我正在使用带有 wsimport 目标的 jaxws-maven-plugin 在maven子模块中实现jax-ws Web服务客户端,该目标负责解析多个已配置的.wsdl文件,以生成编码客户端所需的工件。
生成过程运行正常,但在实现客户端时,我需要在与已部署的Web服务进行通信时使用SSL。为此,客户向我提供了证书( cert.p12 文件)和密码。
由于在使用jax-ws生成的工件实现Web服务客户端时,我无法访问HttpsURLConnection以编程方式初始化SSLContext,因此我只编写了一个 initProxySettings()方法在调用客户端之前将负责设置系统属性,如下所示。
private void initProxySettings() {
Properties systemSettings = System.getProperties();
systemSettings.setProperty("proxySet", "true");
systemSettings.setProperty("http.proxyHost", proxyHost);
systemSettings.setProperty("http.proxyPort", "443");
systemSettings.setProperty("https.proxyHost", sslProxyHost);
systemSettings.setProperty("https.proxyPort", sslProxyPort);
systemSettings.setProperty("javax.net.ssl.keyStore", p12FilePath);
systemSettings.setProperty("javax.net.ssl.keyStorePassword",p12FilePassword);
systemSettings.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
systemSettings.setProperty("javax.net.debug", "ssl");
System.setProperties(systemSettings);
}
尝试使用该服务运行连接测试时,出现以下错误:
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:121)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:142)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:83)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:587)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:546)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:531)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:428)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:211)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:124)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:98)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
at $Proxy95.reportRatesTrade(Unknown Source)
at myCompany.connectivity.myApp.wsconnector.FpmlReportSender.sendRateFpmlReport(FpmlReportSender.java:66)
at myCompany.connectivity.myAPP.wsconnector.FpmlWsClientSender.sendFpmlViaWebService(FpmlWsClientSender.java:67)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.camel.component.bean.MethodInfo.invoke(MethodInfo.java:407)
at org.apache.camel.component.bean.MethodInfo$1.doProceed(MethodInfo.java:278)
at org.apache.camel.component.bean.MethodInfo$1.proceed(MethodInfo.java:251)
at org.apache.camel.component.bean.BeanProcessor.process(BeanProcessor.java:166)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:72)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:398)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:118)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:80)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.component.file.GenericFileConsumer.processExchange(GenericFileConsumer.java:401)
at org.apache.camel.component.file.GenericFileConsumer.processBatch(GenericFileConsumer.java:201)
at org.apache.camel.component.file.GenericFileConsumer.poll(GenericFileConsumer.java:165)
at org.apache.camel.impl.ScheduledPollConsumer.doRun(ScheduledPollConsumer.java:187)
at org.apache.camel.impl.ScheduledPollConsumer.run(ScheduledPollConsumer.java:114)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:109)
... 43 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:325)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:219)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1053)
... 55 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:320)
... 61 more
以下是我已缩短的SSL调试的摘录:
keyStore type is : pkcs12
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : company- mail@mail.com
chain [0] = [
[
Version: V3
Subject: CN=company99DF011B-51A9-57F9-E341-E0A68D4B9751, OU=USERS, O=KGC0418
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunPKCS11-Solaris RSA public key, 2048 bits (id 139309464, session object)
modulus: 22112756093157512458757695440781457752806273315592450355957740196952202759592017766120571999875831031807562268295134910443622272782776544232874456458580772402436337356828895708779249509298037562892132455656130873883482145964182231114271360652011365917415253840206676718726431817484730833855366587344152579527243740623
public exponent: 65537
Validity: [From: Sun Dec 08 17:31:09 MET 2013,
To: Thu Jan 08 17:31:09 MET 2015]
Issuer: CN=KGC0418 companyPROD, OU=company Authorized Use Only, O=KGC0418, C=US
SerialNumber: [ 03]
Certificate Extensions: 3
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
S/MIME
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 1A C2 D9 E5 AC 6D 36 2F 65 F1 4C A2 11 3B 92 EB .....m6/e.L..;..
0010: 9B F9 4B CA ..K.
]
[CN=company Global Root CA, OU=company Authorized Use Only, O=COMPANY, C=US]
SerialNumber: [ 14]
]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:....
.........
......
.....
.....
***
trustStore is: /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
.........
........
.........
