apache cxf jaxwsproxyfactorybean对外部https的ssl配置调用失败

kmpatx3s 于 2021-07-13 发布在 Java

关注(0)|答案(1)|浏览(535)

我部署了一个spring微服务docker。我使用jaxwsproxyfactorybean来调用外部服务器（soap/wsdl），使用它一切正常http://externalserver:

JaxWsProxyFactoryBean jaxWsProxyFactoryBean = new JaxWsProxyFactoryBean();
jaxWsProxyFactoryBean.setAddress("http://externalServer");
...

当我在setaddress中调用https时，问题就出现了。
我使用keytool在keystore中注册了被调用服务器的密钥/证书，并保存到/root/.keystore（标准）中，从pfx导入它。当我尝试调用https时，出现以下错误：

org.apache.cxf.transport.https.SSLUtils  : Default key managers cannot be initialized: Password must not be null

好吧，我少了一个密码。但是这个恶意密码放在哪里了？在application.yml中？系统内属性[密钥库中使用的密码是标准密码（changeit）]
编辑
下面是日志的快照：

DEBUG 1 --- [  XNIO-1 task-1] org.apache.cxf.transport.https.SSLUtils  : The location of the key store has not been set via a system parameter or through configuration so the default value of /root/.keystore will be used.
DEBUG 1 --- [  XNIO-1 task-1] org.apache.cxf.transport.https.SSLUtils  : The key store password has not been set via a system property or through configuration, reading data from the keystore will fail.
DEBUG 1 --- [  XNIO-1 task-1] org.apache.cxf.transport.https.SSLUtils  : The key password has not been set via a system property or through configuration, reading data from the keystore will fail.
DEBUG 1 --- [  XNIO-1 task-1] org.apache.cxf.transport.https.SSLUtils  : The keystore type has not been set in configuration so the default value of JKS will be used.
WARN 1 --- [  XNIO-1 task-1] org.apache.cxf.transport.https.SSLUtils  : Default key managers cannot be initialized: Password must not be null

使用标准密钥库，但没有密码。

spring docker ssl Keytool cxf

来源：https://stackoverflow.com/questions/66905254/apache-cxf-jaxwsproxyfactorybean-ssl-configuration-call-to-external-https-fails

1条答案

按热度按时间

2sbarzqh1#

从您的问题的评论部分查看我们的对话，我可以得出结论，您的apachecxf没有配置ssl。您需要做的是读取包含可信证书的密钥库并将其加载到 SSLContext 与trustmanagerfactory和trustmanager。
下面是您可以尝试的配置示例：

import org.apache.cxf.bus.CXFBusFactory;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.transport.http.HTTPConduitConfigurer;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import java.security.KeyStore;

public class App {

    public static void main(String[] args) throws Exception {
        InputStream identityAsInputStream = Files.newInputStream(Paths.get("/path/to/your/identity.jks"));
        KeyStore identity = KeyStore.getInstance(KeyStore.getDefaultType());
        identity.load(identityAsInputStream, "keystore-password".toCharArray());

        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(identity, "key-password".toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();

        InputStream trustStoreInputStream = Files.newInputStream(Paths.get("/path/to/your/truststore.jks"));
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(trustStoreInputStream, "truststore-password".toCharArray());

        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(keyManagers, trustManagers, null);

        JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
        factory.setAddress("https://some-secure-server.com/");

        factory.setBus(new CXFBusFactory().createBus());
        factory.getBus().setExtension((name, address, httpConduit) -> {
            TLSClientParameters tls = new TLSClientParameters();
            tls.setSSLSocketFactory(sslContext.getSocketFactory());
            httpConduit.setTlsClientParameters(tls);
        }, HTTPConduitConfigurer.class);

        WebClient webClient = factory.createWebClient();
    }
}

这里还有一个cxf客户机的工作示例，用于基于ssl的单向和双向身份验证：github-示例apachecxf客户机ssl配置

赞(0）回复(0）举报 2021-07-13

我来回答

apache cxf jaxwsproxyfactorybean对外部https的ssl配置调用失败

1条答案

相关问题

热门标签

最新问答