com.sun.xml.wss.XWSSecurityException: 无法找到别名“”的证书
com.sun.xml.wss.XWSSecurityException: Unable to locate certificate for the alias ''
我正在尝试加密 SOAP 请求。问题是 reuest 是正确的,但是当涉及到加密时,我得到以下错误:
这在 spring-ws 文档 (https://docs.spring.io/spring-ws/site/reference/html/security.html):
7.2.4.2. Encryption To encrypt outgoing SOAP messages, the security policy file should contain a Encrypt element. This element can further
carry a EncryptionTarget element which indicates which part of the
message should be encrypted, and a SymmetricKey to indicate that a
shared secret instead of the regular public key should be used to
encrypt the message. You can read a description of the other elements
here .
The XwsSecurityInterceptor will fire a EncryptionKeyCallback to the
registered handlers in order to retrieve the encryption information.
Within Spring-WS, there is one class which handled this particular
callback: the KeyStoreCallbackHandler.
我的错误:
2019-10-16 19:56:52.482 ERROR 5264 --- [nio-8080-exec-1] j.e.resource.xml.webservices.security : WSS0221: Unable to locate matching certificate for Key Encryption using Callback Handler.
2019-10-16 19:56:52.494 ERROR 5264 --- [nio-8080-exec-1] com.sun.xml.wss.logging.impl.filter : WSS1413: Error extracting certificate
com.sun.xml.wss.XWSSecurityException: Unable to locate certificate for the alias ''
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:365) ~[xws-security-3.0.jar:3.0-FCS]
我的代码:
@Bean
public XwsSecurityInterceptor securityInterceptor() {
XwsSecurityInterceptor securityInterceptor = new XwsSecurityInterceptor();
securityInterceptor.setPolicyConfiguration(new ClassPathResource("securityPolicy.xml"));
try{
securityInterceptor.setCallbackHandler(callback());
securityInterceptor.afterPropertiesSet();
}
catch (Exception e) {
System.out.println("display Expensionm: " + e);
}
return securityInterceptor;
}
@Bean
public KeyStoreCallbackHandler callback() throws Exception{
KeyStoreCallbackHandler callbackHandler = new KeyStoreCallbackHandler();
callbackHandler.setPrivateKeyPassword("sopasswordo");
callbackHandler.setDefaultAlias("test");
callbackHandler.setKeyStore(keyStoreFactoryBean());
callbackHandler.setTrustStore(TrustFactoryBean());
return callbackHandler;
}
@Bean
public KeyStore keyStoreFactoryBean(){
KeyStoreFactoryBean keyStoreFactoryBean = new KeyStoreFactoryBean();
keyStoreFactoryBean.setPassword("sotore_passwordo");
//keyStoreFactoryBean.setType("JKS");
System.out.println("1");
keyStoreFactoryBean.setLocation(new FileSystemResource("C:\Users\miha_\OneDrive\Dokumenti\Job\Lj\Spring\Porting\target\classes\softnet.jks"));
try{
keyStoreFactoryBean.afterPropertiesSet();
}catch (Exception e){
System.out.println("e: "+e );
}
return keyStoreFactoryBean.getObject();
}
@Bean
public KeyStore TrustFactoryBean(){
KeyStoreFactoryBean trustFactory = new KeyStoreFactoryBean();
trustFactory.setPassword("sostore_passwordo");
//keyStoreFactoryBean.setType("JKS");
System.out.println("1");
trustFactory.setLocation(new FileSystemResource("C:\Users\miha_\OneDrive\Dokumenti\Job\Lj\Spring\Porting\target\classes\trust.jks"));
try{
trustFactory.afterPropertiesSet();
}catch (Exception e){
System.out.println("e: "+e );
}
return trustFactory.getObject();
}
@Override
public void addInterceptors(List interceptors) {
interceptors.add(securityInterceptor());
}
我不知道 enrypt 证书的别名没有设置,也没有检索到证书。我设置了默认别名,但我想我还缺少其他东西。
我的保单:
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:Sign includeTimestamp="false" />
<xwss:Encrypt />
</xwss:SecurityConfiguration>
客户端使用 xwss:Encrypt 元素和服务器的 public 密钥(证书)来初始化共享秘密(对称密钥)的交换。
您需要在客户端密钥库中提供服务器证书的 alias-name(服务器的 public 密钥)。
示例:
<xwss:Encrypt>
<xwss:X509Token certificateAlias="myServerPubCert"/>
</xwss:Encrypt>
您还必须向 xwss:sign 元素提供您客户私钥的 alias-name。
示例:
<xwss:Sign includeTimestamp="false">
<xwss:X509Token certificateAlias="myClientPrivKey"/>
</xwss:Sign>
我正在尝试加密 SOAP 请求。问题是 reuest 是正确的,但是当涉及到加密时,我得到以下错误:
这在 spring-ws 文档 (https://docs.spring.io/spring-ws/site/reference/html/security.html):
7.2.4.2. Encryption To encrypt outgoing SOAP messages, the security policy file should contain a Encrypt element. This element can further carry a EncryptionTarget element which indicates which part of the message should be encrypted, and a SymmetricKey to indicate that a shared secret instead of the regular public key should be used to encrypt the message. You can read a description of the other elements here .