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1373450395 bytes = { 223, 37, 1, 148, 219, 69, 149, 109, 169, 194, 44, 197, 99, 80, 16, 189, 197, 104, 28, 99, 157, 172, 34, 240, 145, 73, 49, 89 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
Camel (myApp) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Handshake, length = 73
Camel (myApp) thread #0 - file://src/test/resources/fpml, WRITE: SSLv2 client hello message, length = 98
Camel (myApp) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1373446593 bytes = { 83, 8, 141, 30, 34, 196, 26, 7, 232, 255, 119, 56, 80, 5, 201, 181, 68, 107, 17, 160, 109, 152, 79, 219, 19, 16, 181, 222 }
Session ID: {146, 198, 54, 212, 84, 229, 79, 190, 99, 152, 78, 98, 18, 19, 152, 253, 197, 212, 1, 37, 17, 33, 77, 113, 59, 86, 136, 120, 33, 19, 126, 1}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
Camel (myApp) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 1295
*** Certificate chain
chain [0] = [
[....
.....
.....
.....
[9]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:...
....
...
]
***
Camel (myApp) thread #0 - file://src/test/resources/fpml, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Camel (myApp) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Alert, length = 2
Camel (myApp) thread #0 - file://src/test/resources/fpml, called closeSocket()
Camel (myApp) thread #0 - file://src/test/resources/fpml, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Finalizer, called close()
Finalizer, called closeInternal(true)
你能否告诉我这是否是在JAX-WS客户端上使用.p12证书的正确方法?如果我的实施有意义,那么我错过了什么?
------ 更新 -------
正如@Jcs在下一篇文章中所建议的那样,我通过以下步骤创建了一个JKS格式的自定义新密钥库:
1 /使用以下命令从cert.p12文件中提取公钥:
openssl.exe pkcs12 -in cert.p12 -clcerts -nokeys -out publicCert.pem
2 /使用以下方式创建JKS格式的新信任存储区:
keytool -import -alias test -file publicCert.pem -keystore myTrustStore.jks
然后保持keyStore的相同配置,我已经配置了trusStore属性来指出这个新生成的JKS存储,如下所示:
systemSettings.setProperty("javax.net.ssl.trustStore", myTrustStore.jks);
systemSettings.setProperty("javax.net.ssl.trustStorePassword", jksFilePassword);
systemSettings.setProperty("javax.net.ssl.trustStoreType", "JKS");
/*****/
systemSettings.setProperty("javax.net.ssl.keyStore", cert.p12);
systemSettings.setProperty("javax.net.ssl.keyStorePassword", p12FilePassword);
systemSettings.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
现在从我在ssl.debug控制台中看到的,trustStore指向我在实现中设置的那个:
***
trustStore is: src\test\resources\certificate\myTrustStore.jks
trustStore type is : JKS
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=COMPANY 99DF011B-51A9-57F9-E341-E0A68D4B9751, OU=USERS, O=KGC0418
Issuer: CN=KGC0418 XXXXXXXXX
Algorithm: RSA; Serial number: 0x3
Valid from Sun Dec 08 17:31:09 GMT+01:00 2013 until Thu Jan 08 17:31:09 GMT+01:00 2015
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1373559519 bytes = { 73, 210, 46, 42, 251, 113, 112, 255, 135, 100, 241, 240, 245, 125, 197, 72, 118, 72, 226, 121, 151, 222, 36, 76, 69, 108, 59, 223 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
Camel (camel-2) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Handshake, length = 73
Camel (camel-2) thread #0 - file://src/test/resources/fpml, WRITE: SSLv2 client hello message, length = 98
Camel (camel-2) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1373559520 bytes = { 208, 198, 151, 119, 235, 39, 193, 62, 48, 230, 205, 106, 86, 238, 78, 91, 82, 255, 187, 234, 12, 5, 121, 49, 30, 109, 211, 209 }
Session ID: {6, 28, 249, 26, 112, 151, 19, 203, 2, 16, 79, 111, 188, 253, 24, 4, 247, 139, 66, 144, 210, 30, 101, 226, 40, 73, 228, 161, 55, 230, 221, 114}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
Camel (camel-2) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 1295
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=xxxxxxxxxxxx
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 26518340377185970618433427871998795874305944949774222457599695023228997443108630011833718821919400987851754545189639992819856454324827540671299918071626122667103792561945932972886083246760975456684092491592159887675835743379582226715892057387136711529603424019350987371140627696296825793550900188321364783977163343619847560039629745177775488269466101953205609461762679291911956872358518707250384413293488030799581673273259857148207483603504965811669522407902645141827155299400058670101699158958543405382995894352227209548308584112363108195961049506258872806165116902528885827281882201616114758666943336739405701681289
public exponent: 65537
Validity: [From: Thu Nov 07 12:56:30 GMT+01:00 2013,
To: Sat Jan 09 18:53:11 GMT+01:00 2016]
Issuer: CN=GeoTrust SSL CA, O="GeoTrust, Inc.", C=US
SerialNumber: [ 02a093]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://gtssl-ocsp.geotrust.com,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://gtssl-aia.geotrust.com/gtssl.crt]
]
....
