3
回答
使用axis2与rempart做websercvie安全加密,出现如下错误:
华为云实践训练营,热门技术免费实践!>>>   

rempart配置方法参考该文章

http://blog.csdn.net/youanyyou/archive/2010/06/03/5645343.aspx

证书库使用的是rempart的sample里带的service.jks和client.jks

客户端调用时出现如下错误:

 

Exception in thread "main" org.apache.axis2.AxisFault: WSDoAllReceiver: The certificate used for the signature is not trusted

at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:435)

at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:371)

at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)

at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)

at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:540)

at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:521)

at com.neusoft.wss4j.rempart.demo.client.Client.main(Client.java:32)

本人通过TCPMon截取报文如下:
发送报文:
POST /axis2/services/wsc?wsdl HTTP/1.1
Content-Type: text/xml; charset=UTF-8
SOAPAction: "urn:echo"
User-Agent: Axis2
Host: 127.0.0.1:8081
Transfer-Encoding: chunked

bd4
<?xml version='1.0' encoding='UTF-8'?>
   <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
         <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
            <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-C24FE1B50BF5A2A8CF12872982481761">MIIBTTCB+KADAgECAgRMt9/6MA0GCSqGSIb3DQEBBQUAMC4xCzAJBgNVBAYTAmNuMQ4wDAYDVQQKEwVxaW5hbjEPMA0GA1UEAxMGY2xpZW50MB4XDTEwMTAxNTA1MDA0MloXDTExMDExMzA1MDA0MlowLjELMAkGA1UEBhMCY24xDjAMBgNVBAoTBXFpbmFuMQ8wDQYDVQQDEwZjbGllbnQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAi2ILVM38EaOpQbA6WXmVAPQU7Pg5X5Xb1gmz/IfVG3bsfrl11E9ncfreqJ3hrYhIMFP9N58Ijbrb3ffdEyohNQIDAQABMA0GCSqGSIb3DQEBBQUAA0EAOpuhR8fDjYqPaxqP0CW4qoeKKYB2tJZ/Gw95NTBwkMg5TPh8hILaGbCZWTdi20gsX8C5HymxIN1ovqO+1yjsqQ==</wsse:BinarySecurityToken>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">
               <ds:SignedInfo>
                  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                  <ds:Reference URI="#id-3">
                     <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                     </ds:Transforms>
                     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                     <ds:DigestValue>R47tHJKV+Ruweb0Q+sLirsI2Oik=</ds:DigestValue>
                  </ds:Reference>
               </ds:SignedInfo>
               <ds:SignatureValue>PVIykb1sJ+xnDnDnKUDtiphtClJ2b3xlU2HZ9hUfwnMakdma8FsS7OMqlztBZ/5+4P0j3X1GwA0g4KFjjdLr9g==</ds:SignatureValue>
               <ds:KeyInfo Id="KeyId-C24FE1B50BF5A2A8CF12872982481842">
                  <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-C24FE1B50BF5A2A8CF12872982481863">
                     <wsse:Reference URI="#CertId-C24FE1B50BF5A2A8CF12872982481761" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
                  </wsse:SecurityTokenReference>
               </ds:KeyInfo>
            </ds:Signature>
            <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
               <wsu:Created>2010-10-17T06:50:48.165Z</wsu:Created>
               <wsu:Expires>2010-10-17T06:55:48.165Z</wsu:Expires>
            </wsu:Timestamp>
         </wsse:Security>
         <wsa:To>http://127.0.0.1:8081/axis2/services/wsc?wsdl</wsa:To>
         <wsa:MessageID>urn:uuid:1F2C096A92487A2A821287298247312</wsa:MessageID>
         <wsa:Action>urn:echo</wsa:Action>
      </soapenv:Header>
      <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3">
         <ns1:echo xmlns:ns1="http://services.demo.rempart.wss4j.neusoft.com">
            <param0>(*^__^*) 嘻嘻……</param0>
         </ns1:echo>
      </soapenv:Body>
   </soapenv:Envelope>0
返回报文:
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Date: Sun, 17 Oct 2010 06:50:48 GMT
Connection: close

232
<?xml version='1.0' encoding='UTF-8'?>
   <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
         <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action>
         <wsa:RelatesTo>urn:uuid:1F2C096A92487A2A821287298247312</wsa:RelatesTo>
      </soapenv:Header>
      <soapenv:Body>
         <soapenv:Fault>
            <faultcode>soapenv:Server</faultcode>
            <faultstring>WSDoAllReceiver: The certificate used for the signature is not trusted</faultstring>
            <detail />
         </soapenv:Fault>
      </soapenv:Body>
   </soapenv:Envelope>
0

请教一下熟悉webservcie加密的朋友,“签名的证书不被信任”的提示,是我少配置了什么了?还是该证书有问题

举报
Elvis.Xiong
发帖于7年前 3回/771阅
顶部