为什么在 HttpServletRequest 中找不到证书?
Why can't I find the certificate in HttpServletRequest?
我使用以下命令通过 curl 传递请求以及证书
curl --cacert root_2.pem --cert 99usr.pem --key 99usr.key https://localhost:8443/WebServiceProject/CalculatorService -d @test-soap.xml -H "Accept: * / *" - H "缓存管理:无缓存" - H "Accept-Encoding: gzip, deflation" - H " Content type: text/xml; encoding=UTF-8" \
curl output
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: root_2.pem
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=RU; O=Company; OU=00CA; CN=localhost
* start date: Nov 18 14:05:43 2020 GMT
* expire date: Feb 20 14:15:43 2023 GMT
* common name: localhost (matched)
* issuer: DC=ru; DC=rf; DC=ca; CN=Test Issuing CA 2
* SSL certificate verify ok.
> GET /WebServiceProject/CalculatorService HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 200 OK
< X-Powered-By: Servlet/3.0
< Content-Type: text/html; charset=utf-8
< Content-Language: en-US
< Set-Cookie: JSESSIONID=0000O-g63NyHjOW2Oj3CcOjjcXi:-1; Path=/; HttpOnly
< Transfer-Encoding: chunked
< Date: Wed, 14 Jul 2021 09:20:05 GMT
< Expires: Thu, 01 Dec 1994 16:00:00 GMT
< Cache-Control: no-cache="set-cookie, set-cookie2"
然后我尝试读取请求,但我没有在其中找到证书。
X509Certificate[] x509Certificates = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
if (x509Certificates == null || x509Certificates.length == 0)
{
throw new Exception("Certificate not found");
}
您的 curl 输出未显示“证书请求”握手消息,因此您访问的端口可能未在 WebSphere 的“保护质量”SSL 设置中配置为带 TLS 相互身份验证。
我使用以下命令通过 curl 传递请求以及证书
curl --cacert root_2.pem --cert 99usr.pem --key 99usr.key https://localhost:8443/WebServiceProject/CalculatorService -d @test-soap.xml -H "Accept: * / *" - H "缓存管理:无缓存" - H "Accept-Encoding: gzip, deflation" - H " Content type: text/xml; encoding=UTF-8" \
curl output
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: root_2.pem
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=RU; O=Company; OU=00CA; CN=localhost
* start date: Nov 18 14:05:43 2020 GMT
* expire date: Feb 20 14:15:43 2023 GMT
* common name: localhost (matched)
* issuer: DC=ru; DC=rf; DC=ca; CN=Test Issuing CA 2
* SSL certificate verify ok.
> GET /WebServiceProject/CalculatorService HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 200 OK
< X-Powered-By: Servlet/3.0
< Content-Type: text/html; charset=utf-8
< Content-Language: en-US
< Set-Cookie: JSESSIONID=0000O-g63NyHjOW2Oj3CcOjjcXi:-1; Path=/; HttpOnly
< Transfer-Encoding: chunked
< Date: Wed, 14 Jul 2021 09:20:05 GMT
< Expires: Thu, 01 Dec 1994 16:00:00 GMT
< Cache-Control: no-cache="set-cookie, set-cookie2"
然后我尝试读取请求,但我没有在其中找到证书。
X509Certificate[] x509Certificates = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
if (x509Certificates == null || x509Certificates.length == 0)
{
throw new Exception("Certificate not found");
}
您的 curl 输出未显示“证书请求”握手消息,因此您访问的端口可能未在 WebSphere 的“保护质量”SSL 设置中配置为带 TLS 相互身份验证。