証明書

Question

のApache CXFは

SSLHandshakeException呼び出すhttps://fanava.shaparak.ir:443/merchantwebservice/jax/merchantAuth直面して春ブーツでHTTPS Webサービスを呼び出している間、私は次の例外を取得しています

で春ブーツでHTTPS webserivceを呼び出す方法：sun.security.validator.ValidatorException：PKIXをパスの構築に失敗しました：sun.security.provider.certpath.SunCertPathBuilderException：

要求されたターゲットへの有効な証明書パスを見つけることができません。このサービスを呼び出すために必要な設定は何ですか？

classClient：

@Configuration 
public class WSClient { 
    @Bean(name = "PaymentWebService") 
    public PaymentWebService PaymentWebServiceCLient() throws MalformedURLException { 
      JaxWsProxyFactoryBean factory; 
      factory = new JaxWsProxyFactoryBean(); 
      factory.setServiceClass(PaymentWebService.class); 
      factory.setAddress("http://localhost:8080/soap-api/merchantAuth_1.0"); 
      return (PaymentWebService) factory.create(); 
    } 
} 

Answer 1

1.必要な証明書webservice。

2.この証明書でキーストアを作成します。キーストアと

3.sslの設定クライアント：

@Configuration 
public class WebServiceClient { 

@Inject 
private PaymentProperties paymentProperties; 

@Autowired 
private ResourceLoader resourceLoader; 

@Bean(name = "PaymentWebService") 
public PaymentWebService PaymentWebServiceCLient() throws MalformedURLException { 

    JaxWsProxyFactoryBean factory; 
    factory = new JaxWsProxyFactoryBean(); 
    factory.setServiceClass(PaymentWebService.class); 
    // factory.setAddress("http://localhost:8080/ws/merchantAuth_1.0"); 
    factory.setAddress(paymentProperties.getWsPublicUrl()); 

    PaymentWebService service = (PaymentWebService) factory.create(); 
    try { 
     final Client client = ClientProxy.getClient(service); 
     setupSsl((HTTPConduit) ClientProxy.getClient(service).getConduit()); 
    } catch (Exception e) { 
    } 
    return service; 
} 

private void setupSsl(HTTPConduit httpConduit) throws Exception { 

    final TLSClientParameters tlsCP = new TLSClientParameters(); 

    final String keyStoreLoc = paymentProperties.getSsl().getKeyStore(); 
    final String keyPassword = paymentProperties.getSsl().getKeyStorePassword(); 
    final String keystoreType = paymentProperties.getSsl().getKeyStoreType(); 

    final KeyStore keyStore = KeyStore.getInstance(keystoreType); 
    Resource resource1 = resourceLoader.getResource(keyStoreLoc); 
    keyStore.load(resource1.getInputStream(), keyPassword.toCharArray()); 
    final KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword); 
    tlsCP.setKeyManagers(myKeyManagers); 

    final String trustStoreLoc = paymentProperties.getSsl().getTrustStore(); 
    final String trustStorePassword = paymentProperties.getSsl().getTrustStorePassword(); 
    final String trustStoreType = paymentProperties.getSsl().getTrustStoreType(); 

    final KeyStore trustStore = KeyStore.getInstance(trustStoreType); 
    Resource resource2 = resourceLoader.getResource(trustStoreLoc); 
    trustStore.load(resource2.getInputStream(), trustStorePassword.toCharArray()); 
    final TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore); 
    tlsCP.setTrustManagers(myTrustStoreKeyManagers); 

    httpConduit.setTlsClientParameters(tlsCP); 
} 

private static TrustManager[] getTrustManagers(KeyStore trustStore) 
     throws NoSuchAlgorithmException, KeyStoreException { 
    String alg = KeyManagerFactory.getDefaultAlgorithm(); 
    TrustManagerFactory fac = TrustManagerFactory.getInstance(alg); 
    fac.init(trustStore); 
    return fac.getTrustManagers(); 
} 

private static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword) 
     throws GeneralSecurityException, IOException { 
    String alg = KeyManagerFactory.getDefaultAlgorithm(); 
    char[] keyPass = keyPassword != null ? keyPassword.toCharArray() : null; 
    KeyManagerFactory fac = KeyManagerFactory.getInstance(alg); 
    fac.init(keyStore, keyPass); 
    return fac.getKeyManagers(); 
} 
} 

Answer 2

ウェブサイトのルート証明書は、JVMのトラストストアにありません。したがって、ルート証明書を<path_to>/jre/lib/security/cacertsにインポートすると、あなたは問題ないと思います。