gSOAP客户端和Java Web服务之间通过HTTPS进行的通信 [英] Communication between gSOAP client and Java webservice over HTTPS
问题描述
我正在开发一个客户端服务器对,其中服务器基于Java,而客户端则基于C ++(gSOAP).使用HTTP可以完美地进行通信.现在,我想基于HTTPS实现加密的通信.
I'm developing a client server pair, where the server is based on Java, and the client is based on C++ (gSOAP). The communication works perfectly with using HTTP. Now I want to implement an encrypted communication based on HTTPS.
因此,我遵循了gSOAP教程
Therefore I followed the gSOAP tutorial on
https://www.genivia.com/tutorials.html#cert
要创建自签名证书:一个用于客户端,一个用于Web服务.
To create self signed certificates: one for the client, one for the webservice.
然后,我使用OpenSSL转换了.pem文件,如下所示:
Then I converted the .pem files using OpenSSL as you find here:
openssl pkcs12 -export -in Servicecert.pem -inkey Servicekey.pem -certfile cacert.pem -out Service -name "service"
此外,我还这样导出了x.509客户端证书:
Additionally I exported the x.509 Client certificate like this:
openssl x509 -outform der -in Clientcert.pem -out Clientcert.der
keytool -import -alias client -keystore Client -file Clientcert.der
我正在用作密钥库(服务)和信任库(客户端)的这两个文件
These two files I'm using as keystore (Service) and truststore (Client)
现在像这样在客户端上使用gSOAP示例代码:
Now using gSOAP sample code on the client side like this:
using namespace std;
int main()
{
struct soap* soap = soap_new();
soap->fsslverify = ssl_verify;
soap_register_plugin(soap, soap_wsse);
CountriesPortSoap11Proxy service("https://localhost:9443/ws");// = new CountriesPortSoap11Proxy("https://localhost:9443/ws");
_ns1__getCountryRequest* request = new _ns1__getCountryRequest;
_ns1__getCountryResponse response;
soap_ssl_init();
if (soap_ssl_client_context(soap,
SOAP_SSL_ALLOW_EXPIRED_CERTIFICATE, // requires server authentication
"Client.pem",// keyfile for client authentication to server
"password", // the keyfile password
"cacert.pem",// cafile CA certificates to authenticate the server
NULL,// capath CA directory path to certificates
NULL))
{
cout << "Zertifikat" << endl;
soap_print_fault(soap, stderr);
exit(1);
}
request->name = "Poland";
request->soap = soap;
if (soap_ssl_accept((struct soap*)soap))
cout << "ok" << endl;
else
cout << "fail" << endl;;
if(service.getCountry(request, response)==SOAP_OK)
cout << "ok" << endl;
else{
cout << "fail" << endl;
service.soap_stream_fault(std::cerr);
}
cout << response.country->currency << endl;
return 0;
}
然后我得到以下错误代码
Then I get the following error code
ok
fail
SOAP 1.1 fault SOAP-ENV:Server[no subcode]
"SSL_ERROR_SSL
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
unable to get local issuer certificate"
Detail: SSL_connect() error in tcp_connect()
segmentation fault (Speicherabzug geschrieben)
有人知道这是怎么回事吗?
Does someone know what is going wrong here?
推荐答案
我必须转换PEM文件才能在使用keytool的java webservice中使用它们.据我所知,该密钥工具仅了解PKCS12证书.另外,我还必须使用客户端证书,因为服务器在信任库中使用客户端x.509证书.
I had to convert the PEM files to use them in the java webservice which uses the keytool. This keytool only understands PKCS12 certificates as far as I know. Additionally I had to use the Client certificates, because the Server uses the Client x.509 certificate in a truststore.
这篇关于gSOAP客户端和Java Web服务之间通过HTTPS进行的通信的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!