问题描述
嗨,我正在尝试用 java 为 ssl 后面的 webservice 编写一个 soap 客户端,webservice 的公司给了我一个 pfx 证书;我已经设法在soapui 中测试了网络服务;但是我无法编写 Java 客户端,我在使用 ssl 时遇到了很多错误,而我遇到的最后一个错误是签名不匹配 请你告诉我配置这个 ssl 的正确方法
public class SoapSSLTest {
/***
* path to the client keystore
* */
private static final String CLIENT_KEYSTORE_PATH="27384425attada_132707366942472887.pfx";
/***
* Password for the the client keystore
*/
private static final String CLIENT_KEYSTORE_PASSWORD="attada@123";
/***
* The servers certificate's alias within the client key store
*/
private static final String SERVER_CERTIFICATE_ALIAS="u6337-attadamoune";
/**
* URL to THE QUANTIC SOAP UI service
*/
private static final String SOAP_URI="https://www.test.quantikcb.com/testui/Services/LiveRequestService.svc";
private static final String URN ="urn:examples:helloservice";
private static final String REQUEST="<REQUEST REQUEST_ID=\"1\">\r\n"
+ " <REQUEST_ParaMETERS>\r\n"
+ " <REPORT_ParaMETERS REPORT_ID=\"2657\" SUBJECT_TYPE=\"COMM\" RESPONSE_TYPE=\"1\"/>\r\n"
+ " <APPLICATION_DETAILS LOAN_TYPE=\"0113\"/>\r\n"
+ " </REQUEST_ParaMETERS>\r\n"
+ " <SEARCH_ParaMETERS SEARCH_TYPE=\"NMIDSRCH\">\r\n"
+ " <NAME>CALPAL GROUP</NAME>\r\n"
+ " <ID_TYPE>C</ID_TYPE>\r\n"
+ " <TRIBUNAL_CODE>85</TRIBUNAL_CODE>\r\n"
+ " <IDENTIFIER_NUMBER>81867</IDENTIFIER_NUMBER>\r\n"
+ " </SEARCH_ParaMETERS>\r\n"
+ " </REQUEST>";
/**
* Loads the keystore using the default keystorle type (apks) with the given
* file path and password
* @param filePath : the path to the keystore
* @param password : the keystore password
* @return : returns the keystore
* @throws IOException
* @throws KeyStoreException
* @throws CertificateException
* @throws NoSuchAlgorithmException
* @throws :NoSuchAlgorithmException
* @see keystore#load(inputstream,char[])
* @throws : IOException
* @see FileInputSteam()
* @throws keyStoreException
* @see keystore#getInstance()
*/
private KeyStore loadKeystore(String filePath,char [] password) throws IOException,KeyStoreException,NoSuchAlgorithmException,CertificateException {
FileInputStream is = new FileInputStream(new File(filePath));
final KeyStore keystore = KeyStore.getInstance(KeyStore
.getDefaultType());
keystore.load(is,password);
return keystore;
}
public void run() throws KeyStoreException,CertificateException,IOException,UnrecoverableKeyException,KeyManagementException,SOAPException {
/*
* Load the keystore
*/
char[] password = CLIENT_KEYSTORE_PASSWORD.tochararray();
KeyStore keystore = loadKeystore(CLIENT_KEYSTORE_PATH,password);
/*
* Get the servers trusted certificate.
*/
final Certificate trusted = keystore
.getCertificate(SERVER_CERTIFICATE_ALIAS);
/*
* Create a trust manager that validates the servers certificate
*/
TrustManager[] trustManager = new TrustManager[] { new x509trustmanager() {
public java.security.cert.X509Certificate[] getAcceptedissuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs,String authType) {
}
public void checkServerTrusted(X509Certificate[] certs,String authType) throws CertificateException {
if (certs == null || certs.length == 0) {
throw new IllegalArgumentException(
"null or zero-length certificate chain");
}
if (authType == null || authType.length() == 0) {
throw new IllegalArgumentException(
"null or zero-length authentication type");
}
// check if certificate sent is your CA's
if (!certs[0].equals(trusted)) {
// check if its been signed by the CA
try {
certs[0].verify(trusted.getPublicKey());
} catch (InvalidKeyException | NoSuchAlgorithmException
| NoSuchProviderException | SignatureException e) {
throw new CertificateException(e);
}
}
certs[0].checkValidity();
}
} };
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
.getDefaultAlgorithm());
kmf.init(keystore,password);
// set the trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(kmf.getKeyManagers(),trustManager,new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// create an all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname,SSLSession session) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
MessageFactory messageFactory =MessageFactory.newInstance();
SOAPMessage soapMessage = messageFactory.createMessage();
SOAPPart soapPart = soapMessage.getSOAPPart();
SOAPEnvelope envelope = soapPart.getEnvelope();
envelope.removeNamespaceDeclaration("SOAP-ENV");
envelope.addNamespaceDeclaration("soap","http://www.w3.org/2003/05/soap-envelope");
envelope.addNamespaceDeclaration("sbw","http://dnbsilverbladeproduct.com/SBWebsite");
envelope.addNamespaceDeclaration("dnb","http://schemas.datacontract.org/2004/07/Dnb.SB.Web.WebClient.Services");
envelope.setPrefix("soap");
/**
