Soap Webservice CA 证书验证:java.security.cert.CertPathValidatorException:路径不与任何信任锚链接

Soap Webservice CA certificate validation: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

我正在尝试使用 wsse:BinarySecurityToken (ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1) 验证来自 windows 密钥库的 CA 证书。 0#X509v3"),我从 XML 获得,但它因异常而失败:java.security.cert.CertPathValidatorException:路径不与任何信任锚链接。

   public static void main(String[] args) {

          String alias = "foo";

          KeyStore personalKS = KeyStore.getInstance("Windows-Root");
      
          new SecurityPermission("authProvider.SunMSCAPI");
          personalKS.load(null, null);
      
          Certificate cert = personalKS.getCertificate(alias);

          //has to be transmitted as byte later
          byte[] caCert = cert.getEncoded();
      
          CertificateFactory cf = CertificateFactory.getInstance("X509");
      
          List<Object> list = new ArrayList<Object>();
          list.add(caCert);
          // X509Certificate x509tokenCert, received through a parameter
          list.add(x509tokenCert);
      
          CertStoreParameters certStoreParams = new CollectionCertStoreParameters(list);
      
          // return certStoreParams.toString();
      
          CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
      
          // trusted ca cert
          Set<TrustAnchor> trust = Collections.singleton(new TrustAnchor(caCert, null));
          PKIXParameters params = new PKIXParameters(trust);
      
          // set CRL checking
          params.setRevocationEnabled(false);
          params.addCertStore(certStore);
      
          // sets the time for the validity of the certification // path should be determined
          params.setDate(date);
      
          List<X509Certificate> certChain = new ArrayList<X509Certificate>(); // add certificate
          certChain.add(x509tokenCert);
      
          CertPath certPath = cf.generateCertPath(certChain);
          CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
      
          certPathValidator.validate(certPath, params);

  }

控制台:

Exception in thread "main" com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: java.lang.Exception: Path does not chain with any of the trust anchors--> java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
    at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:159)
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:85)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
    at evvvalidator.util.Validator.isCertificateValid(Validator.java:124)
    at evvvalidator.CustomValidator.validateFromDoc(CustomValidator.java:100)
    at evvvalidator.SignatureValidator.validation(SignatureValidator.java:22)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397)
    at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186)
    at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
    at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
    at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
    at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:247)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3697)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3667)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)
    at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
    at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
    at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
    at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2443)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2291)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2269)
    at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1703)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1663)
    at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272)
    at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)
    at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)
    at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)
    at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
    at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:644)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:415)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:355)
 Please see the server log to find more detail regarding exact cause of the failure.
    at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(Unknown Source)
    at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(Unknown Source)
    at com.sun.xml.internal.ws.client.sei.StubHandler.readResponse(Unknown Source)
    at com.sun.xml.internal.ws.db.DatabindingImpl.deserializeResponse(Unknown Source)
    at com.sun.xml.internal.ws.db.DatabindingImpl.deserializeResponse(Unknown Source)
    at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
    at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
    at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
    at com.sun.proxy.$Proxy31.validation(Unknown Source)
    at soaprequest.SoapRequest.main(SoapRequest.java:22)

在同事的帮助下解决了问题。使用了错误的证书。这个 Java 异常根本没有帮助(或者我错了吗?)。