如何解决使用WebServiceTemplate的SOAP客户端和资源之间的2种方式SSL协商失败
我刚刚继承了一个SpringBoot应用程序,该应用程序使用webservicetemplate作为客户端访问某些SOAP端点。
到目前为止,我对客户端和资源密钥库以及信任库的了解
- 从已验证的签名证书生成的客户端密钥库。
- 客户的证书已导入到Resource的信任库中
application.yml中的我的配置:
endpoint: https://target_endpoint
endpoint_dw: https://target_endpoint:8443/query
trust_store: classpath:truststore/truststore.jks
trust_store_password: changeit
key_store: classpath:keystore/keystore.jks
key_store_password: changeit
我的HttpClient,SSLContext和webservicetemplate对象的配置来源:
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.util.ResourceUtils;
import org.springframework.ws.client.core.webservicetemplate;
import org.springframework.ws.transport.http.HttpComponentsMessageSender;
import java.io.File;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
@Configuration
public class webservicetemplateSslConfig {
@Autowired
private MarshallConfig marshallConfig;
@Value("${config.trust_store}")
private Resource trustStore;
@Value("${config.trust_store_password}")
private String trustStorePassword;
@Value("${config.key_store}")
private Resource keyStore;
@Value("${config.key_store_password}")
private String keyStorePassword;
@Value("${config.endpoint}")
private String endpoint;
@Bean
public webservicetemplate webservicetemplate() throws Exception {
webservicetemplate webservicetemplate = new webservicetemplate();
webservicetemplate.setMarshaller(marshallConfig.marshaller());
webservicetemplate.setUnmarshaller(marshallConfig.marshaller());
webservicetemplate.setMessageSender(httpComponentsMessageSender());
webservicetemplate.setDefaultUri(webserviceEndpoint);
return webservicetemplate;
}
@Bean
public HttpComponentsMessageSender httpComponentsMessageSender() throws Exception {
HttpComponentsMessageSender httpComponentsMessageSender = new HttpComponentsMessageSender();
httpComponentsMessageSender.setHttpClient(httpClient());
return httpComponentsMessageSender;
}
public HttpClient httpClient() throws Exception {
return HttpClientBuilder
.create()
.setSSLSocketFactory(sslConnectionSocketFactory())
.addInterceptorFirst(new HttpComponentsMessageSender.RemoveSoapHeadersInterceptor())
.build();
}
public SSLConnectionSocketFactory sslConnectionSocketFactory() throws Exception {
return new SSLConnectionSocketFactory(sslContext(),NoopHostnameVerifier.INSTANCE);
}
public SSLContext sslContext() throws Exception {
return SSLContextBuilder.create()
.loadTrustMaterial(trustStore.getFile(),trustStorePassword.tochararray())
.loadKeyMaterial(keyStore.getFile(),keyStorePassword.tochararray(),keyStorePassword.tochararray())
.build();
}
}
我的客户端通过-Djavax.net.debug = ssl,握手的日志条目
*** CertificateRequest
Cert Types: ECDSA,RSA,DSS
Supported Signature Algorithms: SHA256withECDSA,SHA384withECDSA,SHA512withECDSA,UnkNown (hash:0x8,signature:0x4),signature:0x5),signature:0x6),signature:0x9),signature:0xa),signature:0xb),SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA256withDSA,UnkNown (hash:0x3,signature:0x3),signature:0x1),signature:0x2),SHA1withECDSA,SHA1withRSA,SHA1withDSA
Cert Authorities:
...
...
...
...
...
*** ServerHellodone
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ClientKeyExchange,RSA PreMasterSecret,TLSv1.2
http-nio-9999-exec-2,WRITE: TLSv1.2 Handshake,length = 269
SESSION KEYGEN:
PreMaster Secret:
0000: 03 03 18 B3 88 5F 1E B8 52 A6 94 21 F6 22 A2 A9 ....._..R..!."..
0010: E7 63 6E 55 82 34 4C 87 3A 32 BF 0D 66 BA 00 C3 .cnU.4L.:2..f...
0020: 8F 8D DF 25 7C 89 42 4B 34 81 DB 68 65 6D CC 2F ...%..BK4..hem./
CONNECTION KEYGEN:
Client Nonce:
0000: ..... _...$r<=.:......
0010: ..... C. c..<(...t....
Server Nonce:
0000: ..... [z,.Y..02.5_.9gv
0010: ..... SUJ>f..p.Hh..k..
Master Secret:
0000: ..... ..Q..yhL..r..e..
0010: ..... .m.....Z..!.....
