TRAC相关的资料总结



1、追加用户的权限

 

在用户的界面内追加一个用户，该用户为一个普通用户，如果用plugin连接是不可以的。

 

Java api连接会报错org.apache.xmlrpc.XmlRpcException: XML_RPC privileges are required to perform this operation. You don'thave the required permissions.

 

解决：在权限界面内对该用户进行付权处理，权限为TRAC_ADMIN即可！

 

2、HTTPS的配置

 

参照文章http://blog.csdn.net/haohaodigua/article/details/18073481

 

访问地址https://hostname:443/trac hostname尽量与证书的CN一致

 

3、HTTPS問題（证书CN不一致）

 

通过Java api使用HTTPS协议连接TRAC的时候报如下的错误

org.apache.xmlrpc.XmlRpcException: Failed to read servers response:java.security.cert.CertificateException: No subject alternative names present

 

说明生成证书的CN即Common Name一项，与访问的URL里面的HostName不一致。

 

解决：尽量不要写IP地址，可以写机器名等，然后访问的URL中https://机器名/trac/project

 

4、HTTPS問題（服务器证书认证不可）

 

通过Java api使用HTTPS协议连接TRAC的时候报如下的错误

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

这个错误是由于客户端没有信任服务端的证书造成。

 

解决：再代码开始位置将证书设置为信任。调用一次trustAllHttpsCertificates()  方法。

    private static void trustAllHttpsCertificates() throws Exception {

        final javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
        final javax.net.ssl.TrustManager tm = new CustomTrustManager();
        trustAllCerts[0] = tm;
        final javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance( "SSL" );
        sc.init( null, trustAllCerts, null );
        javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory( sc.getSocketFactory() );
    }

    static class CustomTrustManager implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {

        @Override
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {

            return null;
        }
        /**
         * @param certs
         * @return boolean
         */
        public boolean isServerTrusted( final java.security.cert.X509Certificate[] certs ) {

            return true;
        }
        /**
         * @param certs
         * @return boolean
         */
        public boolean isClientTrusted( final java.security.cert.X509Certificate[] certs ) {

            return true;
        }
        @Override
        public void checkServerTrusted( final java.security.cert.X509Certificate[] certs, final String authType ) throws java.security.cert.CertificateException {

            return;
        }
        @Override
        public void checkClientTrusted( final java.security.cert.X509Certificate[] certs, final String authType ) throws java.security.cert.CertificateException {

            return;
        }
    }

    也可以在每个客户端生成一个证书信任， 如下：

在执行webservice的过程中，出现如下异常：

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

这是缺少安全证书时出现的异常，解决方案就是将你要访问的webservice的安全认证证书导入到客户端即可。以下是获取安全证书的一种方法

1，写一个程序专门获取安全证书，参考InstallCert.java

2.执行 java InstallCert hostname 比如

java InstallCert 192.168.1.137：8443

会看到如下信息：

java InstallCert ecc.fedora.redhat.com
Loading KeyStore /usr/jdk/instances/jdk1.5.0/jre/lib/security/cacerts...
Opening connection to ecc.fedora.redhat.com:443...
Starting SSL handshake...

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
at InstallCert.main(InstallCert.java:63)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)
... 7 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 13 more

Server sent 2 certificate(s):

1 Subject CN=ecc.fedora.redhat.com, O=example.com, C=US
   Issuer CN=Certificate Shack, O=example.com, C=US
   sha1    2e 7f 76 9b 52 91 09 2e 5d 8f 6b 61 39 2d 5e 06 e4 d8 e9 c7
   md5     dd d1 a8 03 d7 6c 4b 11 a7 3d 74 28 89 d0 67 54

2 Subject CN=Certificate Shack, O=example.com, C=US
   Issuer CN=Certificate Shack, O=example.com, C=US
   sha1    fb 58 a7 03 c4 4e 3b 0e e3 2c 40 2f 87 64 13 4d df e1 a1 a6
   md5     72 a0 95 43 7e 41 88 18 ae 2f 6d 98 01 2c 89 68

Enter certificate to add to trusted keystore or 'q' to quit: [1]
3.输入1，然后直接回车，会在相应的目录下产生一个名为‘jssecacerts’的证书。将证书copy到$JAVA_HOME/jre/lib/security目录下，或者通过以下方式

