使用jboss的Java Mutual SSL身份验证客户端 - 服务器

我们正在使用相互SSL握手(TLS 1.2)开发第三方WebService的实现 .

我们创建了 client.keyclient.csr 并将其提交给第三方网站,该网站向我们发布了以下文件:

源于我们 client.csr

  • test_client.cer

  • test_server.cer

并测试证书:

  • CAtest.cer :验证test_x.cer证书的CA证书

  • PATest.cer :从3d part Webservice用于调用我们的Web服务的CLIENT证书的公共部分 .

  • testservice.cer :从测试服务开发的服务器证书(第3部分WebService)

我们正在使用带有JBoss Wildfly的java和用于实现的轴来调用和公开服务 .

我创建了两个包含的信任库:

1)keystore_client.jks

  • test_client.cer

  • CAtest.cer

  • PATest.cer

  • testservice.cer

2)keystore_server.jks

  • test_server.cer(作为使用证书的密钥和用于生成client.csr的文件client.key) .

  • CAtest.cer

  • PATest.cer

  • testservice.cer

对于“服务器”部分,我在JBOSS wildfly上配置了安全领域:

<security-realm name="HttpsRealm">
    <server-identities>
        <ssl>
            <keystore path="keystore_server.jks" relative-to="jboss.server.config.dir" keystore-password="xxxxxx"/>
        </ssl>
    </server-identities>
</security-realm>

对于客户端部分,我使用自定义SocketFactory初始化AXIS:

AxisProperties.setProperty("axis.socketSecureFactory", "com.utils.ws.MySSLSocketFactory");

MySSLSocketFactory 班:

如果我使用,则调用web服务: SSLContext ssl = SSLContext.getInstance("TLSv1"); 我收到以下错误消息:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
 Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) [axis.jar:]
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154) [axis.jar:]
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) [axis.jar:]
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) [axis.jar:]
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) [axis.jar:]
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) [axis.jar:]
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784) [axis.jar:]
    at org.apache.axis.client.Call.invoke(Call.java:2767) [axis.jar:]
    at org.apache.axis.client.Call.invoke(Call.java:2443) [axis.jar:]
    at org.apache.axis.client.Call.invoke(Call.java:2366) [axis.jar:]
    at org.apache.axis.client.Call.invoke(Call.java:1812) [axis.jar:]

SSLContext 更改为 SSLContext ssl = SSLContext.getInstance("TLSv1.2"); 我收到以下错误:

Caused by: (403)Forbidden
    at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744) [axis.jar:]
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144) [axis.jar:]
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) [axis.jar:]
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) [axis.jar:]
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) [axis.jar:]
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) [axis.jar:]
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784) [axis.jar:]
    at org.apache.axis.client.Call.invoke(Call.java:2767) [axis.jar:]
    at org.apache.axis.client.Call.invoke(Call.java:2443) [axis.jar:]
    at org.apache.axis.client.Call.invoke(Call.java:2366) [axis.jar:]
    at org.apache.axis.client.Call.invoke(Call.java:1812) [axis.jar:]

我不知道我做错了什么 . 谢谢!

回答(0)