【问题标题】:WCF Java client to communicate with a server with wsHttpBinding signed with certificateWCF Java 客户端与带有证书签名的 wsHttpBinding 的服务器通信
【发布时间】:2019-05-24 14:51:23
【问题描述】:

我需要在 Java 中创建一个 WCF 客户端,它应该与使用带有 wsHttpBinding 和证书的消息安全性的 WCF 服务器进行通信。目前我只需要对消息进行签名(因此不需要加密)。当没有实现消息安全性时,我设法创建了一个 Java 客户端与服务器通信,即不涉及证书。我不确定如何告诉客户端使用哪个证书,但我可以为 Java 设置密钥库和信任库。以下是我执行的步骤,

创建服务: 首先,我在 Visual Studio 中创建了一个 WCF 服务器。这是 wsHttpBinding

<bindings>
    <wsHttpBinding>
        <binding name ="wsMessage">
            <security mode ="Message">
                <message clientCredentialType ="None" negotiateServiceCredential="true"/>
            </security>
        </binding>
    </wsHttpBinding>
</bindings>

使用以下行为配置对服务进行签名:

<behaviors>
    <serviceBehaviors>
        <behavior>
            <serviceMetadata httpGetEnabled="True" httpsGetEnabled="False"/>
            <serviceDebug includeExceptionDetailInFaults="False" />

            <serviceCredentials>
                <serviceCertificate findValue="mySubjectName" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
            </serviceCredentials>

        </behavior>
    </serviceBehaviors>
</behaviors>

然后将服务部署到 Azure。当我在 Visual Studio 中创建 Web 服务客户端时,一切正常,因此服务本身应该没有问题。

创建客户端:

1) 从以下镜像下载孵化器 Netbeans 二进制文件 https://www.apache.org/dyn/closer.cgi/incubator/netbeans/incubating-netbeans/incubating-11.0/incubating-netbeans-11.0-bin.zip

2) 我解压了所有文件 3) 将 jdk 版本更改为 1.8,如下所述:How to set the JDK Netbeans runs on? 4) 通过 incubating-netbeans-11.0-bin\netbeans\bin\netbeans64.exe 打开 Netbeans 5) 通过 File / New Project.../ Java Web Application / 创建一个新的 Web 项目。添加 GlashFish 服务器,选择 Java EE 7 Web。然后就完成了。 6)右键单击项目并选择新建/其他 7) 在过滤器中输入“Web Service Client”。点击下一步。 8) 在 WSDL URL 中输入 WSDL。 9) 点击完成。

我创建了一个新的 java 类并添加了以下代码:

package MyCode;

import java.io.File;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.xml.ws.BindingProvider;

public class NewClass {
    public static void main(String in[]) {
        System.out.println("Start");

        setTrustStoreAndKeyStores();

        MyService.Service1 ss = new MyService.Service1();
        MyService.IService1 port = ss.getWSHttpBindingIService1();
        BindingProvider bport = (BindingProvider)port;
        Map<String, Object> requestContext = bport.getRequestContext();
        requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "...");

        int a = port.addNumbers(2, 7);
        System.out.println("Result: " + a);
    }

    private static void setTrustStoreAndKeyStores() {
        System.setProperty("javax.net.ssl.keyStore", Credentials.keystorePath);
        System.setProperty("javax.net.ssl.keyStorePassword", Credentials.keystorePassword); 
        System.setProperty("javax.net.ssl.trustStore", Credentials.truststorePath);
        System.setProperty("javax.net.ssl.trustStorePassword", Credentials.truststorePassword);

        File keystore = new File(Credentials.keystorePath);
        File truststore = new File(Credentials.truststorePath);
        System.out.println("Keystore exists: " + keystore.exists());
        System.out.println("Truststore exists: " + truststore.exists());


        PrintVariable("javax.net.ssl.trustStore");
        PrintVariable("javax.net.ssl.trustStorePassword");
        PrintVariable("javax.net.ssl.keyStore");
        PrintVariable("javax.net.ssl.keyStorePassword");
    }

    private static void PrintVariable(String key) {
        String value = System.getProperty(key);
        if (value == null) {
            System.out.println(key + " is not defined");
        } else {
            System.out.println(key + ": " + value);
        }
    }

    public static class Credentials {
        public static String keystorePath = "C:/temp/prxyclient.jks";
        public static String keystorePassword = "password";

        public static String keystoreFilename = "prxyclient.jks";
        public static String keystoreType = "pkcs12";
        public static String keystoreAlias = "password";

        public static String truststorePath = "C:/Program Files/Java/jdk1.8.0_161/jre/lib/security/cacerts";
        public static String truststorePassword = "changeit";


    }
}

当我运行代码时,我得到以下输出

Keystore exists: true
Truststore exists: true
javax.net.ssl.trustStore: C:/Program Files/Java/jdk1.8.0_161/jre/lib/security/cacerts
javax.net.ssl.trustStorePassword: changeit
javax.net.ssl.keyStore: C:/temp/prxyclient.jks
javax.net.ssl.keyStorePassword: password

