Java SOAP客户端JAX-WS:如何使用证书

Question

我正在使用NetBeans 7.0.1开发一个应用程序，它能够通过安全的(HTTPS/ SOAP )与服务器/SSL服务通信。在NetBeans中，我只需单击“新建”-> "Web Service Client..."，选择一个wsdl文件，然后单击finish。这将为SOAP客户端生成源码。在那之后，我在自己的文件夹中有很多新的java-files：

Generated Sources (jax-ws)

我更改了wsdl文件以连接到自己的/本地主机，而不使用HTTPS/SSL来测试SOAP客户端，它似乎工作得很好，但是现在我需要为SOAP/HTTP连接使用一个特定的证书，这是我获得的一个.p12文件。

我不知道如何将证书与生成的源代码结合使用。我像这样使用生成的SOAP-Client：

SoapServiceExample SSA = new ClassSoapServiceExample();
Object Response = SSA.getServicePort().doSomething(Authentification, Data);

如果我尝试将SOAP客户端与未更改/正确的wsdl文件一起使用，则会出现以下错误：

com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

[com.sun.xml.internal.ws.transport.http.client.HttpClientTransport] [getOutput] [-1]
[com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe] [process] [-1]
[com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe] [processRequest] [-1]
[com.sun.xml.internal.ws.transport.DeferredTransportPipe] [processRequest] [-1]
[com.sun.xml.internal.ws.api.pipe.Fiber] [__doRun] [-1]
[com.sun.xml.internal.ws.api.pipe.Fiber] [_doRun] [-1]
[com.sun.xml.internal.ws.api.pipe.Fiber] [doRun] [-1]
[com.sun.xml.internal.ws.api.pipe.Fiber] [runSync] [-1]
[com.sun.xml.internal.ws.client.Stub] [process] [-1]
[com.sun.xml.internal.ws.client.sei.SEIStub] [doProcess] [-1]
[com.sun.xml.internal.ws.client.sei.SyncMethodHandler] [invoke] [-1]
[com.sun.xml.internal.ws.client.sei.SyncMethodHandler] [invoke] [-1]
[com.sun.xml.internal.ws.client.sei.SEIStub] [invoke] [-1]
[$Proxy31] [doSomething] [-1]

我已经能够加载.p12证书以将其用于套接字。

public static TrustManager[] createTrustManagerWhoTrustAllways()
{
    return new TrustManager[]
    {
        new X509TrustManager()
        {
            @Override
            public X509Certificate[] getAcceptedIssuers()
            {
                return null;
            }

            @Override
            public void checkClientTrusted(X509Certificate[] certs, String authType)
            {
                return;
            }

            @Override
            public void checkServerTrusted(X509Certificate[] certs, String authType)
            {
                return;
            }
        }
    };
}

public static SSLContext loadPkcs12CertificateAndGetSslContext(String FileName, String Password) throws Exception
{
    KeyStore KS = KeyStore.getInstance("PKCS12");
    KS.load(new FileInputStream(FileName), Password.toCharArray());

    KeyManagerFactory KMF = KeyManagerFactory.getInstance("SunX509");
    KMF.init(KS, Password.toCharArray());

    SSLContext SSLC = SSLContext.getInstance("TLS");
    SSLC.init(KMF.getKeyManagers(), createTrustManagerWhoTrustAllways(), new SecureRandom());

    return SSLC;
}

public void connect() throws Exception
{
    if(true == m_Secure)
    {
        SSLContext SSLC = loadPkcs12CertificateAndGetSslContext(m_CertificateFileName, m_CertificatePassword);

        m_Socket = SSLC.getSocketFactory().createSocket(m_ServerName, m_ServerPort);
    }
    else
    {
        m_Socket = new Socket(m_ServerName, m_ServerPort);
    }
}

谁能告诉我，我如何为生成的SOAP客户端使用证书？

Answer 1

您可以通过在程序的命令行上通过系统属性提供密钥库和信任库配置来声明系统范围的密钥库：

-Djavax.net.ssl.trustStore=<yourtruststore>
-Djavax.net.ssl.trustStorePassword=<pwd>
-Djavax.net.ssl.keyStore=<your-keystore>
-Djavax.net.ssl.keyStorePassword=<pwd>

JAX-WS将选取该密钥库来配置SSL客户端连接。只需确保在密钥库中有正确的证书即可。