javax.xml.ws.Service通过SSL使用SOAP服务

Question

我想通过HTTPS使用SOAP服务。我已经给一个客户写了这样的信。我没有使用自动类生成，因为目标服务运行在多个系统上，因此服务URL在运行时会发生变化。

这是使用JAX实现的：

public class SAPClient implements Callable<...> {

private Service service = null;
private SOAPMessage response = null;
private boolean submitted = false;
private boolean successfull = false;
private QName serviceName;
private QName portName;
private SAPResult result = new SAPResult();
private Dispatch<SOAPMessage> dispatch = null;
private SOAPBody resBody = null;
private SapConnector connector;

public SAPClient(EricAgent agent, SapConnector connector) {
    this.connector = connector;
    serviceName = new QName(connector.getUrl(), Environment.SAP_CLIENT_SERVICE_NAME);
    portName = new QName(connector.getUrl(), Environment.SAP_CLIENT_PORT);
    this.service = Service.create(serviceName);
    service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, connector.getUrl());
    this.successfull = false;
}

(...)

public synchronized void invoke() throws SOAPException {
    try {
        dispatch = service.createDispatch(portName, SOAPMessage.class, Service.Mode.MESSAGE);

        MessageFactory mf = MessageFactory.newInstance(SOAPConstants.SOAP_1_1_PROTOCOL);
        SOAPMessage message = mf.createMessage();
        SOAPPart part = message.getSOAPPart();
        SOAPEnvelope env = part.getEnvelope();
        SOAPBody body = env.getBody();

        SOAPElement operation = body.addChildElement(
                Environment.SAP_CLIENT_OPERATION_NAME,
                Environment.SAP_CLIENT_TARGET_NAMESPACE.getPrefix(),
                Environment.SAP_CLIENT_TARGET_NAMESPACE.getURI());

        // Add ticket
        SOAPElement ticketValue = operation.addChildElement("ITicket");
        ticketValue.addTextNode(...);

        // Add "Informationsprotokoll"
        String resultString = buildEricResultString(agent);
        SOAPElement xmlValue = operation.addChildElement("IXml");
        xmlValue.addTextNode(resultString);
        message.saveChanges();

        Response<SOAPMessage> sapResponse = dispatch.invokeAsync(message);

        long waitingTime = 0;

        while (true) {
            if (waitingTime > Environment.SAP_CLIENT_TIME_OUT) {
                //... handle timeout
            }

            if (sapResponse.getContext() != null) {
                Environment.LOGGER.debug("got response");
                response = sapResponse.get();
                submitted = true;
                successfull = result.returnCode.equals("0");

                //...

                break;
            }

            wait(1000);
            waitingTime += 1000;
        }
    } catch (Throwable ex) {
        Environment.LOGGER.error(null, ex);
        this.submitted = false;
        this.successfull = false;
    }
}

}

我现在想通过SSL来使用这个服务。您能解释一下我是如何告诉Service类使用特定证书的吗？例如，我如何通过密钥库.我搜索了一下，没有找到满意的结果。提前感谢！

更新1:

加入：

    System.setProperty("javax.net.ssl.keyStore", certPath);
    System.setProperty("javax.net.ssl.keyStorePassword", certPass);

我可以让SSL工作--谢谢你！

输出看起来像这样，连接超时了：

keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: ***
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=***, OU=I0020498236, OU=SAP Web AS, O=SAP Trust Community, C=DE
  Issuer:  CN=***, OU=I0020498236, OU=SAP Web AS, O=SAP Trust Community, C=DE
  Algorithm: RSA; Serial number: 0x20120718050810
  Valid from Wed Jul 18 07:08:10 CEST 2012 until Fri Jan 01 01:00:01 CET 2038

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256

为了传递超时，我必须将这个属性传递给JVM，然后通过http(s)请求：

-Djava.net.preferIPv4Stack=true

Answer 1

在SOAP调用之前将其添加到代码中

System.setProperty("javax.net.ssl.keyStore",certificatePath);
System.setProperty("javax.net.ssl.keyStorePassword", certificatePassword));
System.setProperty("javax.net.ssl.keyStoreType", "JKS");

您可以从服务器url下载.cer证书，并使用命令将其转换为jks。

keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"

现在您需要与每个目标服务器相对应的证书，在您的系统中需要维护服务器url和证书之间的映射。