随后出现以下错误:

maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.misc.DefaultCallbackHandler getDefaultCertificateFromTrustStore
SEVERE: WSS1511: An Error occurred while locating PEER Entity certificate in TrustStore.
maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getCertificate
SEVERE: WSS0216: An Error occurred using CallbackHandler for : EncryptionKeyCallback.AliasX509CertificateRequest
maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getCertificate
SEVERE: WSS0217: An Error occurred using CallbackHandler handle() Method.
java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
    at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultCertificateFromTrustStore(DefaultCallbackHandler.java:1356)
    at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:599)
    at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:390)
    at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:496)
    at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:69)
    at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:248)
    at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:164)
    at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:125)
    at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:359)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
    at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
    at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
    at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
    at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
    at com.sun.xml.ws.client.Stub.process(Stub.java:433)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
    at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
    at MyCode.NewClass.main(NewClass.java:32)

maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.filter.SignatureFilter process
SEVERE: WSS1413: Error extracting certificate
com.sun.xml.wss.XWSSecurityException: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
    at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:395)
    at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:496)
    at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:69)
    at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:248)
    at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:164)
    at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:125)
    at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:359)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
    at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
    at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
    at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
    at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
    at com.sun.xml.ws.client.Stub.process(Stub.java:433)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
    at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
    at MyCode.NewClass.main(NewClass.java:32)
Caused by: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
    at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultCertificateFromTrustStore(DefaultCallbackHandler.java:1356)
    at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:599)
    at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:390)
    ... 25 more

maj 24, 2019 3:35:15 EM com.sun.xml.wss.jaxws.impl.SecurityTubeBase secureOutboundMessage
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
    at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:502)
    at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:69)
    at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:248)
    at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:164)
    at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:125)
    at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:359)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
    at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
    at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
    at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
    at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
    at com.sun.xml.ws.client.Stub.process(Stub.java:433)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
    at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
    at MyCode.NewClass.main(NewClass.java:32)
Caused by: com.sun.xml.wss.XWSSecurityException: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
    at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:395)
    at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:496)
    ... 24 more
Caused by: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
    at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultCertificateFromTrustStore(DefaultCallbackHandler.java:1356)
    at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:599)
    at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:390)
    ... 25 more

maj 24, 2019 3:35:15 EM com.sun.xml.wss.jaxws.impl.SecurityClientTube processClientRequestPacket
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header
    at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:319)
    at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:365)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
    at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
    at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
    at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
    at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
    at com.sun.xml.ws.client.Stub.process(Stub.java:433)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
    at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
    at MyCode.NewClass.main(NewClass.java:32)

Exception in thread "main" javax.xml.ws.WebServiceException: WSSTUBE0024: Error in Securing Outbound Message.
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:301)
    at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
    at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
    at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
    at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
    at com.sun.xml.ws.client.Stub.process(Stub.java:433)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
    at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
    at MyCode.NewClass.main(NewClass.java:32)
Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security Header
    at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:686)
    ... 19 more
Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header
    at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:319)
    at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:365)
    at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
    ... 18 more
C:\Users\jeslun\AppData\Local\NetBeans\Cache\11.0\executor-snippets\run.xml:111: The following error occurred while executing this line:
C:\Users\jeslun\AppData\Local\NetBeans\Cache\11.0\executor-snippets\run.xml:94: Java returned: 1
BUILD FAILED (total time: 2 seconds)

我认为 NetBeans 正在使用 Metro 2.0 和 Glashfish。错误似乎是它找不到正确的证书。

以前我尝试在 Eclipse 中使用 CXF 和 Axis2 创建一个 Java 客户端,但可能会将其放在另一个线程中。我花了很多时间试图让它发挥作用,并阅读了很多文章、博客等。但感谢任何帮助。

【问题讨论】:

  • 我正在尝试在 Java 客户端中将 WCF 与 wsHttpBinding 一起使用并遇到问题。你是如何生成代理类的?虽然我可以使用 Axis2 库生成代理类但无法连接 WCF 服务。

标签: java wcf client x509certificate wshttpbinding


【解决方案1】:

经过两次更改,我终于可以正常工作了。

第一件事: Netbeans 有点问题。经过大量点击后,我发现了以下内容。
1) 在左侧的项目视图中,展开“Web Service References”,
2) 右键单击​​ WCF 服务并选择“编辑 Web 服务属性”。
3) 在“服务质量”选项卡下,单击使用默认值的框。
4) 我们不想选中此框,但在我的情况下,这触发了 NetBeans 告诉我 Metro 没有下载并询问我是否应该下载它。
5) 下载并加载到 netbeans 后,我可以在“服务质量”下选择密钥库。

第二件事, 包含 WCF 的服务器您需要将客户端证书添加到受信任的人,如下所示:
1) 点击开始并输入“mmc”,然后回车。这将启动 Microsoft 管理控制台。
2) 单击文件/添加/删除管理单元...
3) 单击左侧的证书,然后单击“添加 >”
4) 选择电脑账号,然后下一步
5) 选择本地计算机,然后完成
6) 点击确定。
7) 展开证书(本地计算机)/受信任的人/
8)右键单击证书(在受信任的人下),选择所有任务/导入
9) 按照指南导入客户端证书

【讨论】:

    猜你喜欢
    • 2014-06-07
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2011-06-11
    • 2015-04-30
    • 2018-11-29
    • 2012-08-19
    相关资源
    最近更新 更多