个人中心
gpt4 book ai didi

spring - Apache CXF JaxWsProxyFactoryBean SSL 配置调用外部 https 失败

转载 作者:行者123 更新时间:2023-12-04 22:39:08 24 4
gpt4 key购买 nike

我部署了一个 Spring 微服务 docker。
我使用 JaxWsProxyFactoryBean 调用外部服务器(soap/wsdl)并且使用 http://externalServer 一切顺利:

JaxWsProxyFactoryBean jaxWsProxyFactoryBean = new JaxWsProxyFactoryBean();
jaxWsProxyFactoryBean.setAddress("http://externalServer");
...
当我在 setAddress 中调用 https 时出现问题。
我使用keytool在 keystore 中注册了被调用服务器的 key /证书,并保存到/root/.keystore(标准),从pfx导入它。
当我尝试调用 https 时,我收到此错误: 
org.apache.cxf.transport.https.SSLUtils  : Default key managers cannot be initialized: Password must not be null
好的,我错过了密码。但是这个恶意密码放在哪里?在 application.yml?在系统属性中? [keystore中使用的密码是标准的(changeit)]
已编辑
这里是日志的快照: 
DEBUG 1 --- [  XNIO-1 task-1] org.apache.cxf.transport.https.SSLUtils  : The location of the key store has not been set via a system parameter or through configuration so the default value of /root/.keystore will be used.
DEBUG 1 --- [  XNIO-1 task-1] org.apache.cxf.transport.https.SSLUtils  : The key store password has not been set via a system property or through configuration, reading data from the keystore will fail.
DEBUG 1 --- [  XNIO-1 task-1] org.apache.cxf.transport.https.SSLUtils  : The key password has not been set via a system property or through configuration, reading data from the keystore will fail.
DEBUG 1 --- [  XNIO-1 task-1] org.apache.cxf.transport.https.SSLUtils  : The keystore type has not been set in configuration so the default value of JKS will be used.
WARN 1 --- [  XNIO-1 task-1] org.apache.cxf.transport.https.SSLUtils  : Default key managers cannot be initialized: Password must not be null
使用标准 keystore 但没有密码。

最佳答案

从您的问题的评论部分查看我们的对话,我可以得出结论,您的 Apache CXF 没有配置 ssl。您需要做的是读取包含可信证书的 keystore 并将其加载到您的SSLContext 中。与 TrustManagerFactory 和 TrustManager。
以下是您可以尝试的示例配置:
选项 1 - 纯 Java 

import org.apache.cxf.bus.CXFBusFactory;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.transport.http.HTTPConduitConfigurer;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import java.nio.file.Paths;
import java.security.KeyStore;

public class App {

    public static void main(String[] args) throws Exception {
        InputStream identityAsInputStream = Files.newInputStream(Paths.get("/path/to/your/identity.jks"));
        KeyStore identity = KeyStore.getInstance(KeyStore.getDefaultType());
        identity.load(identityAsInputStream, "keystore-password".toCharArray());

        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(identity, "key-password".toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();

        InputStream trustStoreInputStream = Files.newInputStream(Paths.get("/path/to/your/truststore.jks"));
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(trustStoreInputStream, "truststore-password".toCharArray());

        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(keyManagers, trustManagers, null);

        JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
        factory.setAddress("https://some-secure-server.com/");

        factory.setBus(new CXFBusFactory().createBus());
        factory.getBus().setExtension((name, address, httpConduit) -> {
            TLSClientParameters tls = new TLSClientParameters();
            tls.setSSLSocketFactory(sslContext.getSocketFactory());
            httpConduit.setTlsClientParameters(tls);
        }, HTTPConduitConfigurer.class);

        WebClient webClient = factory.createWebClient();
    }
}
选项 2 - 使用库的简化配置 
import nl.altindag.ssl.SSLFactory;
import org.apache.cxf.bus.CXFBusFactory;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.transport.http.HTTPConduitConfigurer;

import java.nio.file.Paths;

public class App {

    public static void main(String[] args) throws Exception {
        SSLFactory sslFactory = SSLFactory.builder()
                .withIdentityMaterial(Paths.get("/path/to/your/identity.jks"), "keystore-password".toCharArray())
                .withTrustMaterial(Paths.get("/path/to/your/truststore.jks"), "truststore-password".toCharArray())
                .build();

        JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
        factory.setAddress("https://some-secure-server.com/");

        factory.setBus(new CXFBusFactory().createBus());
        factory.getBus().setExtension((name, address, httpConduit) -> {
            TLSClientParameters tls = new TLSClientParameters();
            tls.setSSLSocketFactory(sslFactory.getSslSocketFactory());
            httpConduit.setTlsClientParameters(tls);
        }, HTTPConduitConfigurer.class);

        WebClient webClient = factory.createWebClient();
    }
}
该库在此处可用: GitHub - SSLContext Kickstart
我这里还有一个 cxf 客户端的工作示例,用于基于 ssl 的单向和双向身份验证: GitHub - Example Apache CXF client ssl configuration

关于spring - Apache CXF JaxWsProxyFactoryBean SSL 配置调用外部 https 失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66905254/

24 4 0
文章推荐: c++ - SSL_set_tlsext_host_name 崩溃
文章推荐: docker - kubernetes 无法拉取镜像 docker 私有(private)注册表
文章推荐: java - 将 SSL 证书加载到容器的 JVM
文章推荐: apache - 400 Bad Request 您正在向启用 SSL 的服务器端口 kubernetes pod 使用普通 HTTP
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com