1、javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
使用localhost作为域名,SSL校验时报错,允许localhost认证,加入以下静态代码块:
static {
//for localhost testing only
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
new javax.net.ssl.HostnameVerifier(){
public boolean verify(String hostname,
javax.net.ssl.SSLSession sslSession) {
if (hostname.equals("localhost")) {
return true;
}
return false;
}
});
}
参考:
https://www.mkyong.com/webservices/jax-ws/java-security-cert-certificateexception-no-name-matching-localhost-found/
2、Caused by: java.net.SocketException: Unexpected end of file from server
由于JWS服务使用https协议,但是客户端调用时使用时,URL中配置的非https协议,服务器端没响应任何数据,而是直接和客户端进行挥手,服务器端主动断开链接。
解决:URL的链接使用https
3、Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
代码方式:客户端无法校验单向的https服务器安全性,需要客户端主动设置服务器端https校验的keystore.
public static void loadTrustStore() {
System.setProperty("javax.net.ssl.trustStore", "E:/client.keystore"); //(truststore)
System.setProperty("javax.net.ssl.trustStorePassword", "12345678"); //(truststore 密码 )
System.setProperty("javax.net.ssl.trustStoreType", "JKS"); //(truststore 类型 )
}
命令行方式:WsImport导出客户端wsdl
java -classpath "E:\programs\java\jdk1.8.0_151\lib\tools.jar" -Djavax.net.ssl.trustStore="E:/client.keystore
" -Djavax.net.ssl.trustStorePassword=12345678 com.sun.tools.internal.ws.WsImport https://localhost:9090/service/sayHi
?wsdl -s . -p com.shu.jwsclient.say -XdisableSSLHostnameVerification
参考:https://stackoverflow.com/questions/36316716/wsimport-unable-to-find-imported-certificate
示例:客户端调用https服务器的jws服务:
package com.shu.jwsclient.say;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.GregorianCalendar;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import javax.xml.ws.Service;
/**
* 客户端调用服务器端方法
*
* @author: jiangshubian
* @Description:
* @Date: Create in 2018-01-14 15:26
* @Version: 1.0.0
*/
public class JWSClientInvoker {
static {
//for localhost testing only
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
new javax.net.ssl.HostnameVerifier(){
public boolean verify(String hostname,
javax.net.ssl.SSLSession sslSession) {
if ("localhost".equals(hostname)) {
return true;
}
return false;
}
});
}
public static void main(String[] args) throws DatatypeConfigurationException {
loadTrustStore();
// runerTest();
runnerWithoutWSFile();
}
private static void runerTest() throws DatatypeConfigurationException {
SayHiService sayHiService = new SayHiServiceImpService().getSayHiServiceImpPort();
//invoke sayNothing method
sayHiService.sayNothing();
//invoke saySomething method
sayHiService.saySomething("Something...");
//invoke checkTime method
GregorianCalendar calender = new GregorianCalendar();
calender.setTime(new java.util.Date(System.currentTimeMillis()));
XMLGregorianCalendar xmldate = DatatypeFactory.newInstance().newXMLGregorianCalendar(calender);
System.out.println(sayHiService.checkTime(xmldate));
}
private static void runnerWithoutWSFile() {
URL url = null;
try {
url = new URL("https://localhost:9090/service/sayHi?wsdl");
} catch (MalformedURLException e) {
e.printStackTrace();
}
QName qname = new QName("http://say.jws.shu.com/", "SayHiServiceImpService");
Service service = Service.create(url, qname);
SayHiService sayHi = service.getPort(SayHiService.class);
sayHi.sayNothing();
sayHi.saySomething("runnerWithoutWSFile");
}
public static void loadTrustStore() {
System.setProperty("javax.net.ssl.trustStore", "E:/client.keystore"); //(truststore)
System.setProperty("javax.net.ssl.trustStorePassword", "12345678"); //(truststore 密码 )
System.setProperty("javax.net.ssl.trustStoreType", "JKS"); //(truststore 类型 )
}
}