0020: ..... ..].D6.4Z.._h..r
Client MAC write Secret:
0000: ..... .....a.@..2....j
0010: ..... ..........g....#
Server MAC write Secret:
0000: ..... nS...T'.........
0010:...... .6Z.?.z..r......
Client write key:
0000: ..... ..YT............
0010: ..... .....C....Y.-(.3
Server write key:
0000: ..... .6.....r%@.f.Q..
0010: ..... ...i.Y.h.f......
... no IV derived for this protocol
http-nio-9999-exec-2,WRITE: TLSv1.2 Change Cipher Spec,length = 1
*** Finished
verify_data: { 145,215,100,173,191,54,196,70,130,193,49,168 }
***
http-nio-9999-exec-2,length = 80
http-nio-9999-exec-2,waiting for close_notify or alert: state 1
http-nio-9999-exec-2,Exception while waiting for close java.net.socketException: Software caused connection abort: recv Failed
http-nio-9999-exec-2,handling exception: java.net.socketException: Software caused connection abort: recv Failed
%% Invalidated: [Session-8,TLS_RSA_WITH_AES_256_CBC_SHA256]
http-nio-9999-exec-2,SEND TLSv1.2 ALERT: fatal,description = unexpected_message
http-nio-9999-exec-2,WRITE: TLSv1.2 Alert,length = 64
http-nio-9999-exec-2,Exception sending alert: java.net.socketException: Software caused connection abort: socket write error
http-nio-9999-exec-2,called closeSocket()
http-nio-9999-exec-2,called close()
http-nio-9999-exec-2,called closeInternal(true)
17:19:18.665 ERROR g.d.i.r.p.c.AdviceController - I/O error: Software caused connection abort: recv Failed; nested exception is java.net.socketException: Software caused connection abort: recv Failed
org.springframework.ws.client.WebServiceIOException: I/O error: Software caused connection abort: recv Failed; nested exception is java.net.socketException: Software caused connection abort: recv Failed
org.springframework.ws.client.WebServiceIOException: I/O error: Software caused connection abort: recv Failed; nested excepti on is java.net.socketException: Software caused connection abort: recv Failed
at org.springframework.ws.client.core.webservicetemplate.sendAndReceive(webservicetemplate.java:561)
at org.springframework.ws.client.core.webservicetemplate.marshalSendAndReceive(webservicetemplate.java:390)
at org.springframework.ws.client.core.webservicetemplate.marshalSendAndReceive(webservicetemplate.java:378)
at gov.dhs.ice.raven.passport.config.soAPConnector.callWebService(SOAPConnector.java:15)
.....
.....
.....
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.socketException: Software caused connection abort: recv Failed
at java.net.socketInputStream.socketRead0(Native Method)
at java.net.socketInputStream.socketRead(SocketInputStream.java:116)
at java.net.socketInputStream.read(SocketInputStream.java:171)
at java.net.socketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1779)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124)
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1156)
at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1266)
at sun.security.ssl.ClientHandshaker.serverHellodone(ClientHandshaker.java:1178)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getoutputStream0(HttpURLConnection.java:1334)
at sun.net.www.protocol.http.HttpURLConnection.getoutputStream(HttpURLConnection.java:1309)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getoutputStream(HttpsURLConnectionImpl.java:259)
at org.springframework.ws.transport.http.HttpUrlConnection.getRequestOutputStream(HttpUrlConnection.java:89)
at org.springframework.ws.transport.AbstractSenderConnection$RequestTransportOutputStream.createOutputStream(Abstract SenderConnection.java:87)
at org.springframework.ws.transport.TransportOutputStream.getoutputStream(TransportOutputStream.java:41)
at org.springframework.ws.transport.TransportOutputStream.write(TransportOutputStream.java:64)
at com.sun.xml.internal.messaging.saaj.soap.MessageImpl.writeto(MessageImpl.java:1314)
at org.springframework.ws.soap.saaj.saajSoapMessage.writeto(saajSoapMessage.java:272)
at org.springframework.ws.transport.AbstractWebServiceConnection.send(AbstractWebServiceConnection.java:46)
at org.springframework.ws.client.core.webservicetemplate.sendRequest(webservicetemplate.java:658)
at org.springframework.ws.client.core.webservicetemplate.doSendAndReceive(webservicetemplate.java:606)
at org.springframework.ws.client.core.webservicetemplate.sendAndReceive(webservicetemplate.java:555)
... 103 common frames omitted
org.spring
任何帮助或对此的见识将不胜感激!!!!谢谢!!!!
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。