* <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:sbw="http://dnbsilverbladeproduct.com/SBWebsite" xmlns:dnb="http://schemas.datacontract.org/2004/07/Dnb.SB.Web.WebClient.Services">
* <soap:Header/>
* <soap:Body>
* <sbw:GetLiveCIR>
* <!--Optional:-->
* <sbw:ReqLiveReport>
* <dnb:UserName><![CDATA[userFinal1]]> </dnb:UserName>
* <dnb:Password><![CDATA[soapclient@123]]> </dnb:Password>
* <dnb:RequestXML><![CDATA[<REQUEST REQUEST_ID="1">
* <REQUEST_ParaMETERS>
* <REPORT_ParaMETERS REPORT_ID="2657" SUBJECT_TYPE="COMM" RESPONSE_TYPE="1"/>
* <APPLICATION_DETAILS LOAN_TYPE="0113"/>
* </REQUEST_ParaMETERS>
* <SEARCH_ParaMETERS SEARCH_TYPE="NMIDSRCH">
* <NAME>CALPAL GROUP</NAME>
* <ID_TYPE>C</ID_TYPE>
* <TRIBUNAL_CODE>85</TRIBUNAL_CODE>
* <IDENTIFIER_NUMBER>81867</IDENTIFIER_NUMBER>
* </SEARCH_ParaMETERS>
* </REQUEST>]]>
* </dnb:RequestXML>
* </sbw:ReqLiveReport>
* </sbw:GetLiveCIR>
* </soap:Body>
* </soap:Envelope>
**/
SOAPHeader soapHeader = envelope.getHeader();
soapHeader.setPrefix("soap");
SOAPBody soapBody = envelope.getBody();
soapBody.setPrefix("soap");
SOAPElement getLiveCIRElement=soapBody.addChildElement("GetLiveCIR","sbw");
SOAPElement getLiveReportElement = getLiveCIRElement.addChildElement("ReqLiveReport","sbw");
SOAPElement userNameElement=getLiveReportElement.addChildElement("UserName","dnb");
SOAPElement passwordElement=getLiveReportElement.addChildElement("Password","dnb");
SOAPElement requestXMLElement=getLiveReportElement.addChildElement("RequestXML","dnb");
CDATASection usernameCDATA = userNameElement.getownerDocument().createCDATASection("27384425attada");
userNameElement.appendChild(usernameCDATA);
CDATASection passwordCDATA = passwordElement.getownerDocument().createCDATASection("attada@123");
userNameElement.appendChild(passwordCDATA);
CDATASection requestXMLCDATA = requestXMLElement.getownerDocument().createCDATASection(REQUEST);
requestXMLElement.appendChild(requestXMLCDATA);
//soapBodyElem2.addTextNode("EXample First Name");
MimeHeaders headers = soapMessage.getMimeHeaders();
headers.addHeader("SOAPAction",SOAP_URI+"verifyEmail");
soapMessage.saveChanges();
//send request to the server
URL url = new URL(SOAP_URI);
URLConnection con = url.openConnection();
con.setDoOutput(true);
soapMessage.writeto(con.getoutputStream());
//read in response and print it to screen
Reader reader = new InputStreamReader(con.getInputStream());
while (true) {
int ch = reader.read();
if(ch==-1) {
break;
}
System.out.println((char) ch);
}
}
public static void main(String [] args)
throws UnrecoverableKeyException,SOAPException {
SoapSSLTest test = new SoapSSLtest();
test.run();
}
堆栈跟踪:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.SignatureException: Signature does not match.
at sun.security.ssl.Alert.createSSLException(UnkNown Source)
at sun.security.ssl.TransportContext.fatal(UnkNown Source)
at sun.security.ssl.TransportContext.fatal(UnkNown Source)
at sun.security.ssl.TransportContext.fatal(UnkNown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(UnkNown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(UnkNown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(UnkNown Source)
at sun.security.ssl.SSLHandshake.consume(UnkNown Source)
at sun.security.ssl.HandshakeContext.dispatch(UnkNown Source)
at sun.security.ssl.HandshakeContext.dispatch(UnkNown Source)
at sun.security.ssl.TransportContext.dispatch(UnkNown Source)
at sun.security.ssl.SSLTransport.decode(UnkNown Source)
at sun.security.ssl.SSLSocketImpl.decode(UnkNown Source)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(UnkNown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(UnkNown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(UnkNown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(UnkNown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(UnkNown Source)
at sun.net.www.protocol.http.HttpURLConnection.getoutputStream0(UnkNown Source)
at sun.net.www.protocol.http.HttpURLConnection.getoutputStream(UnkNown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getoutputStream(UnkNown Source)
at applications.soapSSLTest.run(SoapSSLTest.java:261)
at applications.soapSSLTest.main(SoapSSLTest.java:280)
Caused by: java.security.cert.CertificateException: java.security.SignatureException: Signature does not match.
at applications.soapSSLTest$1.checkServerTrusted(SoapSSLTest.java:160)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(UnkNown Source)
... 19 more
Caused by: java.security.SignatureException: Signature does not match.
at sun.security.x509.X509CertImpl.verify(UnkNown Source)
at sun.security.x509.X509CertImpl.verify(UnkNown Source)
at applications.soapSSLTest$1.checkServerTrusted(SoapSSLTest.java:157)
... 20 more
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)