与java中支持ssl的服务器通信
我对java中的SSLConnection有一个问题,我写了以下客户端代码(这个应用程序必须连接到服务器,我有支持ssl的服务器)但我收到了以下错误“javax.net.ssl.SSLException:连接已关闭:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效认证路径” 我如何解决我的问题与java中支持ssl的服务器通信,java,ssl,Java,Ssl,我对java中的SSLConnection有一个问题,我写了以下客户端代码(这个应用程序必须连接到服务器,我有支持ssl的服务器)但我收到了以下错误“javax.net.ssl.SSLException:连接已关闭:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderExce
public static void main(String[] args) {
BufferedReader in = new BufferedReader(
new InputStreamReader(System.in));
PrintStream out = System.out;
SSLSocketFactory f =
(SSLSocketFactory) SSLSocketFactory.getDefault();
try {
SSLSocket c =
(SSLSocket) f.createSocket("192.168.10.38", 7701);
printSocketInfo(c);
System.out.println("End printSocketInfo");
c.startHandshake();
System.out.println("HandShake oK");
BufferedWriter w = new BufferedWriter(
new OutputStreamWriter(c.getOutputStream()));
BufferedReader r = new BufferedReader(
new InputStreamReader(c.getInputStream()));
String m = null;
// String m=
while ((m=r.readLine())!= null) {
System.out.println("11111");
out.println(m);
m = in.readLine();
System.out.println("M is: "+ m);
w.write(m,0,m.length());
w.newLine();
w.flush();
}
w.close();
r.close();
c.close();
} catch (IOException e) {
System.err.println(e.toString());
}
}
private static void printSocketInfo(SSLSocket s) {
System.out.println("Socket class: "+s.getClass());
System.out.println(" Remote address = "
+s.getInetAddress().toString());
System.out.println(" Remote port = "+s.getPort());
System.out.println(" Local socket address = "
+s.getLocalSocketAddress().toString());
System.out.println(" Local address = "
+s.getLocalAddress().toString());
System.out.println(" Local port = "+s.getLocalPort());
System.out.println(" Need client authentication = "
+s.getNeedClientAuth());
SSLSession ss = s.getSession();
System.out.println(" Cipher suite = "+ss.getCipherSuite());
System.out.println(" Protocol = "+ss.getProtocol());
}
我有一个证书文件,如何使用这个证书
向您致意您必须将HTTPS证书放入JVM。要从HTTPS获取证书,请浏览浏览器,然后单击地址栏上的“锁定”徽标。您应该能够导出证书 Linux解决方案:在$JAVA_HOME/jre/lib/security中,使用以下命令:
sudo keytool -import -alias keyName -file /[pathForYourKey]/keyName.cert -keystore cacerts
“cacerts”的默认密码是changeit。是自签名证书吗 如果是,那么您有两个选择 第一种选择: 在全局Java证书信任存储中导入证书颁发机构证书。这家商店位于
%Java Installation%/jre/lib/security/cacerts
要导入它,可以使用java安装附带的Keytool命令
keytool -import -alias keyName -file yourcertificate.crt -keystore cacerts
优点:
- 不需要修改代码
- 易于部署
- cacert文件将在下一次java更新中被覆盖。你必须 再次输入证书
- 需要管理权限(在Linux和windows上)
第二种选择: 如果要绕过证书验证,请执行以下操作 否则 为您的程序创建新的信任存储
keytool -import -alias keyName -file yourcertificate.crt -keystore yourtruststore
SSLSocketFactory sslFactory = null;
InputStream trustStore = null;
KeyStore keyStore = null;
trustStore = new FileInputStream("<your trust store absolute path>");
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(trustStore, "<your trust store password>".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmf.getTrustManagers(), null);
sslFactory = ctx.getSocketFactory();
此命令将询问密码两次。输入您想要的任何密码,并为任何问题输入“是”
将在当前目录中创建名为“yourtruststore”的文件
现在,您需要在程序中使用此信任存储
keytool -import -alias keyName -file yourcertificate.crt -keystore yourtruststore
SSLSocketFactory sslFactory = null;
InputStream trustStore = null;
KeyStore keyStore = null;
trustStore = new FileInputStream("<your trust store absolute path>");
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(trustStore, "<your trust store password>".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmf.getTrustManagers(), null);
sslFactory = ctx.getSocketFactory();
SSLSocketFactory sslFactory=null;
InputStream trustStore=null;
密钥库KeyStore=null;
trustStore=新文件输入流(“”);
keyStore=keyStore.getInstance(keyStore.getDefaultType());
load(信任库“.toCharArray());
TrustManagerFactory tmf=TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(密钥库);
SSLContext ctx=SSLContext.getInstance(“TLS”);
init(null,tmf.getTrustManager(),null);
sslFactory=ctx.getSocketFactory();
您可以使用此套接字工厂打开新的套接字请详细解释,我有一台服务器,我想用IP/端口连接此服务器,我有证书文件,如何正确连接此服务器。您说过您的问题是PKIX异常。我的解决方案解决了你的问题。请解释你的新问题或提出新问题,并将此问题标记为已回答。关于套接字,我无法帮助您,因为我已经多年没有使用套接字了,我不记得了。我用您的命令添加了这个证书文件,但我有问题,yetIt没有给我任何信息。。。如果您需要帮助,请不要说“我有问题”,而是解释您的问题。我有“test.jks”文件名以确保安全,我可以导入此文件,我应该怎么做?谢谢,您可以直接使用test.jks作为“trustStore=newfileinputstream(“test.jks”);”