我有一个来自供应商的示例命令行java应用程序; 它取决于SSL身份验证.我有供应商的证书,我可以在我的java 7 cacerts文件中看到它们(windows,c:\ program files\java\jdk1.7.0_07\jre\lib\security\cacerts).如果我打开java 8 cacerts文件,它们就不存在了(c:\ program files\java\jre1.8.0_66\lib\security\cacerts)
如果我设置一个路径,以便java 8是第一个,程序就可以工作.如果我更改路径以便首先使用java 7,则程序将失败并出现认证错误:
C:\project\tryCerts\Demo2>path=c:\program files\java\jdk1.7.0_07\bin;c:\program files\java\jre1.8.0_66\bin C:\project\tryCerts\Demo2>java -jar vendorCmd.jar user1 password2 environment3 Dec 22, 2015 11:11:35 AM [com.sun.xml.ws.policy.jaxws.PolicyConfigParser] parse INFO: WSP5018: Loaded WSIT configuration from file: jar:file:/C:/project/tryCerts/Demo2/vendorCmd/dist/vendorCmd.jar!/META-INF/wsit-client.xml. Unable to log in: com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.Va lidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to re quested target C:\project\tryCerts\Demo2>path=c:\program files\java\jre1.8.0_66\bin;c:\program files\java\jdk1.7.0_07\bin C:\project\tryCerts\Demo2>java -jar vendorCmd.jar acc03\acc03_ws_user accwbS3rv!ceS acc03_p_production Dec 22, 2015 11:21:34 AM [com.sun.xml.ws.policy.jaxws.PolicyConfigParser] parse INFO: WSP5018: Loaded WSIT configuration from file: jar:file:/C:/project/tryCerts/Demo2/vendorCmd/dist/vendorCmd.jar!/META-INF/wsit-client.xml. logged in Dec 22, 2015 11:21:35 AM [com.sun.xml.ws.policy.jaxws.PolicyConfigParser] parse INFO: WSP5018: Loaded WSIT configuration from file: jar:file:/C:/project/tryCerts/Demo2/vendorCmd/dist/vendorCmd.jar!/META-INF/wsit-client.xml. Signed Info:org.jcp.xml.dsig.internal.dom.DOMSignedInfo@3f071328 AccountNumber: 279105/ Firstname: null/ LastName: null AccountNumber: 1005118/ Firstname: null/ LastName: COMPANY1 AccountNumber: 2102765/ Firstname: null/ LastName: COMPANY2 AccountNumber: 2101373/ Firstname: null/ LastName: COMPANY3 AccountNumber: 2119664/ Firstname: null/ LastName: COMPANY4 AccountNumber: 2119668/ Firstname: null/ LastName: ET CETERA C:\project\tryCerts\Demo2>dir/s cacerts Volume in drive C is OS Volume Serial Number is 9896-211D File Not Found C:\project\tryCerts\Demo2>
这与我期望的完全相反 - 它是具有供应商证书链的java 7文件夹中的cacerts文件,以及没有它的java 8.然而,在Java 7上运行程序失败并出现认证错误,并且运行8次成功.
任何人都可以告诉我应该寻找什么解释这个?
要确定正在使用的信任存储,而不必使用像strace(linux)和process explorer(windows)这样的工具,可以将调试标志传递-Djavax.net.debug=ssl给java命令行,该命令行将转储所有与ssl相关的调试信息(我all在原文中提到)评论,但这会给输出增加更多噪音):
java -Djavax.net.debug=ssl -jar vendorCmd.jar user1 password2 environment3
在调试输出的前10行中,将是一行:
trustStore is:cacerts
这表示正在使用的信任存储.
通过该=ssl选项,它还会转储所有可信的证书,这些证书将被添加到JVM认为可信的证书列表中.这可用于验证您认为在信任库中的证书是否实际位于信任库中 - 在这种情况下,您应该能够在列表中看到供应商的证书.
JSSE参考指南中详细介绍了javax.net.debug的调试选项的完整列表.
京公网安备 11010802040832号 | 京ICP备19059560号-6 