java.lang.SecurityException：Jar (/opt/WebSphere/AppServer7/plugins/com.ibm.ws.security.crypto.jar) 未由受信任的签名者签名

Question

当应用程序在 WebSphere 7 上运行时，我收到 Jar 未由受信任的签名者签名的问题。
但是，当我使用 jdk1.6.0_45 在 Tomcat 7 上本地运行它时，我没有收到错误。

我添加了Security.insertProviderAt(new BouncyCastleProvider(), 1); 以便使用BouncyCastles 的提供程序而不是默认提供程序。这使我们能够访问强制 TLSv1.0 作为 SSL 协议的 Web 服务。

怀疑原因

static {
    Security.insertProviderAt(new BouncyCastleProvider(), 1);
}

发生错误的类

@WebServiceClient(name = "Outbound_Service", targetNamespace = WS_NAMESPACE)
public class SmsOutBoundClientWSImpl extends Service implements SmsOutBoundClient {

    private static final int CONNECT_TIMEOUT = 10000;
    private static final int REQUEST_TIMEOUT = 30000;

    private static final QName serviceName = new QName(WS_NAMESPACE, "Outbound_Service");

    private static final Logger logger = Logger.getLogger(SmsOutBoundClientWSImpl.class); 

    private URL smsUrl;
    private EnterpriseTextMessagingOutboundPortType mService;

    private String applicationID;
    private String refNumber;
    private String source;
    private String deliveryReceiptRegisteredInd;

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
    }

    public SmsOutBoundClientWSImpl(URL wsdlUrl){
        super(wsdlUrl, serviceName); <<<<<<<<<<<<< ERROR Happens at this line
        this.smsUrl=wsdlUrl;
        this.mService = this.getEmsSoapHttpPort();
        setRequestContextProperties();
    }

    public SmsOutBoundClientWSImpl(URL wsdlUrl, WebServiceFeature... features) {
        super(wsdlUrl, serviceName);
        this.smsUrl=wsdlUrl;
        this.mService = this.getEmsSoapHttpPort(features);
        setRequestContextProperties();
    }
***** Etc. *****
}

堆栈跟踪：

Caused by: java.lang.SecurityException: The Jar (/opt/WebSphere/AppServer7/plugins/com.ibm.ws.security.crypto.jar) is not signed by a trusted signer
    at javax.net.ssl.SSLJsseUtil.a(SSLJsseUtil.java:93)
    at javax.net.ssl.SSLJsseUtil.b(SSLJsseUtil.java:90)
    at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:6)
    at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:16)
    at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:19)
    at com.ibm.net.ssl.www2.protocol.https.b.<init>(b.java:83)
    at com.ibm.net.ssl.www2.protocol.https.Handler.openConnection(Handler.java:11)
    at com.ibm.net.ssl.www2.protocol.https.Handler.openConnection(Handler.java:6)
    at java.net.URL.openConnection(URL.java:957)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper$3.run(WSDL4JWrapper.java:319)
    at org.apache.axis2.java.security.AccessController.doPrivileged(AccessController.java:132)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.openConnection(WSDL4JWrapper.java:317)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.getURLConnection(WSDL4JWrapper.java:296)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.access$000(WSDL4JWrapper.java:77)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper$2.run(WSDL4JWrapper.java:306)
    at org.apache.axis2.java.security.AccessController.doPrivileged(AccessController.java:132)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.getPrivilegedURLConnection(WSDL4JWrapper.java:304)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.commonPartsURLConstructor(WSDL4JWrapper.java:184)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.<init>(WSDL4JWrapper.java:156)
    at org.apache.axis2.jaxws.description.impl.ServiceDescriptionImpl.setupWsdlDefinition(ServiceDescriptionImpl.java:1191)
    at org.apache.axis2.jaxws.description.impl.ServiceDescriptionImpl.<init>(ServiceDescriptionImpl.java:245)
    at org.apache.axis2.jaxws.description.impl.ServiceDescriptionImpl.<init>(ServiceDescriptionImpl.java:168)
    at org.apache.axis2.jaxws.description.impl.DescriptionFactoryImpl.createServiceDescription(DescriptionFactoryImpl.java:142)
    at org.apache.axis2.jaxws.description.impl.DescriptionFactoryImpl.createServiceDescription(DescriptionFactoryImpl.java:79)
    at org.apache.axis2.jaxws.description.DescriptionFactory.createServiceDescription(DescriptionFactory.java:76)
    at org.apache.axis2.jaxws.spi.ServiceDelegate.<init>(ServiceDelegate.java:212)
    at org.apache.axis2.jaxws.spi.Provider.createServiceDelegate(Provider.java:71)
    at javax.xml.ws.Service.<init>(Service.java:67)
    at gov.xxxx.pts.api.sms.outbound.SmsOutBoundClientWSImpl.<init>(SmsOutBoundClientWSImpl.java:57)
    at gov.xxxx.pts.api.sms.ws.SmsService.getSmsOutBoundClient(SmsService.java:762)
    at gov.xxxx.pts.api.sms.ws.SmsService.createSmsOutboundProcessor(SmsService.java:672)
    at gov.xxxx.pts.api.sms.ws.SmsService.processTrackEventsAndSaveNotificationRequest(SmsService.java:495)
    at gov.xxxx.pts.api.sms.ws.SmsService.processTrackRequest(SmsService.java:474)
    at gov.xxxx.pts.api.sms.ws.SmsService.nonMobileProviderRequest(SmsService.java:196)
    at gov.xxxx.pts.api.sms.ws.NonMobileProviderRequestWs.nonMobileProviderRequest(NonMobileProviderRequestWs.java:34)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:151)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:171)
    at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:104)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:367)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:349)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:106)
    at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:259)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
    at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:318)
    at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:236)
    at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:983)
    at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:361)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:372)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:335)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:218)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1694)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1635)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:149)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125)
    at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125)
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:80)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:965)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:508)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:181)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3994)
    at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:945)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1592)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:191)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:516)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:307)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:84)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    ... 1 more

全栈跟踪：
完整的堆栈跟踪对于堆栈溢出来说太大了。
http://pastebin.com/qkvsqR5z

Answer 1

您应该能够使用开箱即用的 WebSphere 配置 TLS，而无需使用 Bouncy Castle。目前尚不清楚 Bouncy Castle 对 WebSphere 有什么影响。从管理控制台：

1. 转到 SSL 证书和密钥管理 > SSL 配置
2. 选择 SSL 配置，可能需要为每个配置一次
3. 转到保护质量 (QoP)
4. 在标有“协议”的框中，选择 TLS。

也可以使用开箱即用的 WebSphere，您可以尝试 <WAS_HOME>/java/bin/jarSigner -verify <WAS_HOME>/plugins/com.ibm.ws.security.crypto.jar。如果没有验证，说明安装有问题。

Answer 2

这里您使用的是jdk v1.6.** 和Tomcat V_7，但您尝试添加到lib 的任何jar 都有可能编译为jdk v1.7 或上层 版本.

所以，这个问题只是因为这个reason。您可以下载在java V_6.** 中编译的jar 或更新您的Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files。这两个都可以解决你的问题。

Java jce7 Link to download

The jurisdiction policy files are not signed by a trusted signer 也可以找到您的解决方案。