我需要在Java中创建一个WCF客户端,该客户端应与WCF服务器进行通信,该服务器使用WSHTTPBINDING和证书使用消息安全性。目前,我只需要签署消息(因此不需要加密(。我设法创建了一个Java客户端以与服务器进行通信,即在未实施消息安全性时,即没有涉及的证书。我不确定如何告诉客户使用哪个证书,但我能够为Java设置密钥库和TrustStore。以下是我执行的步骤
创建服务:首先,我在Visual Studio中创建了WCF服务器。这是wshtpbinding
<bindings>
<wsHttpBinding>
<binding name ="wsMessage">
<security mode ="Message">
<message clientCredentialType ="None" negotiateServiceCredential="true"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
该服务具有以下行为配置:
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="False"/>
<serviceDebug includeExceptionDetailInFaults="False" />
<serviceCredentials>
<serviceCertificate findValue="mySubjectName" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
然后将服务部署到Azure。当我在Visual Studio中创建Web Service客户端时,一切正常,因此服务本身应该没有错。
创建客户端:
1(从下面的镜子中下载了孵化器Netbeans二进制文件https://www.apache.org/dyn/closer.cgi/incubator/netbeans/incubating-netbeans/incubating-11.0/incubing-netbeating-netbeans-netbeans-11.0-bin.zip
2(我解压缩了所有文件3(将JDK版本更改为1.8,如下所述:如何设置JDK NetBeans运行?4(通过孵化netbeans-11.0-bin netbeans bin bin netbeans64.exe开放NetBeans5(通过文件/新项目创建一个新的Web项目.../Java Web应用程序/。添加Glashfish服务器,选择Java EE 7 Web。然后完成。6(右键单击该项目,然后选择新/其他7(在过滤器中输入" Web Service客户端"。点击下一步。8(在WSDL URL中输入WSDL。9(点击完成。
我创建了一个新的Java类并添加了以下代码:
package MyCode;
import java.io.File;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.xml.ws.BindingProvider;
public class NewClass {
public static void main(String in[]) {
System.out.println("Start");
setTrustStoreAndKeyStores();
MyService.Service1 ss = new MyService.Service1();
MyService.IService1 port = ss.getWSHttpBindingIService1();
BindingProvider bport = (BindingProvider)port;
Map<String, Object> requestContext = bport.getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "...");
int a = port.addNumbers(2, 7);
System.out.println("Result: " + a);
}
private static void setTrustStoreAndKeyStores() {
System.setProperty("javax.net.ssl.keyStore", Credentials.keystorePath);
System.setProperty("javax.net.ssl.keyStorePassword", Credentials.keystorePassword);
System.setProperty("javax.net.ssl.trustStore", Credentials.truststorePath);
System.setProperty("javax.net.ssl.trustStorePassword", Credentials.truststorePassword);
File keystore = new File(Credentials.keystorePath);
File truststore = new File(Credentials.truststorePath);
System.out.println("Keystore exists: " + keystore.exists());
System.out.println("Truststore exists: " + truststore.exists());
PrintVariable("javax.net.ssl.trustStore");
PrintVariable("javax.net.ssl.trustStorePassword");
PrintVariable("javax.net.ssl.keyStore");
PrintVariable("javax.net.ssl.keyStorePassword");
}
private static void PrintVariable(String key) {
String value = System.getProperty(key);
if (value == null) {
System.out.println(key + " is not defined");
} else {
System.out.println(key + ": " + value);
}
}
public static class Credentials {
public static String keystorePath = "C:/temp/prxyclient.jks";
public static String keystorePassword = "password";
public static String keystoreFilename = "prxyclient.jks";
public static String keystoreType = "pkcs12";
public static String keystoreAlias = "password";
public static String truststorePath = "C:/Program Files/Java/jdk1.8.0_161/jre/lib/security/cacerts";
public static String truststorePassword = "changeit";
}
}
运行代码时,我将获得以下输出
Keystore exists: true
Truststore exists: true
javax.net.ssl.trustStore: C:/Program Files/Java/jdk1.8.0_161/jre/lib/security/cacerts
javax.net.ssl.trustStorePassword: changeit
javax.net.ssl.keyStore: C:/temp/prxyclient.jks
javax.net.ssl.keyStorePassword: password
随后发生以下错误:
maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.misc.DefaultCallbackHandler getDefaultCertificateFromTrustStore
SEVERE: WSS1511: An Error occurred while locating PEER Entity certificate in TrustStore.
maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getCertificate
SEVERE: WSS0216: An Error occurred using CallbackHandler for : EncryptionKeyCallback.AliasX509CertificateRequest
maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getCertificate
SEVERE: WSS0217: An Error occurred using CallbackHandler handle() Method.
java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultCertificateFromTrustStore(DefaultCallbackHandler.java:1356)
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:599)
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:390)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:496)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:69)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:248)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:164)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:125)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:359)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
at com.sun.xml.ws.client.Stub.process(Stub.java:433)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
at MyCode.NewClass.main(NewClass.java:32)
maj 24, 2019 3:35:15 EM com.sun.xml.wss.impl.filter.SignatureFilter process
SEVERE: WSS1413: Error extracting certificate
com.sun.xml.wss.XWSSecurityException: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:395)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:496)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:69)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:248)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:164)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:125)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:359)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
at com.sun.xml.ws.client.Stub.process(Stub.java:433)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
at MyCode.NewClass.main(NewClass.java:32)
Caused by: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultCertificateFromTrustStore(DefaultCallbackHandler.java:1356)
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:599)
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:390)
... 25 more
maj 24, 2019 3:35:15 EM com.sun.xml.wss.jaxws.impl.SecurityTubeBase secureOutboundMessage
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:502)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:69)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:248)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:164)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:125)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:359)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
at com.sun.xml.ws.client.Stub.process(Stub.java:433)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
at MyCode.NewClass.main(NewClass.java:32)
Caused by: com.sun.xml.wss.XWSSecurityException: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:395)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:496)
... 24 more
Caused by: java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultCertificateFromTrustStore(DefaultCallbackHandler.java:1356)
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:599)
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:390)
... 25 more
maj 24, 2019 3:35:15 EM com.sun.xml.wss.jaxws.impl.SecurityClientTube processClientRequestPacket
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header
at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:319)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:365)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
at com.sun.xml.ws.client.Stub.process(Stub.java:433)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
at MyCode.NewClass.main(NewClass.java:32)
Exception in thread "main" javax.xml.ws.WebServiceException: WSSTUBE0024: Error in Securing Outbound Message.
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:301)
at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:373)
at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:235)
at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:105)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:53)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:458)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:249)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:219)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
at com.sun.xml.ws.client.Stub.process(Stub.java:433)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:161)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy39.addNumbers(Unknown Source)
at MyCode.NewClass.main(NewClass.java:32)
Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security Header
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:686)
... 19 more
Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header
at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:319)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:365)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:295)
... 18 more
C:UsersjeslunAppDataLocalNetBeansCache11.0executor-snippetsrun.xml:111: The following error occurred while executing this line:
C:UsersjeslunAppDataLocalNetBeansCache11.0executor-snippetsrun.xml:94: Java returned: 1
BUILD FAILED (total time: 2 seconds)
我认为Netbeans正在使用Metro 2.0和Glashfish。错误似乎是找不到正确的证书。
以前,我尝试使用CXF和AXIS2在Eclipse中创建一个Java客户端,但可能会将其放在另一个线程中。我花了很多时间试图让这项工作并阅读很多文章,博客等。
两次更改后,我终于可以工作了。
第一件事:Netbeans有点越野车。在大量点击之后,我找到了以下内容。
1(在左侧的项目视图中,展开" Web服务参考",
2(右键单击WCF服务,然后选择"编辑Web服务属性"。
3(在"服务质量"标签下,单击说要使用默认值的框。
4(我们不想选中此框5(下载并加载到Netbeans后,我可以选择在"服务质量"下选择密钥库。
第二件事,包含WCF的服务器您需要将客户证书添加到受信任的人中:
1(单击"开始"并键入" MMC",然后输入输入。这将启动Microsoft Management Console。
2(单击文件/添加/删除快照...
3(单击左侧的证书,然后"添加>"
4(选择计算机帐户,然后选择下一个
5(选择本地计算机,然后完成
6(单击确定。
7(扩展证书(本地计算机(/可信赖的人/
8(右键单击证书(在受信任的人中(,选择所有任务/导入
9(遵循指南并导入客户证书