Axis2/Rampart Client Self-Signed Certificates

2019-08-30 04:48发布

I'm trying to access a web service using a secure client.

I generated two files:

nb19200.pkcs12

server.jks

I pasted the server keystore in tomcat and uploaded the pkcs12 to my browser, everything works well.

Now, in my client application, I tried the following:

First, export the server certificate, I used the following command:

keytool -exportcert -alias servercert -file servercert.cer -keystore server.jks -storepass **

And then import it onto a keystore with nothing in there:

keytool -importcert -keystore truststore.jks -alias servercert -file servercert.cer -v trustcacerts -noprompt -storepass ***

My code is the following:

    System.setProperty("javax.net.ssl.trustStore","servertrust.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");

    //To be able to load the client configuration from axis2.xml
    ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("client-repo", null);

    SecureServiceStub stub = new SecureServiceStub(ctx,"https://localhost:8443/axis2/services/SecureService");

    ServiceClient sc = stub._getServiceClient();

    sc.engageModule("rampart");

    //call the service etc.

Ok, with this configuration I get the following error:

Caused by: java.net.SocketException: Connection closed by remote host

If I comment the first two lines, the error I get is:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

So what am I doing wrong?

I'm completely lost.

Update full code:

http://pastebin.com/8xTYK3tY

Stack trace:

Exception in thread "main" org.apache.axis2.AxisFault: Connection refused: connect
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:197)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at tutorial.rampart.client.SecureServiceStub.add(SecureServiceStub.java:191)
at tutorial.rampart.client.SecureServiceCGClient.main(SecureServiceCGClient.java:36)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:564)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)

3条回答
Lonely孤独者°
2楼-- · 2019-08-30 04:59

I found the solution.

I was missing this:

System.setProperty("javax.net.ssl.keyStore","keys/client.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
查看更多
孤傲高冷的网名
3楼-- · 2019-08-30 05:11

Please make sure the service is listening on the port 8443. Check the URL https://localhost:8443/axis2/services/SecureService exist. You can try this URL https://localhost:8443/axis2/services/SecureService?wsdl and see if you can get the WSDL of the service from that URL

查看更多
ら.Afraid
4楼-- · 2019-08-30 05:15

Look at the line where you define the keystore path:

System.setProperty("javax.net.ssl.trustStore","servertrust.jks");

But you mentioned that the file name is server.jks. So if that is the case that is why the code cannot find the proper cert file.

UPDATE:

When using ssl (https) the server searches for the right certificate accroding to the 'CN'. The CN must be equal to the name of the host. According to the URL you posted i see you are using localhost, so you have to make the CN equals to your machine name (You can see it by right click My computer->propeties).

查看更多
登录 后发表回答