System.setProperty("javax.net.ssl.trustStore", "D:\\UTA\\DOC_E_Health_XML\\Keystore\\jssecacerts

package mm.eclipse.trac.xmlrpc;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class InstallCert {
    public static void main( String[] args ) throws Exception {
        args = new String[] { "hostname:443" };
        String host;
        int port;
        char[] passphrase;
        if ( ( args.length == 1 ) || ( args.length == 2 ) ) {
            final String[] c = args[0].split( ":" );
            host = c[0];
            port = ( c.length == 1 ) ? 443 : Integer.parseInt( c[1] );
            final String p = ( args.length == 1 ) ? "changeit" : args[1];
            passphrase = p.toCharArray();
        } else {
            System.out.println( "Usage: java InstallCert <host>[:port] [passphrase]" );
            return;
        }
        File file = new File( "jssecacerts" );
        if ( file.isFile() == false ) {
            final char SEP = File.separatorChar;
            final File dir = new File( System.getProperty( "java.home" ) + SEP
            + "lib" + SEP + "security" );
            file = new File( dir, "jssecacerts" );
            if ( file.isFile() == false ) {

                file = new File( dir, "cacerts" );
            }
        }
        System.out.println( "Loading KeyStore " + file + "..." );
        final InputStream in = new FileInputStream( file );
        final KeyStore ks = KeyStore.getInstance( KeyStore.getDefaultType() );
        ks.load( in, passphrase );
        in.close();
        final SSLContext context = SSLContext.getInstance( "TLS" );
        final TrustManagerFactory tmf =
        TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
        tmf.init( ks );
        final X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
        final SavingTrustManager tm = new SavingTrustManager( defaultTrustManager );
        context.init( null, new TrustManager[] { tm }, null );
        final SSLSocketFactory factory = context.getSocketFactory();
        System.out.println( "Opening connection to " + host + ":" + port + "..." );
        final SSLSocket socket = (SSLSocket) factory.createSocket( host, port );
        socket.setSoTimeout( 10000 );
        try {
            System.out.println( "Starting SSL handshake..." );
            socket.startHandshake();
            socket.close();
            System.out.println();
            System.out.println( "No errors, certificate is already trusted" );
        } catch ( final SSLException e ) {
            System.out.println();
            e.printStackTrace( System.out );
        }
        final X509Certificate[] chain = tm.chain;
        if ( chain == null ) {
            System.out.println( "Could not obtain server certificate chain" );
            return;
        }
        final BufferedReader reader =
        new BufferedReader( new InputStreamReader( System.in ) );
        System.out.println();
        System.out.println( "Server sent " + chain.length + " certificate(s):" );
        System.out.println();
        final MessageDigest sha1 = MessageDigest.getInstance( "SHA1" );
        final MessageDigest md5 = MessageDigest.getInstance( "MD5" );
        for ( int i = 0; i < chain.length; i++ ) {
            final X509Certificate cert = chain[i];
            System.out.println
            ( " " + ( i + 1 ) + " Subject " + cert.getSubjectDN() );
            System.out.println( "   Issuer  " + cert.getIssuerDN() );
            sha1.update( cert.getEncoded() );
            System.out.println( "   sha1    " + toHexString( sha1.digest() ) );
            md5.update( cert.getEncoded() );
            System.out.println( "   md5     " + toHexString( md5.digest() ) );
            System.out.println();
        }
        System.out.println( "Enter certificate to add to trusted keystore or 'q' to quit: [1]" );
        final String line = reader.readLine().trim();
        int k;
        try {
            k = ( line.length() == 0 ) ? 0 : Integer.parseInt( line ) - 1;
        } catch ( final NumberFormatException e ) {
            System.out.println( "KeyStore not changed" );
            return;
        }
        final X509Certificate cert = chain[k];
        final String alias = host + "-" + ( k + 1 );
        ks.setCertificateEntry( alias, cert );
        final OutputStream out = new FileOutputStream( "jssecacerts" );
        ks.store( out, passphrase );
        out.close();
        System.out.println();
        System.out.println( cert );
        System.out.println();
        System.out.println
        ( "Added certificate to keystore 'jssecacerts' using alias '"
        + alias + "'" );
    }
    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
    private static String toHexString( final byte[] bytes ) {
        final StringBuilder sb = new StringBuilder( bytes.length * 3 );
        for ( int b : bytes ) {
            b &= 0xff;
            sb.append( HEXDIGITS[b >> 4] );
            sb.append( HEXDIGITS[b & 15] );
            sb.append( ' ' );
        }
        return sb.toString();
    }
    private static class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;
        SavingTrustManager( final X509TrustManager tm ) {
            this.tm = tm;
        }
        @Override
        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }
        @Override
        public void checkClientTrusted( final X509Certificate[] chain, final String authType )
        throws CertificateException {
            throw new UnsupportedOperationException();
        }
        @Override
        public void checkServerTrusted( final X509Certificate[] chain, final String authType )
        throws CertificateException {
            this.chain = chain;
            tm.checkServerTrusted( chain, authType );
        }
    }
}

5、