2

当我尝试通过 HTTPS 连接使用 CXF 客户端使用 CXF Web 服务时,我正面临 SSLhandshakeException。

Web 服务需要 SSL 连接,因此我有 PKCS 12 密钥库,它在 java 代码中直接引用,密码如下。

java代码中的系统属性配置:

System.setProperty("javax.net.ssl.keyStore", "/home/user/test-client.p12");  
System.setProperty("javax.net.ssl.keyStorePassword", "AbcgfhYgb");
System.setProperty("javax.net.debug", "ssl, handshake");

cxf.xml 中的 CXF 客户端配置

<jaxws:client id="CService" serviceClass="com..cws.CService"
        address="https://developer.webservice.com/test" />

<http-conf:conduit name="*.http-conduit">
    <http-conf:tlsClientParameters disableCNCheck="true">
    </http-conf:tlsClientParameters>
</http-conf:conduit>

执行客户端时抛出异常

Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://developer.webservice.com/test: Received fatal alert: handshake_failure
                at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
                at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
                at java.lang.reflect.Constructor.newInstance(Constructor.java:534)
                at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1338)
                at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1322)
                at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:50)
                at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:223)
                at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
                at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:622)
                at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
                at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
                at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
                at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
                at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
                at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
                at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
                at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
                ... 53 more
        Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
                at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
                at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
                at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1748)
                at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:991)
                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1175)
                at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1202)
                at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1186)
                at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
                at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
                at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:979)
                at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
                at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168)
                at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1282)
                at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1233)
                at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
                at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
                at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
                at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1295)
                ... 65 more

任何人都可以建议使用带有 SSL 的 CXF 客户端访问 Web 服务的解决方案。

4

2 回答 2

0

将 JDK cacerts 引用为由 SSL 证书的 CA 证书组成的信任管理器。此外,添加由 SSL 证书组成的密钥库,如下所示。

     <http-conf:conduit name="*.http-conduit">
    <http-conf:tlsClientParameters>
        <sec:keyManagers keyPassword="testkey">
            <sec:keyStore type="JKS" password="changeit"
                file="<keystore path>" />
        </sec:keyManagers>
        <sec:trustManagers>
            <sec:keyStore type="JKS" password="changeit"
                file="<cacert path>" />
        </sec:trustManagers>
    </http-conf:tlsClientParameters>
    <http-conf:client AutoRedirect="true" Connection="Keep-Alive" />
</http-conf:conduit>
于 2014-05-21T04:40:16.987 回答
0

以下配置将使 CXF 客户端能够通过 SSL ( https) 使用 JAXWS 服务:

  <http-conf:conduit name="*.http-conduit" >
    <http-conf:tlsClientParameters 
        useHttpsURLConnectionDefaultSslSocketFactory="true"     
    />
  </http-conf:conduit>

检查: 1. 该证书已在生产者的消费者中导入 2. Additionlay 如果您遇到主机名与证书中的主机名不匹配的问题,您可以使用 disableCNCheck="true"。但是,不建议将此标志用于生产

于 2015-06-30T11:19:25.863 回答