The XwsSecurityInterceptor will fire a EncryptionKeyCallback to the registered handlers in order to retrieve the encryption information. Within Spring-WS, there is one class which handled this particular callback: the KeyStoreCallbackHandler.
我的错误:
2019-10-16 19:56:52.482 ERROR 5264 --- [nio-8080-exec-1] j.e.resource.xml.webservices.security : WSS0221: Unable to locate matching certificate for Key Encryption using Callback Handler.
2019-10-16 19:56:52.494 ERROR 5264 --- [nio-8080-exec-1] com.sun.xml.wss.logging.impl.filter : WSS1413: Error extracting certificate
com.sun.xml.wss.XWSSecurityException: Unable to locate certificate for the alias ''
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:365) ~[xws-security-3.0.jar:3.0-FCS]
我的代码:
@Bean
public XwsSecurityInterceptor securityInterceptor() {
XwsSecurityInterceptor securityInterceptor = new XwsSecurityInterceptor();
securityInterceptor.setPolicyConfiguration(new ClassPathResource("securityPolicy.xml"));
try{
securityInterceptor.setCallbackHandler(callback());
securityInterceptor.afterPropertiesSet();
}
catch (Exception e) {
System.out.println("display Expensionm: " + e);
}
return securityInterceptor;
}
@Bean
public KeyStoreCallbackHandler callback() throws Exception{
KeyStoreCallbackHandler callbackHandler = new KeyStoreCallbackHandler();
callbackHandler.setPrivateKeyPassword("sopasswordo");
callbackHandler.setDefaultAlias("test");
callbackHandler.setKeyStore(keyStoreFactoryBean());
callbackHandler.setTrustStore(TrustFactoryBean());
return callbackHandler;
}
@Bean
public KeyStore keyStoreFactoryBean(){
KeyStoreFactoryBean keyStoreFactoryBean = new KeyStoreFactoryBean();
keyStoreFactoryBean.setPassword("sotore_passwordo");
//keyStoreFactoryBean.setType("JKS");
System.out.println("1");
keyStoreFactoryBean.setLocation(new FileSystemResource("C:\Users\miha_\OneDrive\Dokumenti\Job\Lj\Spring\Porting\target\classes\softnet.jks"));
try{
keyStoreFactoryBean.afterPropertiesSet();
}catch (Exception e){
System.out.println("e: "+e );
}
return keyStoreFactoryBean.getObject();
}
@Bean
public KeyStore TrustFactoryBean(){
KeyStoreFactoryBean trustFactory = new KeyStoreFactoryBean();
trustFactory.setPassword("sostore_passwordo");
//keyStoreFactoryBean.setType("JKS");
System.out.println("1");
trustFactory.setLocation(new FileSystemResource("C:\Users\miha_\OneDrive\Dokumenti\Job\Lj\Spring\Porting\target\classes\trust.jks"));
try{
trustFactory.afterPropertiesSet();
}catch (Exception e){
System.out.println("e: "+e );
}
return trustFactory.getObject();
}
@Override
public void addInterceptors(List interceptors) {
interceptors.add(securityInterceptor());
}
我不知道 enrypt 证书的别名没有设置,也没有检索到证书。我设置了默认别名,但我想我还缺少其他东西。
我的保单:
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:Sign includeTimestamp="false" />
<xwss:Encrypt />
</xwss:SecurityConfiguration>
客户端使用 xwss:Encrypt 元素和服务器的 public 密钥(证书)来初始化共享秘密(对称密钥)的交换。
您需要在客户端密钥库中提供服务器证书的 alias-name(服务器的 public 密钥)。
示例:
<xwss:Encrypt>
<xwss:X509Token certificateAlias="myServerPubCert"/>
</xwss:Encrypt>
您还必须向 xwss:sign 元素提供您客户私钥的 alias-name。
示例:
<xwss:Sign includeTimestamp="false">
<xwss:X509Token certificateAlias="myClientPrivKey"/>
</xwss:Sign>