Java SSL安全Jboss 7.1软件导致连接中止:recv失败
在调用部署在JBoss7.1上的公开为REST服务的EJB后,我遇到了以下异常 我正在尝试实现SSL安全性,并使用我使用keytool创建的密钥库文件Java SSL安全Jboss 7.1软件导致连接中止:recv失败,java,ssl-certificate,keystore,Java,Ssl Certificate,Keystore,在调用部署在JBoss7.1上的公开为REST服务的EJB后,我遇到了以下异常 我正在尝试实现SSL安全性,并使用我使用keytool创建的密钥库文件 java.net.SocketException: Software caused connection abort: recv failed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInpu
java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1705)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:122)
下面是我检索SSLSocketFactory对象的代码
public static SSLSocketFactory getSSLSocketFactory(String keyStoreFileName, String password) throws Exception {
SSLSocketFactory sslFactory = null;
try {
KeyStore keyStore = getKeyStore(keyStoreFileName, password);
TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
factory.init(keyStore);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX");//PKIX or SunX509
keyManagerFactory.init(keyStore, password.toCharArray());
TrustManager[] trustmanagers = factory.getTrustManagers();
if (trustmanagers.length == 0) {
throw new NoSuchAlgorithmException("no trust manager found");
}
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(keyManagerFactory.getKeyManagers(), factory.getTrustManagers(), new SecureRandom());
sslFactory = ctx.getSocketFactory();
} catch(Exception e) {
System.out.println("Exception while trying to get the SSLSocketFactory");
System.out.println(e.getMessage());
}
return sslFactory;
}
下面是我创建连接并执行POST请求的代码
public LoggedUserData login(String keyStoreFileName, String password) throws Exception {
LoggedUserData loggedUserData = new LoggedUserData();
HttpsURLConnection connection = openConnection(LOGIN_URL);
connection.addRequestProperty(USERNAME_AND_PASSWORD, getHeader(USERNAME, PASSWORD));
connection.setRequestMethod("POST");
connection.setDoOutput(true);
if(keyStoreFileName != null) {
SSLSocketFactory sslSocket = Util.getSSLSocketFactory(keyStoreFileName, password);
if(sslSocket != null) {
connection.setSSLSocketFactory(sslSocket);
}
}
OutputStream outputStream = connection.getOutputStream();
DataOutputStream wr = new DataOutputStream(outputStream);
wr.flush();
wr.close();
//other code below
return loggedUserData;
}
下面是我的standalone.xml文件
调用connection.getOutputStream()时引发异常
我尝试过使用“PKIX”或“SunX509”更改KeyManagerFactory的创建方式,或者只是在SSLContext init方法上将null设置为参数,但没有任何效果
我必须用java代码调用服务
当我尝试从浏览器(firefox)执行请求时,在接受证书后会出现以下错误:
连接到localhost:8443时出错。SSL对等方无法验证您的证书。(错误代码:ssl\u错误\u证书错误\u警报)
所以一切都应该很好。我显然在代码中犯了一个错误,但我真的不知道是什么
PS:非常奇怪的是,我试图用Junit测试4个方法,偶尔一个随机测试“有效”。我得到以下例外情况:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1091)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.tutorial.resteasy.jboss.web.client.webservice.LibrarianService.performConnectioToServer(LibrarianService.java:231)
at com.tutorial.resteasy.jboss.web.client.webservice.LibrarianService.logout(LibrarianService.java:92)
at com.tutorial.resteasy.jboss.web.client.webservice.tester.TestLibrarianService.performTestsInOrder(TestLibrarianService.java:41)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:45)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:42)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:263)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:68)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:47)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:231)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:60)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:229)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:50)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:222)
at org.junit.runners.ParentRunner.run(ParentRunner.java:300)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:675)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)
Received fatal alert: bad_certificate
收到致命警报:证书不正确
这使我相信这是某种配置问题(超时或其他问题)服务器需要在其信任库中设置客户端证书。你已经这么做了吗?如果这是一个基本的错误,我很抱歉。我现在正在学习如何使jboss安全,有很多事情需要考虑。我不知道怎么做。我在服务器端做的唯一一件事是在standalone.xml文件中(对*.keystore文件的引用)。