ssl handShake failure soap

Question

ssl v3으로 보안 된 cxf를 통해 비누 서비스를 사용하고 있습니다. 나는 서버에서 한 .cer 파일을 다운로드하고이 명령으로 키 도구를 통해 JKS 파일을 만듭니다

keytool -import -v -file iban.cer -keystore iban.jks 

내가 클라이언트 설정이 코드를 사용 자바 코드에서 :

public void configureSSLOnTheClient(Object c) { 

     org.apache.cxf.endpoint.Client client = ClientProxy.getClient(c); 
     HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); 
     File truststore = new File("jks/iban.jks");     

     try { 
      TLSClientParameters tlsParams = new TLSClientParameters(); 
      tlsParams.setDisableCNCheck(true); 


      KeyStore keyStore = KeyStore.getInstance("JKS"); 
      String trustpass = "password"; 

      keyStore.load(new FileInputStream(truststore), trustpass.toCharArray()); 

      log.info("Trust Manager Type:"+TrustManagerFactory.getDefaultAlgorithm()); 
      TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 

      trustFactory.init(keyStore); 
      TrustManager[] tm = trustFactory.getTrustManagers(); 
      tlsParams.setTrustManagers(tm); 

      keyStore.load(new FileInputStream(truststore), trustpass.toCharArray()); 

      KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 

      keyFactory.init(keyStore, trustpass.toCharArray()); 
      KeyManager[] km = keyFactory.getKeyManagers(); 
      tlsParams.setKeyManagers(km); 


      FiltersType filter = new FiltersType(); 
      filter.getInclude().add(".*_EXPORT_.*"); 
      filter.getInclude().add(".*_EXPORT1024_.*"); 
      filter.getInclude().add(".*_WITH_DES_.*"); 
      filter.getInclude().add(".*_WITH_NULL_.*"); 
      filter.getExclude().add(".*_DH_anon_.*"); 
      tlsParams.setCipherSuitesFilter(filter); 

      httpConduit.setTlsClientParameters(tlsParams); 

     } catch (KeyStoreException kse) { 
      log.info("Security configuration failed with the following: KeyStoreException " + kse.getCause()); 
      kse.printStackTrace(); 
     } catch (NoSuchAlgorithmException nsa) { 
      log.info("Security configuration failed with the following: NoSuchAlgorithmException" + nsa.getCause()); 
      nsa.printStackTrace(); 
     } catch (FileNotFoundException fnfe) { 
      log.info("Security configuration failed with the following: FileNotFoundException" + fnfe.getCause()); 
     } catch (UnrecoverableKeyException uke) { 
      log.info("Security configuration failed with the following: UnrecoverableKeyException" + uke.getCause()); 
     } catch (CertificateException ce) { 
      log.info("Security configuration failed with the following: CertificateException" + ce.getCause()); 
     } catch (GeneralSecurityException gse) { 
      log.info("Security configuration failed with the following: GeneralSecurityException" + gse.getCause()); 
     } catch (IOException ioe) { 
      log.info("Security configuration failed with the following: IOException" + ioe.getCause()); 
     } 

    } 

을 그리고이 코드 서비스를 호출하기위한 : 내가 코드를 실행하는 경우

String address = "https://xxxxxxxxxx/IBANSpecEnquiry/IBANSpec?wsdl"; 
    JaxWsProxyFactoryBean proxyFactory = new JaxWsProxyFactoryBean(); 
    proxyFactory.setServiceClass(IBANEnquirySpec.class); 
    proxyFactory.setAddress(address); 

    IBANEnquirySpec client = (IBANEnquirySpec) proxyFactory.create(); 
    configureSSLOnTheClient(client); 
    Message04 message04 = client.getIBANSpec(message01); 

이 오류가 occures :

Interceptor for {http://WebServices/}IBANEnquirySpecService#{http://WebServices/}getIBANSpec has thrown exception, unwinding now 
org.apache.cxf.interceptor.Fault: Could not send Message. 
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingIntercept or.handleMessage(MessageSenderInterceptor.java:64) 
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) 
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570) 
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479) 
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382) 
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335) 
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) 
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:136) 
at com.sun.proxy.$Proxy143.getIBANSpec(Unknown Source) 
at ir.tejaratBank.service.impl.IBANClientManagerImpl.getIBANSpec(IBANClientManagerImpl.java:259) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
at java.lang.reflect.Method.invoke(Unknown Source) 
. 
. 
. 
. 
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://192.168.65.118:443/IBANSpecEnquiry/IBANSpec?wsdl: Received fatal alert: handshake_failure 
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) 
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) 
at java.lang.reflect.Constructor.newInstance(Unknown Source) 
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1347) 
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1331) 
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) 
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632) 
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) 
... 128 more 
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) 
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) 
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) 
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) 
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source) 
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) 
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source) 
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:174) 
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1290) 
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1246) 
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201) 
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47) 
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69) 
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1303) 
... 131 more 

이 오류를 검색해 본 결과 잘못된 trustStore에 대한 오류임을 확인했습니다. 하지만 정확한 trustStore를 생성하는 방법을 모르겠습니다.

keytool -import -alias youralias -file [path to certificate]/iban.cer -keystore [path to truststore.jks]/truststore.jks -storetype JKS 

하지만 더 좋을 것입니다 무슨이 SSL 구성을 모두 사용되지 않으며, 대신 자바의 cacerts 신뢰 저장소는이를 사용하여 인증서를 가져옵니다

Answer 1

신뢰 저장소를 생성하려면 다음을 사용하십시오 :

keytool -import -v -file iban.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -alias youralias 

Answer 2

오류가 항상 트러스트 스토어 문제를 나타내는 것은 아닙니다. Java 8을 사용하는 경우 POODLE 공격을 피하기 위해 SSLv3을 사용하지 못할 수 있습니다. How to enable SSL 3 in Java