如何在 spring 使用证书启动时调用 https web 服务
How to call https webserivce in spring boot with certificate
在使用 apache cxf face
启动 spring 中调用 https 网络服务时出现以下异常
SSLHandshakeException invoking https://fanava.shaparak.ir:443/merchantwebservice/jax/merchantAuth: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
调用此服务需要什么配置?
类客户端:
@Configuration
public class WSClient {
@Bean(name = "PaymentWebService")
public PaymentWebService PaymentWebServiceCLient() throws MalformedURLException {
JaxWsProxyFactoryBean factory;
factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(PaymentWebService.class);
factory.setAddress("http://localhost:8080/soap-api/merchantAuth_1.0");
return (PaymentWebService) factory.create();
}
}
网站的根证书不在 JVM 信任库中。因此,如果您将根证书导入 <path_to>/jre/lib/security/cacerts,我想您会没事的。
1.get 您需要的证书 Web 服务。
2.create 具有此证书的密钥库。
3.ssl 使用密钥库配置客户端:
@Configuration
public class WebServiceClient {
@Inject
private PaymentProperties paymentProperties;
@Autowired
private ResourceLoader resourceLoader;
@Bean(name = "PaymentWebService")
public PaymentWebService PaymentWebServiceCLient() throws MalformedURLException {
JaxWsProxyFactoryBean factory;
factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(PaymentWebService.class);
// factory.setAddress("http://localhost:8080/ws/merchantAuth_1.0");
factory.setAddress(paymentProperties.getWsPublicUrl());
PaymentWebService service = (PaymentWebService) factory.create();
try {
final Client client = ClientProxy.getClient(service);
setupSsl((HTTPConduit) ClientProxy.getClient(service).getConduit());
} catch (Exception e) {
}
return service;
}
private void setupSsl(HTTPConduit httpConduit) throws Exception {
final TLSClientParameters tlsCP = new TLSClientParameters();
final String keyStoreLoc = paymentProperties.getSsl().getKeyStore();
final String keyPassword = paymentProperties.getSsl().getKeyStorePassword();
final String keystoreType = paymentProperties.getSsl().getKeyStoreType();
final KeyStore keyStore = KeyStore.getInstance(keystoreType);
Resource resource1 = resourceLoader.getResource(keyStoreLoc);
keyStore.load(resource1.getInputStream(), keyPassword.toCharArray());
final KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
tlsCP.setKeyManagers(myKeyManagers);
final String trustStoreLoc = paymentProperties.getSsl().getTrustStore();
final String trustStorePassword = paymentProperties.getSsl().getTrustStorePassword();
final String trustStoreType = paymentProperties.getSsl().getTrustStoreType();
final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
Resource resource2 = resourceLoader.getResource(trustStoreLoc);
trustStore.load(resource2.getInputStream(), trustStorePassword.toCharArray());
final TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
tlsCP.setTrustManagers(myTrustStoreKeyManagers);
httpConduit.setTlsClientParameters(tlsCP);
}
private static TrustManager[] getTrustManagers(KeyStore trustStore)
throws NoSuchAlgorithmException, KeyStoreException {
String alg = KeyManagerFactory.getDefaultAlgorithm();
TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
fac.init(trustStore);
return fac.getTrustManagers();
}
private static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword)
throws GeneralSecurityException, IOException {
String alg = KeyManagerFactory.getDefaultAlgorithm();
char[] keyPass = keyPassword != null ? keyPassword.toCharArray() : null;
KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
fac.init(keyStore, keyPass);
return fac.getKeyManagers();
}
}
在使用 apache cxf face
启动 spring 中调用 https 网络服务时出现以下异常SSLHandshakeException invoking https://fanava.shaparak.ir:443/merchantwebservice/jax/merchantAuth: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
调用此服务需要什么配置?
类客户端:
@Configuration
public class WSClient {
@Bean(name = "PaymentWebService")
public PaymentWebService PaymentWebServiceCLient() throws MalformedURLException {
JaxWsProxyFactoryBean factory;
factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(PaymentWebService.class);
factory.setAddress("http://localhost:8080/soap-api/merchantAuth_1.0");
return (PaymentWebService) factory.create();
}
}
网站的根证书不在 JVM 信任库中。因此,如果您将根证书导入 <path_to>/jre/lib/security/cacerts,我想您会没事的。
1.get 您需要的证书 Web 服务。
2.create 具有此证书的密钥库。
3.ssl 使用密钥库配置客户端:
@Configuration
public class WebServiceClient {
@Inject
private PaymentProperties paymentProperties;
@Autowired
private ResourceLoader resourceLoader;
@Bean(name = "PaymentWebService")
public PaymentWebService PaymentWebServiceCLient() throws MalformedURLException {
JaxWsProxyFactoryBean factory;
factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(PaymentWebService.class);
// factory.setAddress("http://localhost:8080/ws/merchantAuth_1.0");
factory.setAddress(paymentProperties.getWsPublicUrl());
PaymentWebService service = (PaymentWebService) factory.create();
try {
final Client client = ClientProxy.getClient(service);
setupSsl((HTTPConduit) ClientProxy.getClient(service).getConduit());
} catch (Exception e) {
}
return service;
}
private void setupSsl(HTTPConduit httpConduit) throws Exception {
final TLSClientParameters tlsCP = new TLSClientParameters();
final String keyStoreLoc = paymentProperties.getSsl().getKeyStore();
final String keyPassword = paymentProperties.getSsl().getKeyStorePassword();
final String keystoreType = paymentProperties.getSsl().getKeyStoreType();
final KeyStore keyStore = KeyStore.getInstance(keystoreType);
Resource resource1 = resourceLoader.getResource(keyStoreLoc);
keyStore.load(resource1.getInputStream(), keyPassword.toCharArray());
final KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
tlsCP.setKeyManagers(myKeyManagers);
final String trustStoreLoc = paymentProperties.getSsl().getTrustStore();
final String trustStorePassword = paymentProperties.getSsl().getTrustStorePassword();
final String trustStoreType = paymentProperties.getSsl().getTrustStoreType();
final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
Resource resource2 = resourceLoader.getResource(trustStoreLoc);
trustStore.load(resource2.getInputStream(), trustStorePassword.toCharArray());
final TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
tlsCP.setTrustManagers(myTrustStoreKeyManagers);
httpConduit.setTlsClientParameters(tlsCP);
}
private static TrustManager[] getTrustManagers(KeyStore trustStore)
throws NoSuchAlgorithmException, KeyStoreException {
String alg = KeyManagerFactory.getDefaultAlgorithm();
TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
fac.init(trustStore);
return fac.getTrustManagers();
}
private static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword)
throws GeneralSecurityException, IOException {
String alg = KeyManagerFactory.getDefaultAlgorithm();
char[] keyPass = keyPassword != null ? keyPassword.toCharArray() : null;
KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
fac.init(keyStore, keyPass);
return fac.getKeyManagers();
}
}