从worklight加载特定于Java的证书
从worklight加载特定于Java的证书
提问于 2015-09-02 18:17:54
我有一个worklight项目,它有一个适配器,它连接到服务以获取响应。
它使用我们为项目创建的worklight密钥存储库,它具有连接到后端(cert名称:*.company.com)所需的证书,密钥存储库(myproject.p12)中包含证书:
ssl.keystore.path = /was85/.../myproject.p12.
ssl.keystore.pass = Pass
ssl.keytore.type = PKCS12一旦我从适配器获得响应,在其中我就有了URI,我需要使用它从web服务获取图像并将其转换为base64。
我使用自定义Java代码来完成这一任务:
package com.company.myProject;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.MalformedInputException;
import java.security.Security;
import java.util.logging.Logger;
public class ImageEncoder {
public final static Logger logger = Logger.getLogger(ImageEncoder.class.getName());
public static String getImage(String imageUrl)
throws MalformedURLException, IOException {
String imageDataString = "";
URL url = null;
URLConnection con = null;
try {
url = new URL(imageUrl);
logger.info("url "+url);
con = url.openConnection();
logger.info("con "+con);
InputStream input = con.getInputStream();
logger.info("input " + input);
byte[] bytes = org.apache.commons.io.IOUtils.toByteArray(input);
logger.info("bytes " + bytes);
input.close();
imageDataString = encodeImage(bytes);
logger.info("imageDataString " + imageDataString);
return imageDataString;
} catch (MalformedInputException malformedInputException) {
malformedInputException.printStackTrace();
imageDataString = malformedInputException.toString();
logger.info("MalformedInputException malformedInputException " + imageDataString);
return ("exception while reading the imag <" + imageDataString + ">");
} catch (IOException ioException) {
ioException.printStackTrace();
imageDataString = ioException.toString();
logger.info("IOException ioException " + imageDataString);
return ("exception while reading the imag <" + imageDataString + ">");
}
}
public static String encodeImage(byte[] imageData) {
// TODO Auto-generated method stub
org.apache.commons.codec.binary.Base64 base = new org.apache.commons.codec.binary.Base64(
false);
return base.encodeToString(imageData);
// return
// org.apache.commons.codec.binary.Base64.encodeBase64URLSafeString(imageData);
}
}但是,Java代码一旦打开了它抱怨的证书(*.company.com)连接,并给出了这个错误:
The signer may need to be added to local trust store "/was85/profiles/node1/config/cells/cell_was/ecommerce_trust.p12" located in SSL configuration alias "DefaultSystemProperties" loaded from SSL configuration file "System Properties". The extended error message from the SSL handshake exception is: "PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error".在调查之后,它正在检查JVM信任存储,而不是我们的项目信任存储。
为了解决这个问题,我有三个选择:
- 将根证书(即(AddTrust) )添加到myProject.p12中,而不是添加不被接受的叶证书(*.company.com)。
- 将叶证书(*.company.com)添加到JVM (ecommerce_trust.p12)中,这是不可接受的,因为我们在同一个JVM上运行了另一个应用程序,它将获得对叶证书的访问。
- 在我的java代码中创建一个trustManager,以获得项目p12,而不是JVM --其中包含以下代码: 尝试{ url =null(ImageUrl);logger.info("url "+url);KeyStore trustStore = KeyStore.getInstance("PKCS12");trustStore.load(新的"Pass".toCharArray());TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());tmf.init(trustStore);TrustManager[] tms = tmf.getTrustManagers();SSLContext sslContext = null;HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());sslContext = SSLContext.getInstance("SSL");sslContext.init(null,tms,新SecureRandom());HttpsURLConnection con = (HttpsURLConnection)url.openConnection();logger.info(“con”+con);//con.setSSLSocketFactory(sslFactory);InputStream input = con.getInputStream();logger.info("input“+ input);org.apache.commons.io.IOUtils.toByteArray(input);字节= byte[] logger.info(“字节”+字节);input.close();imageDataString =encodeImage(字节);logger.info("imageDataString“+ imageDataString);//返回imageDataString;} catch (MalformedInputException malformedInputException) { malformedInputException.printStackTrace();imageDataString = malformedInputException.toString();logger.info("MalformedInputException malformedInputException”+ imageDataString);返回(“读取imag <”+ imageDataString +“>”时的异常);} catch (IOException ioException) { ioException.printStackTrace();imageDataString = ioException.toString();logger.info("IOException ioException“+ imageDataString);返回(”读取imag <+ imageDataString +>时的异常“);} catch (KeyStoreException keyStoreException) { // TODO自动生成的catch块keyStoreException.printStackTrace();imageDataString = keyStoreException.toString();logger.info("keyStoreException“+ imageDataString);} catch (NoSuchAlgorithmException noSuchAlgorithmException) { // TODO自动生成的渔获物块noSuchAlgorithmException.printStackTrace();imageDataString = noSuchAlgorithmException.toString();logger.info("noSuchAlgorithmException”+ imageDataString);} catch (CertificateException certificateExceptione) { // TODO自动生成的渔获物块certificateExceptione.printStackTrace();imageDataString = certificateExceptione.toString();logger.info(“certificateExceptione.toString”+ imageDataString);} catch (KeyManagementException keyManagementException) { // TODO自动生成的catch块keyManagementException.printStackTrace();imageDataString = keyManagementException.toString();logger.info("keyManagementException“+ imageDataString);}返回imageDataString; }
这是不起作用的,我得到了这个错误:
[9/2/15 13:40:09:512 EDT] 0000021d ImageEncoder I >>>>>>>>>>>>>>>trustStore loaded <<<<<<<<<<java.security.KeyStore@f1c4b946
[9/2/15 13:40:09:512 EDT] 0000021d ImageEncoder I >>>>>>>>>>>>>>>tmf init <<<<<<<<<<javax.net.ssl.TrustManagerFactory@4d3fb9ab
[9/2/15 13:40:09:513 EDT] 0000021d ImageEncoder I >>>>>>>>>>>>>>>tms init <<<<<<<<<<[Ljavax.net.ssl.TrustManager;@c76fa980
[9/2/15 13:40:09:513 EDT] 0000021d ImageEncoder I >>>>>>>>>>>>>>>sslContext <<<<<<<<<<
[9/2/15 13:40:09:570 EDT] 0000021d ImageEncoder I con com.ibm.net.ssl.www2.protocol.https.e:https://domain.company.com/wps/wcm/connect/e77f32e8-906f-445f-b198-e3b77cb0e786/logo90x40.gif?MOD=AJPERES&CACHEID=e77f32e8-906f-445f-b198-e3b77cb0e786
[9/2/15 13:40:09:676 EDT] 0000021d ImageEncoder I IOException ioException javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failureStack Overflow用户
发布于 2015-09-03 08:02:29
Worklight服务器使用由"ssl.keystore.*“定义的密钥库在适配器的XML文件中配置的适配器和后端服务器之间创建SSL连接,因此,如果您有带有自己连接的自定义java代码,则应该像在上面的示例中所做的那样设置自己的SSL上下文。这是正确的方法。错误的原因可能是密钥库"/was85/resources/security/ecommerce_gr_mobile.p12“不包含映像服务器的证书。我建议创建单独的kestore,并从适配器的java代码中使用它。将您希望从适配器的java代码中访问到的服务器的所有证书都放入其中。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/32360422
复制相关文章
相似问题
腾讯云开发者