[2]: ObjectId: 2.xx.xx.17 Criticality=false
....
[3]: ObjectId: 2.xx.xx.35 Criticality=false
...
[4]: ObjectId: 2.xx.xx.14 Criticality=false
....
[5]: ObjectId: 2.xx.xx.32 Criticality=false
....
[6]: ObjectId: 2.xx.xx.19 Criticality=true
....
[7]: ObjectId: 2.xx.xx.37 Criticality=false
....
[8]: ObjectId: 2.xx.xx.31 Criticality=false
..
.
[9]: ObjectId: 2.xx.xx.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 14 EB 1F A8 91 DE F0 A6 54 B4 BB D1 6F E4 10 63 ........T...o..c
]
***
Camel (camel-2) thread #0 - file://src/test/resources/fpml, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Camel (camel-2) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Alert, length = 2
Camel (camel-2) thread #0 - file://src/test/resources/fpml, called closeSocket()
Camel (camel-2) thread #0 - file://src/test/resources/fpml, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Camel (camel-2) thread #0 - file://src/test/resources/fpml, called close()
Camel (camel-2) thread #0 - file://src/test/resources/fpml, called closeInternal(true)
但我仍然遇到同样的错误:
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:121)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:142)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:83)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:587)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:546)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:531)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:428)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:211)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:124)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:98)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
at $Proxy102.reportRatesTrade(Unknown Source)
at myCompany.connectivity.myApp.wsconnector.FpmlReportSender.sendRateFpmlReport(FpmlReportSender.java:75)
at myCompany.connectivity.myApp.wsconnector.FpmlWsClientSender.sendFpmlViaWebService(FpmlWsClientSender.java:67)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.camel.component.bean.MethodInfo.invoke(MethodInfo.java:407)
at org.apache.camel.component.bean.MethodInfo$1.doProceed(MethodInfo.java:278)
at org.apache.camel.component.bean.MethodInfo$1.proceed(MethodInfo.java:251)
at org.apache.camel.component.bean.BeanProcessor.process(BeanProcessor.java:166)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:72)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:398)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:118)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:80)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.component.file.GenericFileConsumer.processExchange(GenericFileConsumer.java:401)
at org.apache.camel.component.file.GenericFileConsumer.processBatch(GenericFileConsumer.java:201)
at org.apache.camel.component.file.GenericFileConsumer.poll(GenericFileConsumer.java:165)
at org.apache.camel.impl.ScheduledPollConsumer.doRun(ScheduledPollConsumer.java:187)
at org.apache.camel.impl.ScheduledPollConsumer.run(ScheduledPollConsumer.java:114)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:109)
... 43 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:294)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:200)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1053)
... 55 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:289)
... 61 more
我是否正确设置了keyStore和trustStore?
答案 0 :(得分:3)
据我所知,您正在使用PKCS#12文件。问题是由服务器证书引起的。由于您未设置任何trustStore,因此使用默认trustStore。这写在这个日志行中:
trustStore is: /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts
但是,SSL实施无法将服务器证书链附加到此商店中的任何受信任证书。也许这个服务器证书是自签名的,可能是由专门的内部证书颁发机构颁发的,也可能是由此处未列出的证书颁发机构颁发的。
要解决此问题,请向客户端询问根CA证书并将其添加到cacerts文件中或创建自定义新密钥库。您可以使用keytool -importcert命令。
如果您创建了一个新的密钥库,则需要将其添加到您的代码中:
systemSettings.setProperty("javax.net.ssl.trustStore", "/path/to/trust/store");
systemSettings.setProperty("javax.net.ssl.trustStorePassword", "trustStorePassword");