如何解决Java 应用程序无法使用 EJBCA 库连接到 https Web 服务
我希望 Java 应用程序使用 EJBCA 库连接到 Web 服务,但它抛出异常。你看到 以下 void 方法尝试连接到 Ejbca
protected void connectToEjbca() {
LOG.info("Establishing Ejbca conecction");
String trustStore = CONfig.getProperty("truststore");
String trustStorePassword = CONfig.getProperty("truststore.password");
String keyStoreType = CONfig.getProperty("keystore.type");
String keyStore = CONfig.getProperty("keystore");
String keyStorePassword = CONfig.getProperty("keystore.password");
String ejbcaUrl = CONfig.getProperty("url");
try{
CryptoProviderTools.installBCProvider();
KeyManager[] kms = this.getKeyManagers(keyStore,keyStorePassword);
TrustManager[] tms = this.getTrustManagers(trustStore,trustStorePassword);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kms,tms,null);
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String hostname,SSLSession session) { return true; }
};
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
QName qname = new QName("http://ws.protocol.core.ejbca.org/","EjbcaWSService");
EjbcaWSService service = new EjbcaWSService(new URL(ejbcaUrl),qname);
ws = service.getEjbcaWSPort();
connect = true;
LOG.info("EJBCA connection was successfully");
}catch(Exception ex){
LOG.info("Error in EJBCA connection: " + ex.getLocalizedMessage());
connect = false;
ex.printstacktrace();
}
}
代码执行失败在一行: EjbcaWSService service = new EjbcaWSService(new URL(ejbcaUrl),qname);
例外说明:
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
根据config.properties:
url=https:\//192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl
truststore=E:\\admin_test.jks
keystore=E:\\admin_test.p12
keystore.type=PKCS12
密码变量没问题。
此外,我将 admin_test.p12 证书导入到 firefox,浏览器显示页面 https://192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl 非常好。
此外,我将 admin_test.p12 证书导入到 Windows 证书管理器。然后。我导出为 X.509 证书(admin_test.cert)。之后,我通过 KeyStore Explorer 创建了一个 JKS 文件并导入了 admin_test.cert。
config.properties 中引用了 admin_test.cert 和 admin_test.p12 这两个文件
所以 url https://192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl 由 firefox 工作,但 java 应用程序没有。
我能做什么?
解决方法
我认为你是对的。您的错误消息是“无法找到到请求目标的有效证书路径”,这表明客户端无法找到可信任的 CA 证书来验证 TLS 连接。这是一个纯粹的 TLS 连接建立问题。 truststore 必须包含服务器证书链的 CA 证书,仅此而已。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
