Java 如何使用Smack XMPP库创建SSL连接?
我正在构建一个充当XMPP客户机的小程序,我正在使用这个库。现在,我连接的服务器需要SSL(在Pidgin中,我必须检查“Force old(port 5223)SSL”)。我无法让Smack连接到此服务器。可能吗?是的,很容易实现。看看这个类,特别是setSecurityMode方法,它接受ConnectionConfiguration.SecurityMode枚举作为参数。将此设置为“必需”将强制Smack使用TLS 从Javadoc: 通过TLS加密的安全性是 连接时需要。如果 服务器不提供TLS,或者 TLS协商失败,连接失败 到服务器的连接将失败Java 如何使用Smack XMPP库创建SSL连接?,java,ssl,xmpp,Java,Ssl,Xmpp,我正在构建一个充当XMPP客户机的小程序,我正在使用这个库。现在,我连接的服务器需要SSL(在Pidgin中,我必须检查“Force old(port 5223)SSL”)。我无法让Smack连接到此服务器。可能吗?是的,很容易实现。看看这个类,特别是setSecurityMode方法,它接受ConnectionConfiguration.SecurityMode枚举作为参数。将此设置为“必需”将强制Smack使用TLS 从Javadoc: 通过TLS加密的安全性是 连接时需要。如果 服务器不提
看看这条线 基本上,您需要在代码中添加以下两行:
connConfig.setSecurityMode(ConnectionConfiguration.SecurityMode.enabled);
connConfig.setSocketFactory(new DummySSLSocketFactory());
其中connConfig是您的ConnectionConfiguration对象。从Spark源代码存储库获取DummySlslSocketFactory。它所做的只是接受几乎任何证书。这似乎对我有用。祝你好运 您可以通过以下方式实现这一点: 将CA证书存储在密钥库中 要将证书存储在密钥库中,请执行以下步骤 步骤1:下载bouncycastle JAR文件。可以从以下网站下载:Bouncy Castle JAVA发行版 步骤2:使用以下命令将证书存储在密钥库中
keytool-importcert-v-trustcacerts-file”“-alias”“-keystore”“-provider org.bouncycastle.jce.provider.BouncyCastleProvider-providerpath”“-storetype BKS-storepass”
keytool-importcert-v-list-keystore”“-provider org.bouncycastle.jce.provider.BouncyCastleProvider-providerpath”“-storetype BKS-storepass”
公共连接配置getConfigForXMPPCon(上下文){
ConnectionConfiguration config=新的ConnectionConfiguration(urlstants.XMPP_主机,urlstants.XMPP_端口);
config.setaslauthenticationenabled(false);
config.setSecurityMode(ConnectionConfiguration.SecurityMode.enabled);
config.setCompressionEnabled(false);
SSLContext SSLContext=null;
试一试{
sslContext=createSSLContext(上下文);
}捕获(KeyStoreException e){
e、 printStackTrace();
}捕获(无算法异常){
e、 printStackTrace();
}捕获(密钥管理异常e){
e、 printStackTrace();
}捕获(IOE异常){
e、 printStackTrace();
}捕获(证书例外e){
e、 printStackTrace();
}
config.setCustomSSLContext(sslContext);
config.setSocketFactory(sslContext.getSocketFactory());
返回配置;
}
私有SSLContext CreateSLContext(上下文上下文上下文)抛出KeyStoreException,
NoSuchAlgorithmException、KeyManagementException、IOException、CertificateException{
密钥库信任库;
InputStream in=null;
trustStore=KeyStore.getInstance(“BKS”);
if(StringConstants.DEV_SERVER_IP.equals(urlstants.XMPP_HOST)| StringConstants.TEST_SERVER_IP.equals(urlstants.XMPP_HOST))
in=context.getResources().openRawResource(R.raw.ssl_keystore_dev_test);
else if(StringConstants.STAGE_服务器_IP.equals(urlstants.XMPP_主机)| StringConstants.STAGE2_服务器_IP.equals(urlstants.XMPP_主机))
in=context.getResources().openRawResource(R.raw.ssl_keystore_stage);
else if(StringConstants.PROD_SERVER_IP.equals(urlstants.XMPP_HOST)| StringConstants.PROD1_SERVER_IP.equals(urlstants.XMPP_HOST))
in=context.getResources().openRawResource(R.raw.ssl_keystore_prod);
加载(在“.toCharArray()中);
TrustManagerFactory TrustManagerFactory=TrustManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
init(信任库);
SSLContext SSLContext=SSLContext.getInstance(“TLS”);
sslContext.init(null,trustManagerFactory.getTrustManagers(),
新的SecureRandom());
返回sslContext;
}
在我位于的博客中,所有这些都遵循相同的原则。这个dummyslssocketfactory允许任何证书过期,即使它已过期或未被根CA签署。因此,我建议采用获取CA证书并将其存储在密钥库中,然后将其添加到应用程序中并使用相同的方法。请参阅我的答案以了解更多详细信息。IOException:未实现的未连接套接字smack 4.2.3什么是
上下文R上下文thisRkeytool -importcert -v -trustcacerts -file "<certificate_file_with_path>" -alias "<some_name_for_certificate>" -keystore "<file_name_for_the_output_keystore>" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "<bouncy_castle_jar_file_with_path>" -storetype BKS -storepass "<password_for_the_keystore>"
keytool -importcert -v -list -keystore "<file_name_for_the_keystore_with_path>" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "<bouncy_castle_jar_file_with_path>" -storetype BKS -storepass "<password_for_the_keystore>"
public ConnectionConfiguration getConfigForXMPPCon(Context context) {
ConnectionConfiguration config = new ConnectionConfiguration(URLConstants.XMPP_HOST, URLConstants.XMPP_PORT);
config.setSASLAuthenticationEnabled(false);
config.setSecurityMode(ConnectionConfiguration.SecurityMode.enabled);
config.setCompressionEnabled(false);
SSLContext sslContext = null;
try {
sslContext = createSSLContext(context);
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
}
config.setCustomSSLContext(sslContext);
config.setSocketFactory(sslContext.getSocketFactory());
return config;
}
private SSLContext createSSLContext(Context context) throws KeyStoreException,
NoSuchAlgorithmException, KeyManagementException, IOException, CertificateException {
KeyStore trustStore;
InputStream in = null;
trustStore = KeyStore.getInstance("BKS");
if (StringConstants.DEV_SERVER_IP.equals(URLConstants.XMPP_HOST) || StringConstants.TEST_SERVER_IP.equals(URLConstants.XMPP_HOST))
in = context.getResources().openRawResource(R.raw.ssl_keystore_dev_test);
else if(StringConstants.STAGE_SERVER_IP.equals(URLConstants.XMPP_HOST) || StringConstants.STAGE2_SERVER_IP.equals(URLConstants.XMPP_HOST))
in = context.getResources().openRawResource(R.raw.ssl_keystore_stage);
else if(StringConstants.PROD_SERVER_IP.equals(URLConstants.XMPP_HOST) || StringConstants.PROD1_SERVER_IP.equals(URLConstants.XMPP_HOST))
in = context.getResources().openRawResource(R.raw.ssl_keystore_prod);
trustStore.load(in, "<keystore_password>".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagerFactory.getTrustManagers(),
new SecureRandom());
return sslContext;
}