如何調用HTTPS webserivce春季啓動與證書

Question

我得到以下異常，同時呼籲在春季啓動HTTPS的Web服務與Apache CXF面對

出現SSLHandshakeException調用https://fanava.shaparak.ir:443/merchantwebservice/jax/merchantAuth：sun.security.validator.ValidatorException：PKIX路徑構建失敗：sun.security.provider.certpath.SunCertPathBuilderException：無法找到需要什麼樣的配置來調用這個服務請求的目標

有效的認證路徑？

classClient：

@Configuration 
public class WSClient { 
    @Bean(name = "PaymentWebService") 
    public PaymentWebService PaymentWebServiceCLient() throws MalformedURLException { 
      JaxWsProxyFactoryBean factory; 
      factory = new JaxWsProxyFactoryBean(); 
      factory.setServiceClass(PaymentWebService.class); 
      factory.setAddress("http://localhost:8080/soap-api/merchantAuth_1.0"); 
      return (PaymentWebService) factory.create(); 
    } 
} 

Answer 1

1.get your webservice you want。

2.用此證書創建密鑰庫。

3.ssl配置客戶端密鑰庫：

@Configuration 
public class WebServiceClient { 

@Inject 
private PaymentProperties paymentProperties; 

@Autowired 
private ResourceLoader resourceLoader; 

@Bean(name = "PaymentWebService") 
public PaymentWebService PaymentWebServiceCLient() throws MalformedURLException { 

    JaxWsProxyFactoryBean factory; 
    factory = new JaxWsProxyFactoryBean(); 
    factory.setServiceClass(PaymentWebService.class); 
    // factory.setAddress("http://localhost:8080/ws/merchantAuth_1.0"); 
    factory.setAddress(paymentProperties.getWsPublicUrl()); 

    PaymentWebService service = (PaymentWebService) factory.create(); 
    try { 
     final Client client = ClientProxy.getClient(service); 
     setupSsl((HTTPConduit) ClientProxy.getClient(service).getConduit()); 
    } catch (Exception e) { 
    } 
    return service; 
} 

private void setupSsl(HTTPConduit httpConduit) throws Exception { 

    final TLSClientParameters tlsCP = new TLSClientParameters(); 

    final String keyStoreLoc = paymentProperties.getSsl().getKeyStore(); 
    final String keyPassword = paymentProperties.getSsl().getKeyStorePassword(); 
    final String keystoreType = paymentProperties.getSsl().getKeyStoreType(); 

    final KeyStore keyStore = KeyStore.getInstance(keystoreType); 
    Resource resource1 = resourceLoader.getResource(keyStoreLoc); 
    keyStore.load(resource1.getInputStream(), keyPassword.toCharArray()); 
    final KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword); 
    tlsCP.setKeyManagers(myKeyManagers); 

    final String trustStoreLoc = paymentProperties.getSsl().getTrustStore(); 
    final String trustStorePassword = paymentProperties.getSsl().getTrustStorePassword(); 
    final String trustStoreType = paymentProperties.getSsl().getTrustStoreType(); 

    final KeyStore trustStore = KeyStore.getInstance(trustStoreType); 
    Resource resource2 = resourceLoader.getResource(trustStoreLoc); 
    trustStore.load(resource2.getInputStream(), trustStorePassword.toCharArray()); 
    final TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore); 
    tlsCP.setTrustManagers(myTrustStoreKeyManagers); 

    httpConduit.setTlsClientParameters(tlsCP); 
} 

private static TrustManager[] getTrustManagers(KeyStore trustStore) 
     throws NoSuchAlgorithmException, KeyStoreException { 
    String alg = KeyManagerFactory.getDefaultAlgorithm(); 
    TrustManagerFactory fac = TrustManagerFactory.getInstance(alg); 
    fac.init(trustStore); 
    return fac.getTrustManagers(); 
} 

private static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword) 
     throws GeneralSecurityException, IOException { 
    String alg = KeyManagerFactory.getDefaultAlgorithm(); 
    char[] keyPass = keyPassword != null ? keyPassword.toCharArray() : null; 
    KeyManagerFactory fac = KeyManagerFactory.getInstance(alg); 
    fac.init(keyStore, keyPass); 
    return fac.getKeyManagers(); 
} 
} 

Answer 2

網站的根證書不在JVM信任。所以，如果你將根證書導入<path_to>/jre/lib/security/cacerts我想你會沒事的。