我们正在使用相互SSL握手(TLS 1.2)开发第三方WebService的实现 .
我们创建了 client.key 和 client.csr 并将其提交给第三方网站,该网站向我们发布了以下文件:
源于我们 client.csr
-
test_client.cer
-
test_server.cer
并测试证书:
-
CAtest.cer:验证test_x.cer证书的CA证书 -
PATest.cer:从3d part Webservice用于调用我们的Web服务的CLIENT证书的公共部分 . -
testservice.cer:从测试服务开发的服务器证书(第3部分WebService)
我们正在使用带有JBoss Wildfly的java和用于实现的轴来调用和公开服务 .
我创建了两个包含的信任库:
1)keystore_client.jks
-
test_client.cer
-
CAtest.cer
-
PATest.cer
-
testservice.cer
2)keystore_server.jks
-
test_server.cer(作为使用证书的密钥和用于生成client.csr的文件client.key) .
-
CAtest.cer
-
PATest.cer
-
testservice.cer
对于“服务器”部分,我在JBOSS wildfly上配置了安全领域:
<security-realm name="HttpsRealm">
<server-identities>
<ssl>
<keystore path="keystore_server.jks" relative-to="jboss.server.config.dir" keystore-password="xxxxxx"/>
</ssl>
</server-identities>
</security-realm>
对于客户端部分,我使用自定义SocketFactory初始化AXIS:
AxisProperties.setProperty("axis.socketSecureFactory", "com.utils.ws.MySSLSocketFactory");
在 MySSLSocketFactory 班:
如果我使用,则调用web服务: SSLContext ssl = SSLContext.getInstance("TLSv1"); 我收到以下错误消息:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) [axis.jar:]
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154) [axis.jar:]
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) [axis.jar:]
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) [axis.jar:]
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) [axis.jar:]
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) [axis.jar:]
at org.apache.axis.client.Call.invokeEngine(Call.java:2784) [axis.jar:]
at org.apache.axis.client.Call.invoke(Call.java:2767) [axis.jar:]
at org.apache.axis.client.Call.invoke(Call.java:2443) [axis.jar:]
at org.apache.axis.client.Call.invoke(Call.java:2366) [axis.jar:]
at org.apache.axis.client.Call.invoke(Call.java:1812) [axis.jar:]
将 SSLContext 更改为 SSLContext ssl = SSLContext.getInstance("TLSv1.2"); 我收到以下错误:
Caused by: (403)Forbidden
at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744) [axis.jar:]
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144) [axis.jar:]
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) [axis.jar:]
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) [axis.jar:]
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) [axis.jar:]
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) [axis.jar:]
at org.apache.axis.client.Call.invokeEngine(Call.java:2784) [axis.jar:]
at org.apache.axis.client.Call.invoke(Call.java:2767) [axis.jar:]
at org.apache.axis.client.Call.invoke(Call.java:2443) [axis.jar:]
at org.apache.axis.client.Call.invoke(Call.java:2366) [axis.jar:]
at org.apache.axis.client.Call.invoke(Call.java:1812) [axis.jar:]
我不知道我做错了什么 . 谢谢!