost:8443/axis2/services/SecureService?wsdl，看看是否可以从该 URL 获取服务的 WSDL

Answer 3

我找到了解决方案。

我错过了这个：

System.setProperty("javax.net.ssl.keyStore","keys/client.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");